Report - wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6

Report Overview

Visited public
2025-06-19 07:05:48
Tags
Submit Tags
URL
wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Finishing URL
www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
IP / ASN
104.21.38.160
#13335 CLOUDFLARENET
Title
askandfind.net | Save Money Everyday By Comparing The Best Personal Finance Deals

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
img.buzzfeed.com	15252	2002-08-07	2016-02-12	2025-06-19	5.0 kB	1.1 MB	151.101.194.114
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-06-18	939 B	128 kB	142.250.74.10
www.askandfind.net	unknown	2024-09-17	2025-05-26	2025-06-12	5.8 kB	385 kB	172.104.228.214
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-06-18	438 B	275 kB	142.250.74.136
www.google.com	7	1997-09-15	2015-05-10	2025-06-18	427 B	142 kB	142.250.178.36
wellnesspathways.info	unknown	2025-02-18	2025-05-15	2025-06-16	12 kB	305 kB	188.114.96.1
askandfind.net	unknown	2024-09-17	2025-05-26	2025-06-12	797 B	8.3 kB	172.104.228.214
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-18	1.1 kB	98 kB	142.250.74.35
fundingchoicesmessages.google.com	2397	1997-09-15	2019-01-16	2025-06-13	2.7 kB	675 kB	142.250.178.46

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed
2025-06-19	medium	wellnesspathways.info	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	From	Size	First Seen	Last Seen
	wellnesspathways.info/_astro/preact.module.NIwkvMQy.js	ImportedModule	10 kB	2025-02-11	2025-07-09
Pretty URL wellnesspathways.info/_astro/preact.module.NIwkvMQy.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2025-02-11 20:09 Last Seen2025-07-09 05:38 Times Seen1781 Hash 1bff1ff4eaa6a0ec7980b854644752ef f095330ae2791590bdf40df8c0dde616bb92f32e 6bf0886b208c9b4c92e8fc05b8ce440b344696bece86d3d70941e8b43c68ff5f Loading...

	www.askandfind.net/build/0.05442ab8.js	ScriptElement	12 kB	2024-08-10	2025-07-09
Pretty URL www.askandfind.net/build/0.05442ab8.js IP 172.104.228.214 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-10 14:08 Last Seen2025-07-09 05:38 Times Seen1392 Hash 632f8571a82dd91cc153f302b311ce01 7099df86722f5af56e7b8c8e2fcc35298af0ba31 526d4dd41fc131733120a288acfeeb318a34dd891c16b91109fc45e700b18d70 Loading...

	wellnesspathways.info/_astro/client.BF5YdGWT.js	ScriptElement	2.1 kB	2025-02-11	2025-06-23
Pretty URL wellnesspathways.info/_astro/client.BF5YdGWT.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-11 20:09 Last Seen2025-06-23 12:42 Times Seen1398 Hash 0483ce89f3842d2b7a32e21e70170970 fe9a0e241794dfdd59feb7d0197ab2894c70f87b 2f374147566314e1fe1211f2a04af60c638cd5f972842ab7069dc04026c04d6b Loading...

	wellnesspathways.info/_astro/Redirect.B9fVa80F.js	ScriptElement	407 B	2025-04-05	2025-06-23
Pretty URL wellnesspathways.info/_astro/Redirect.B9fVa80F.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-05 09:03 Last Seen2025-06-23 12:42 Times Seen1340 Hash 1cbc8a60aea61d84167917e7dac50a2a 84addc35c6051a9459ce0839e77ee3323c506f22 56a6a809faed5c1229b1d582c7e4ae5c741419b8f492993389518dce3cc57d8e Loading...

	wellnesspathways.info/_astro/useCurrentUrl.DHfNBjYr.js	ImportedModule	439 B	2025-02-11	2025-06-23
Pretty URL wellnesspathways.info/_astro/useCurrentUrl.DHfNBjYr.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2025-02-11 20:09 Last Seen2025-06-23 12:41 Times Seen599 Hash 721ac65bf71a68d2fe1d0fa7a5427725 0c73d2aefa5305f971f8b27a9a6fc2757149e561 90ada2eb3948b2cac7a273b2c3e84c9cf73de1c44853136b88fbb7f88cf4a10d Loading...

	www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6	ScriptElement	1.6 kB	2025-06-19	2025-06-19
Pretty URL www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 IP 172.104.228.214 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-19 07:05 Last Seen2025-06-19 07:05 Times Seen1 Hash b48a21ad764d0b387174d8a2aed38c1a e1d75128efc8d4c885489f69419d6491e0d65a03 7cf9759bd8c19e249dd6c9ed7c1d280d5e8eeb1b74716499235dfe05475e26d2 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TLS64SH8	ScriptElement	274 kB	2025-06-19	2025-06-19
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TLS64SH8 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-19 07:05 Last Seen2025-06-19 07:05 Times Seen1 Hash 0906ec86d61d3bf33379d58485ce5bc6 b1a4ca0848b67c436fa35a9087133cb687717eca 39af231800983c6b450a860acbb7a4280cb07b0b838f33069717d353c70dd9ab Loading...

	www.askandfind.net/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Qq5dkXTscCY.es5.O/d=1/rs=AJlcJMzMB9p2KW1vlvPtHxThcm4RgcwRPw/m=kernel_loader,loader_js_executable	ScriptElement	208 kB	2025-06-19	2025-06-19
Pretty URL www.askandfind.net/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Qq5dkXTscCY.es5.O/d=1/rs=AJlcJMzMB9p2KW1vlvPtHxThcm4RgcwRPw/m=kernel_loader,loader_js_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-19 07:05 Last Seen2025-06-19 07:05 Times Seen1 Hash b5b01cde7167e6525a33c812e9f67836 8718aa1a52725ca3e3007942b532e957c1d30815 c66c77286170c1c6cf37ddd7a4430a62af244c2e027cb8b921b94d7247492416 Loading...

	wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6	ScriptElement	3.6 kB	2024-10-28	2025-07-09
Pretty URL wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-28 11:36 Last Seen2025-07-09 05:38 Times Seen2206 Hash 44646c74c0f3cc6057b374b25f9174c4 23030f0c8e03e8415d14ae3cf5140fe73afc3b82 58dd21a9e9358c46ae8658565555de40f6b9043ddfd2bb0c766c1266dc350b2b Loading...

	wellnesspathways.info/_astro/Favicon.CenzvOau.js	ScriptElement	284 B	2025-02-11	2025-06-23
Pretty URL wellnesspathways.info/_astro/Favicon.CenzvOau.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-11 20:09 Last Seen2025-06-23 12:42 Times Seen1396 Hash 6cbb70987ce78d7066caf302a370d244 e3c0c44118ab9e8758d19566367bf636053b7d29 71b25793226e26446e9316b1de141596a33b5c9809cbe7a3ab5f8558420f1ed1 Loading...

	wellnesspathways.info/_astro/jsxRuntime.module.rIB0llmI.js	ImportedModule	431 B	2025-02-11	2025-07-09
Pretty URL wellnesspathways.info/_astro/jsxRuntime.module.rIB0llmI.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2025-02-11 20:09 Last Seen2025-07-09 05:38 Times Seen1440 Hash e94794479beecd36a2045dcb956b255e 8a8a014ecaf73a18ecc16bf4a20d0a4b7484be27 462d69c43ef7c5e4e9f8d78254c1021eebe67589694f613c2f2cfe6d7f3bce3a Loading...

	wellnesspathways.info/_astro/index.D3zmXBWs.js	ImportedModule	1.1 kB	2025-04-17	2025-06-23
Pretty URL wellnesspathways.info/_astro/index.D3zmXBWs.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2025-04-17 15:46 Last Seen2025-06-23 03:04 Times Seen78 Hash cc0054048e67849c6ec2dbd7a81fa8af fefc3f651718362fb50741976e83d9c10603153d 822672203470d86cff027c7480325cbe4dad61d6849f7ba4eb394bd3be38cc8e Loading...

	wellnesspathways.info/_astro/HomePageHealthAndFitness.5JwotI44.js	ScriptElement	932 B	2025-04-17	2025-06-23
Pretty URL wellnesspathways.info/_astro/HomePageHealthAndFitness.5JwotI44.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-17 15:46 Last Seen2025-06-23 03:04 Times Seen79 Hash 9da401f2291c87d35c2338a6b24ce9fc 662b210205a94adeb865b2b84e67ea01c2a18fde a6509076f98f6f4441545921efc94095a1295e4af778f1aca3e7a316d229a139 Loading...

	www.askandfind.net/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Qq5dkXTscCY.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzMB9p2KW1vlvPtHxThcm4RgcwRPw/m=web_iab_tcf_v2_wall_executable	ScriptElement	459 kB	2025-06-19	2025-06-19
Pretty URL www.askandfind.net/_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.Qq5dkXTscCY.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzMB9p2KW1vlvPtHxThcm4RgcwRPw/m=web_iab_tcf_v2_wall_executable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-19 07:05 Last Seen2025-06-19 07:05 Times Seen1 Hash 406f1702c81544a1d29e997691e456e6 90a5e8445ef913809d24f059ece03028d4b95e80 5b579a61437af217810239433a7e664d35f6b0c956196507ee073bc911478a33 Loading...

	wellnesspathways.info/_astro/hooks.module.C9WLiBQm.js	ImportedModule	2.6 kB	2025-02-11	2025-06-23
Pretty URL wellnesspathways.info/_astro/hooks.module.C9WLiBQm.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2025-02-11 20:09 Last Seen2025-06-23 12:42 Times Seen1396 Hash 26c2a13c0f56377d024c49f4499db3a1 f08491a18d64f9fac94421abda014285e09c37ab 8a5101bc927602711d5677ad1d1406ee4824c468f3e6ff085978e45cfb8619cb Loading...

	wellnesspathways.info/_astro/Adpeek.Cxx81-RQ.js	ScriptElement	558 B	2025-06-13	2025-06-23
Pretty URL wellnesspathways.info/_astro/Adpeek.Cxx81-RQ.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-13 13:41 Last Seen2025-06-23 12:42 Times Seen230 Hash 1b3861a7fd52661229f663ea324e57fd 0cbb5d0bf41c8a1d890f40acd140859e59e65375 5b3fb0324f66c479de4b6d8878ae42a4c29b16985041e70d17e172e88afa275b Loading...

	wellnesspathways.info/_astro/FeaturesProvider.B0FgMFmZ.js	ScriptElement	966 B	2025-05-19	2025-06-23
Pretty URL wellnesspathways.info/_astro/FeaturesProvider.B0FgMFmZ.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-19 11:05 Last Seen2025-06-23 12:42 Times Seen1027 Hash 98671c80ba3406a9d92efb26df42c94b 99f4307ea4934da2cfbdaf70d3d2ccb83e701227 4f16e5089faf012a4de418f4c7c1b304de169dd27d9d0525f6aba8ff6aea0291 Loading...

	www.askandfind.net/build/askandfind_net.ec9d0c54.js	ScriptElement	7.6 kB	2025-06-01	2025-07-09
Pretty URL www.askandfind.net/build/askandfind_net.ec9d0c54.js IP 172.104.228.214 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-01 10:04 Last Seen2025-07-09 05:38 Times Seen426 Hash 5efff39cf29adc28e0702fba777f5b0c b210aa9d79bede8d1d2d844307a86ad0ea73b17b 789879c54811a95be24348c393fd11b331030e0667c7220884e92feba69bd304 Loading...

	www.askandfind.net/build/1.5e8c8fce.js	ScriptElement	18 kB	2025-06-01	2025-07-09
Pretty URL www.askandfind.net/build/1.5e8c8fce.js IP 172.104.228.214 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-01 10:04 Last Seen2025-07-09 05:38 Times Seen430 Hash 76aeb8467bab31ea4cd619c4e0f2b3e3 2a35e744dab2700e79a7e44bec6b1547e1d1fd97 c0ea7ac593efcad3130335955ff5d738f291336f11d1ebdfd7e23bdce29a4f66 Loading...

	www.google.com/adsense/search/ads.js	ScriptElement	141 kB	2025-06-12	2025-06-20
Pretty URL www.google.com/adsense/search/ads.js IP 142.250.178.36 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-12 01:53 Last Seen2025-06-20 10:05 Times Seen60 Hash 4d5c27f90ab67b4b5c39eb8b30c9b02d 9b6cc503b42eee55492c3422eef150498cb45fa4 a25a97fc4b239b9471492cb61183a64d427ce5be1b3a8b80be913540a7e426f6 Loading...

	www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6	ScriptElement	429 B	2023-03-07	2025-07-09
Pretty URL www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 IP 172.104.228.214 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:02 Last Seen2025-07-09 09:36 Times Seen4148 Hash eafaa0be830db11da3770638100b686f db325dc427493ed0c2988ef229573b7093425466 96adbda6f380d09bfd780e4143e165a48037b43421d3964980a4343aedc644ab Loading...

	www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6	ScriptElement	502 B	2025-05-22	2025-07-09
Pretty URL www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 IP 172.104.228.214 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-22 07:50 Last Seen2025-07-09 05:38 Times Seen485 Hash 05abf2f8b6f831580e59cd617d18007d 5b27dc3140c4a020a69e466a0fe0e4d41d987a4c 99a76d56263ec8ee5219acf7784dcdea2803a0ce293ab4a1d165d1fb1f9395f9 Loading...

	www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6	ScriptElement	484 B	2025-06-19	2025-06-19
Pretty URL www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 IP 172.104.228.214 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-19 07:05 Last Seen2025-06-19 07:05 Times Seen1 Hash c0671d29bb800ae165d69f0ab7358514 3b08b081297fa882d3e7650844158abeb470183c 524ccaf864bc1e9aad58c94aa7a09bf2706a6bf0658dcb4a65927d60955b9909 Loading...

HTTP Transactions (44)

URL IP Response Size

GET www.askandfind.net/build/fonts/Poppins-Regular.2fcf7e1d.ttf

172.104.228.214

200 OK

144 kB

URL GET
www.askandfind.net/build/fonts/Poppins-Regular.2fcf7e1d.ttf
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
TrueType Font data, 14 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2014-2017 Indian Type Foundry (info@indiantypefoundry.com)PoppinsRegular3.010;ITFO;Pop
Size
144 kB (144064 bytes)
Hash
dd1aed50244d7243b9209dc901c8d1af
f68164ec79406cc58c4f89c1368a6c6aeacc6bcb
4b0ed4599fb4dee023733459056a4fbca0ba6ad4b6046abc9b6b4079142595ab

HTTP Headers

GET /build/fonts/Poppins-Regular.2fcf7e1d.ttf HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.askandfind.net/build/askandfind_net.8ca05d14.css
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jun 2025 07:05:17 GMT
content-type: application/octet-stream
content-length: 144064
last-modified: Mon, 16 Jun 2025 11:38:08 GMT
etag: "68500220-232c0"
expires: Thu, 26 Jun 2025 07:05:17 GMT
cache-control: max-age=604800
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtm.js?id=GTM-TLS64SH8

142.250.74.136

200 OK

274 kB

URL GET
www.googletagmanager.com/gtm.js?id=GTM-TLS64SH8
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint93:AC:F6:E3:CB:D8:8F:95:04:0C:A1:34:97:CB:ED:C4:F9:99:EB:12
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type
JavaScript source, ASCII text, with very long lines (2837)
Size
274 kB (273814 bytes)
Hash
0906ec86d61d3bf33379d58485ce5bc6
b1a4ca0848b67c436fa35a9087133cb687717eca
39af231800983c6b450a860acbb7a4280cb07b0b838f33069717d353c70dd9ab

HTTP Headers

GET /gtm.js?id=GTM-TLS64SH8 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 19 Jun 2025 07:05:17 GMT
expires: Thu, 19 Jun 2025 07:05:17 GMT
cache-control: private, max-age=900
last-modified: Thu, 19 Jun 2025 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 95286
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.askandfind.net/build/images/logo-white.67a82959.svg

172.104.228.214

200 OK

6.0 kB

URL GET
www.askandfind.net/build/images/logo-white.67a82959.svg
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
SVG Scalable Vector Graphics image
Size
6.0 kB (6032 bytes)
Hash
7b970474cd2cc275ed9d9b8d62c6bbb0
f609cf07e970b09303105bcb0957af084f45dece
795a437ee3943a1f7d2b982d9371ba9a39b9219b406563d356405262593ce0d2

HTTP Headers

GET /build/images/logo-white.67a82959.svg HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.askandfind.net/build/askandfind_net.8ca05d14.css
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jun 2025 07:05:17 GMT
content-type: image/svg+xml
last-modified: Mon, 16 Jun 2025 11:38:08 GMT
vary: Accept-Encoding
etag: W/"68500220-1790"
expires: Thu, 26 Jun 2025 07:05:17 GMT
cache-control: max-age=604800
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.google.com/adsense/search/ads.js

142.250.178.36

200 OK

141 kB

URL GET
www.google.com/adsense/search/ads.js
IP
142.250.178.36:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint5F:D0:77:0B:35:28:63:FA:F1:E5:B7:91:23:84:B9:89:D3:5B:66:F3
ValidityMon, 19 May 2025 08:43:37 GMT - Mon, 11 Aug 2025 08:43:36 GMT

File type
JavaScript source, ASCII text, with very long lines (1839)
Size
141 kB (140995 bytes)
Hash
4d5c27f90ab67b4b5c39eb8b30c9b02d
9b6cc503b42eee55492c3422eef150498cb45fa4
a25a97fc4b239b9471492cb61183a64d427ce5be1b3a8b80be913540a7e426f6

HTTP Headers

GET /adsense/search/ads.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Thu, 19 Jun 2025 07:05:17 GMT
expires: Thu, 19 Jun 2025 07:05:17 GMT
cache-control: private, max-age=3600
etag: "5602673194685787447"
x-content-type-options: nosniff
link: <https://syndicatedsearch.goog>; rel="preconnect"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET wellnesspathways.info/img/46/logo.png

188.114.96.1

200 OK

104 kB

URL GET
wellnesspathways.info/img/46/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Size
104 kB (103743 bytes)
Hash
e3e21386a56db1591a93f008fbcdcc84
044ec8500fb726e416b8ca429b1404064fe6aa0d
19cfdc835eb0802e5256ce6e829822fcbb9a628b06636c598feaa2717bd32fb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/46/logo.png HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:15 GMT
content-type: image/png
content-length: 103743
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:23 GMT
vary: Accept-Encoding
etag: "6852eb43-1953f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
accept-ranges: bytes
age: 3375
cache-control: max-age=1800
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cX1JYgS2ixmSljkCLpqvdX0FUgNETQBXefymNsVTbOhnwcCnKlzrshcYijQcFjrLPHI4vTJ6nuUfNDmJeg1z7kRIbkcClOQhkM%2FojdtUdTrMbVA%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d507f25b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wellnesspathways.info/_astro/preact.module.NIwkvMQy.js

188.114.96.1

200 OK

10 kB

URL GET
wellnesspathways.info/_astro/preact.module.NIwkvMQy.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
JavaScript source, ASCII text, with very long lines (10404)
Size
10 kB (10405 bytes)
Hash
1bff1ff4eaa6a0ec7980b854644752ef
f095330ae2791590bdf40df8c0dde616bb92f32e
6bf0886b208c9b4c92e8fc05b8ce440b344696bece86d3d70941e8b43c68ff5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/preact.module.NIwkvMQy.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/_astro/Favicon.CenzvOau.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-28a5"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=OcFcbz1bs0L%2BzvP42TzhxpCUxlHxhnWlrBHrwlg3oBpqCXgIxo67Y6%2FpZzPVESGgY2Qcm3QFAGtpslhE1ta0UsArugGDLZ8eF3XyRcm%2FcWj29Jg%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d550c59b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST wellnesspathways.info/sync-metrics

188.114.96.1

200 OK

17 B

URL POST
wellnesspathways.info/sync-metrics
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
JSON text data
Size
17 B (17 bytes)
Hash
5b64e8b89092b2e3dfd448b10700627f
484b3032619fa1acd135d114565b0a5166281c22
f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sync-metrics HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 81
Origin: https://wellnesspathways.info
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/json; charset=utf-8
content-length: 17
server: cloudflare
x-trace-id: 2366d18cb508733ebe7640fdd44d5ea2
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://wellnesspathways.info
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pYsoBRTof6bLRSveMTPxwd26E61HUeyH0rBXxpSWXDUx7qDB%2BdG8aAhNyunEux3yO5hxGI%2Fe3AWwFnkuceIMT0hUXenPNI3Q4QgK8RHrqvwBowQ%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d561d42b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.askandfind.net/build/askandfind_net.8ca05d14.css

172.104.228.214

200 OK

178 kB

URL GET
www.askandfind.net/build/askandfind_net.8ca05d14.css
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
ASCII text, with very long lines (64002)
Size
178 kB (178495 bytes)
Hash
6990f0da6c15f5bd7feda10944525616
8033a24a435061332c58ee974a6c0ce7604189ec
63adbb2525d91afec1324414bd2a60a3ccfce1041ff88762ed0f7d37b1d4ac11

HTTP Headers

GET /build/askandfind_net.8ca05d14.css HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jun 2025 07:05:17 GMT
content-type: text/css
last-modified: Mon, 16 Jun 2025 11:38:08 GMT
vary: Accept-Encoding
etag: W/"68500220-2b93f"
expires: Fri, 20 Jun 2025 07:05:17 GMT
cache-control: max-age=86400
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
X-Firefox-Spdy: h2

GET askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6

172.104.228.214

301 Moved Permanently

7.9 kB

URL User Request GET
askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Certificate
IssuerLet's Encrypt
Subjectaskandfind.net
FingerprintCA:D5:83:92:C9:DD:E8:39:CE:4D:64:04:A2:63:70:53:F3:3A:A3:A2
ValiditySun, 25 May 2025 14:34:41 GMT - Sat, 23 Aug 2025 14:34:40 GMT

File type

Size
7.9 kB (7856 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 HTTP/1.1
Host: askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: text/html
content-length: 162
location: https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
X-Firefox-Spdy: h2

GET www.askandfind.net/build/0.05442ab8.js

172.104.228.214

200 OK

12 kB

URL GET
www.askandfind.net/build/0.05442ab8.js
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11670), with no line terminators
Size
12 kB (11671 bytes)
Hash
632f8571a82dd91cc153f302b311ce01
7099df86722f5af56e7b8c8e2fcc35298af0ba31
526d4dd41fc131733120a288acfeeb318a34dd891c16b91109fc45e700b18d70

HTTP Headers

GET /build/0.05442ab8.js HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jun 2025 07:05:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Jun 2025 11:38:08 GMT
vary: Accept-Encoding
etag: W/"68500220-2d97"
expires: Fri, 20 Jun 2025 07:05:17 GMT
cache-control: max-age=86400
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
X-Firefox-Spdy: h2

GET img.buzzfeed.com/buzzfeed-static/static/2023-05/8/20/enhanced/2e9f6c82c222/original-1093-1683578906-2.jpg?crop=1245:830;0,0&resize=1250:830

151.101.194.114

200 OK

128 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-05/8/20/enhanced/2e9f6c82c222/original-1093-1683578906-2.jpg?crop=1245:830;0,0&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
128 kB (128059 bytes)
Hash
048dd1191bfaec72f6ef03a9eab97e12
fbdbcd43264ee1674a1a0d2b4c5006aeb3b3f1bf
e7885ae8f15bdc4b9f3e204c69177e49c869e5090c4fea82ca86e0b5df435134

HTTP Headers

GET /buzzfeed-static/static/2023-05/8/20/enhanced/2e9f6c82c222/original-1093-1683578906-2.jpg?crop=1245:830;0,0&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "kjiAIme7kB4nidHTipED9ncYAU4kX3CamCfDJ9fIRWs"
fastly-io-info: ifsz=761568 idim=1250x830 ifmt=jpeg ofsz=128059 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010231
fastly-stats: io=1
x-amz-id-2: xDrAtCs3OoEAmUQNdkWDAG1awriDKVbxxZuEfr/3VxsyI8sioQ8hYkz+xZiDOHJu+sYIn7k7c4Q=
x-amz-replication-status: COMPLETED
x-amz-request-id: 1Q03H5RKC4ZQ2VEA
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: iLRaOdkMgde0sCaUOTFl2g2oRSAsIbGR
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 1981690
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kcgs7200155-IAD, cache-iad-kcgs7200155-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 31202, 0
x-timer: S1750316716.689900,VS0,VE1
vary: X-BF-Canary
content-length: 128059
X-Firefox-Spdy: h2

GET img.buzzfeed.com/buzzfeed-static/static/2023-04/19/19/asset/13ea20f6128f/sub-buzz-810-1681933859-8.jpg?crop=965:643;45,4&resize=1250:830

151.101.194.114

200 OK

87 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-04/19/19/asset/13ea20f6128f/sub-buzz-810-1681933859-8.jpg?crop=965:643;45,4&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
87 kB (86582 bytes)
Hash
f4232f7387a13c255f4a0ecc61f1bbed
dba7be62aa195cf4c63b22c226b05e91eaffc7fb
edef43cf357c831a4c25aa94040216817ed81af9f9aa55b09a7e61968198e303

HTTP Headers

GET /buzzfeed-static/static/2023-04/19/19/asset/13ea20f6128f/sub-buzz-810-1681933859-8.jpg?crop=965:643;45,4&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "V9kwGsASdZwfLy8on8JtdX72YIOjFTAk5ilNeBPdW2Q"
fastly-io-info: ifsz=383646 idim=1080x1080 ifmt=jpeg ofsz=86582 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010212
fastly-stats: io=1
x-amz-id-2: jDum7FnYpFFrR5Ec42QA0nHMG0jcWIjTa3oA8dUe8GAYd47RFK6mkAIV+4Sbnq01xGZpjBQj5gJxy29ikipp9T8pXrOusjb1B4NnWQetbPM=
x-amz-replication-status: COMPLETED
x-amz-request-id: W0DD291WZYRP57KH
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: RNNV.Q.BaMz_2EfoD20IOWLeviw.e7Q0
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 1354850
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kiad7000136-IAD, cache-iad-kiad7000136-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 6664, 0
x-timer: S1750316716.685185,VS0,VE1
vary: X-BF-Canary
content-length: 86582
X-Firefox-Spdy: h2

GET wellnesspathways.info/_astro/Redirect.B9fVa80F.js

188.114.96.1

200 OK

407 B

URL GET
wellnesspathways.info/_astro/Redirect.B9fVa80F.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Java source, ASCII text, with very long lines (406)
Size
407 B (407 bytes)
Hash
1cbc8a60aea61d84167917e7dac50a2a
84addc35c6051a9459ce0839e77ee3323c506f22
56a6a809faed5c1229b1d582c7e4ae5c741419b8f492993389518dce3cc57d8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/Redirect.B9fVa80F.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-197"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=G%2FaTraAN15BieEHGGEOq8gpi7huvx0NP%2BX7o3UBSZfAlOt8%2BaY01i36wAN5xU6piZNqJCv%2F2d3iOOBOPSXKe%2FW%2B0qNnpGaz3qh3zYFsz4Kime3A%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d544b62b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wellnesspathways.info/_astro/index.D3zmXBWs.js

188.114.96.1

200 OK

1.1 kB

URL GET
wellnesspathways.info/_astro/index.D3zmXBWs.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Java source, Unicode text, UTF-8 text, with very long lines (1071)
Size
1.1 kB (1073 bytes)
Hash
cc0054048e67849c6ec2dbd7a81fa8af
fefc3f651718362fb50741976e83d9c10603153d
822672203470d86cff027c7480325cbe4dad61d6849f7ba4eb394bd3be38cc8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/index.D3zmXBWs.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/_astro/HomePageHealthAndFitness.5JwotI44.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-431"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=x%2F3rRhdLjJ8FwfKvEm74HLGFqSyyevF3zcZQDe65TPNbcEvS50P6lyWjFelj6vegUASrmlzeAHGgejavfFLBPqvIYx9gLvtsNsm4QB2D2vdvTLs%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d551c63b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wellnesspathways.info/img/46/logo.png

188.114.96.1

200 OK

104 kB

URL GET
wellnesspathways.info/img/46/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Size
104 kB (103743 bytes)
Hash
e3e21386a56db1591a93f008fbcdcc84
044ec8500fb726e416b8ca429b1404064fe6aa0d
19cfdc835eb0802e5256ce6e829822fcbb9a628b06636c598feaa2717bd32fb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/46/logo.png HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: image/png
content-length: 103743
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:23 GMT
vary: Accept-Encoding
etag: "6852eb43-1953f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
accept-ranges: bytes
age: 3376
cache-control: max-age=1800
cf-cache-status: HIT
priority: u=6,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=T8sQuf%2FPazkyS2%2FZzBTPG6Du6hMtXHh3tWoUOyawJjfKvi2WHsfsvz%2FjbYK%2B%2FQaVroSa1K%2F9e9%2FQs0iVZ40PbxOvecAUxgY1XBaTESPNfoft53A%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d579ef3b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.askandfind.net/build/1.5e8c8fce.js

172.104.228.214

200 OK

18 kB

URL GET
www.askandfind.net/build/1.5e8c8fce.js
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
JavaScript source, ASCII text, with very long lines (18012), with no line terminators
Size
18 kB (18012 bytes)
Hash
76aeb8467bab31ea4cd619c4e0f2b3e3
2a35e744dab2700e79a7e44bec6b1547e1d1fd97
c0ea7ac593efcad3130335955ff5d738f291336f11d1ebdfd7e23bdce29a4f66

HTTP Headers

GET /build/1.5e8c8fce.js HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jun 2025 07:05:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Jun 2025 11:38:08 GMT
vary: Accept-Encoding
etag: W/"68500220-465c"
expires: Fri, 20 Jun 2025 07:05:17 GMT
cache-control: max-age=86400
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
X-Firefox-Spdy: h2

GET img.buzzfeed.com/buzzfeed-static/static/2025-02/15/1/enhanced/aa124c37a873/original-7715-1739582045-2.jpg?crop=2988:1992;6,0&resize=1250:830

151.101.194.114

200 OK

167 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2025-02/15/1/enhanced/aa124c37a873/original-7715-1739582045-2.jpg?crop=2988:1992;6,0&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
167 kB (167102 bytes)
Hash
c3e1e0479ba63e83e442b09e0249c936
ca352d120cbba179bab886525851a096df75a7cd
dd6447171d8a30fd7c7fc22ef326771e98d46e230742381ff8849ab3b5c9db5f

HTTP Headers

GET /buzzfeed-static/static/2025-02/15/1/enhanced/aa124c37a873/original-7715-1739582045-2.jpg?crop=2988:1992;6,0&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "/JphJkrkM3pdfXSag1mxQbjEVg61flE6xhm6A31Ehx0"
fastly-io-info: ifsz=2910046 idim=3000x1992 ifmt=jpeg ofsz=167102 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010247
fastly-stats: io=1
x-amz-id-2: 4w9Gs8U59T7zuBqi6jx4LcgV8es5f2h7IRzLVvWAXxjmUlsZ3MNEgrJjkSRrurU15CRlt2sdR8Q=
x-amz-request-id: 76TT2KZ5Z479F28W
x-amz-server-side-encryption: AES256
x-amz-version-id: null
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 776033
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kiad7000120-IAD, cache-iad-kiad7000120-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 18103, 0
x-timer: S1750316716.684869,VS0,VE1
vary: X-BF-Canary
content-length: 167102
X-Firefox-Spdy: h2

GET img.buzzfeed.com/buzzfeed-static/static/2023-04/18/21/asset/08284db4e4d5/sub-buzz-1932-1681853903-2.jpg?crop=1600:1066;0,23&resize=1250:830

151.101.194.114

200 OK

88 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-04/18/21/asset/08284db4e4d5/sub-buzz-1932-1681853903-2.jpg?crop=1600:1066;0,23&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
88 kB (87684 bytes)
Hash
eb2ee499205fd0ae979e069419c89e10
0b04b2ee3104f65456a9b63a257afb231e07071f
16622bff825a423d515cd826f2aa636bb95307affabce730ed0a60de3a934520

HTTP Headers

GET /buzzfeed-static/static/2023-04/18/21/asset/08284db4e4d5/sub-buzz-1932-1681853903-2.jpg?crop=1600:1066;0,23&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "yvZdMZ+ymj9A5CvfzNUfoua9cqHvtSu8fBXbYavyVd4"
fastly-io-info: ifsz=789346 idim=1600x1100 ifmt=jpeg ofsz=87684 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010215
fastly-stats: io=1
x-amz-id-2: F3LlbtWLH72kAOppjtMtt6SLeCxYqkfrh/4TkIxDGGXgHcpz5R/VCFyMRG+9Kge97bLWWYfmOqk=
x-amz-replication-status: COMPLETED
x-amz-request-id: WTF1JWHABVRS0X92
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: MQ2xNqOdMqglpVMRf5.aHU664AR.3qDM
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 2045646
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kjyo7100063-IAD, cache-iad-kjyo7100063-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 12293, 0
x-timer: S1750316716.685648,VS0,VE1
vary: X-BF-Canary
content-length: 87684
X-Firefox-Spdy: h2

GET wellnesspathways.info/_astro/FeaturesProvider.B0FgMFmZ.js

188.114.96.1

200 OK

966 B

URL GET
wellnesspathways.info/_astro/FeaturesProvider.B0FgMFmZ.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Java source, ASCII text, with very long lines (965)
Size
966 B (966 bytes)
Hash
98671c80ba3406a9d92efb26df42c94b
99f4307ea4934da2cfbdaf70d3d2ccb83e701227
4f16e5089faf012a4de418f4c7c1b304de169dd27d9d0525f6aba8ff6aea0291

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/FeaturesProvider.B0FgMFmZ.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-3c6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=r%2FgS1JJFe3yaKi9a5cgZ75QsnRu%2FyPHS%2FF%2Fk5PyKqocKayCsjegXqx37i8PMbl%2B3RZTyGPyrD8Yp3mITaF7pQZLjwiP%2F1KPnYg7WRKhoMSt7n4k%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d544b5db4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintE1:0C:8D:E3:24:8F:B1:9F:BA:8E:CF:BE:4B:8F:D6:6A:39:8A:9D:7A
ValidityMon, 19 May 2025 08:42:51 GMT - Mon, 11 Aug 2025 08:42:50 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.askandfind.net
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 12 Jun 2025 13:11:28 GMT
expires: Fri, 12 Jun 2026 13:11:28 GMT
cache-control: public, max-age=31536000
age: 582830
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6

188.114.96.1

200 OK

22 kB

URL User Request GET
wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (22302), with no line terminators
Size
22 kB (22371 bytes)
Hash
33ab875c95aa467a13ab2fed4c399798
816892c40e647670d45fd84372f43c87bd8a9791
fbddbd3b641c6855059ddb75873276715dc3eb791170cfd661589b6adc50f435

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 19 Jun 2025 07:05:15 GMT
content-type: text/html
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:30 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tnYuyKNRFWZnuJXVD26CguHsDKYNQb7GRvdJZJuZRDISW0qB8x4bADxGpApLPSXwEh9iKUnQfIMsyDP4rd8rSmntKQm6q6kTVSceFBhQkkb%2B84Q%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 95212d4e59aeb500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET img.buzzfeed.com/buzzfeed-static/static/2023-05/10/17/asset/0f56091633b3/sub-buzz-988-1683738753-1.jpg?crop=2217:1478;0,266&resize=1250:830

151.101.194.114

200 OK

82 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-05/10/17/asset/0f56091633b3/sub-buzz-988-1683738753-1.jpg?crop=2217:1478;0,266&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
82 kB (82547 bytes)
Hash
7ab61b4449dabd3eca5b860b8078675b
f03c1cd4aa5240c729d665cefd21f193727499a3
2a1f8016062063bf88c55a06a47f08f50967fc0cc3c7f8414ae260a47700436e

HTTP Headers

GET /buzzfeed-static/static/2023-05/10/17/asset/0f56091633b3/sub-buzz-988-1683738753-1.jpg?crop=2217:1478;0,266&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "Kp61UDM/6bMQ7f79MhGjMEZvjfWq7DPUVgdqs31WNdg"
fastly-io-info: ifsz=898012 idim=2217x2000 ifmt=jpeg ofsz=82547 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010214
fastly-stats: io=1
x-amz-id-2: 0OJvdCJBu8kRvOoLPqO8P5bPdu+jRseOCZaxl82AcT7bmJXFmaCuOnwDy6/JD9OU0Pcq43OSHfI=
x-amz-replication-status: COMPLETED
x-amz-request-id: Y4ZNBR6EDJDJW8XG
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: iBZL6zX5ItSSCStJmzVNSw21FWEANi0w
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
date: Thu, 19 Jun 2025 07:05:15 GMT
age: 2047221
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kcgs7200115-IAD, cache-iad-kcgs7200115-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 13330, 343
x-timer: S1750316716.687580,VS0,VE0
vary: X-BF-Canary
content-length: 82547
X-Firefox-Spdy: h2

GET wellnesspathways.info/_astro/jsxRuntime.module.rIB0llmI.js

188.114.96.1

200 OK

431 B

URL GET
wellnesspathways.info/_astro/jsxRuntime.module.rIB0llmI.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
JavaScript source, ASCII text, with very long lines (430)
Size
431 B (431 bytes)
Hash
e94794479beecd36a2045dcb956b255e
8a8a014ecaf73a18ecc16bf4a20d0a4b7484be27
462d69c43ef7c5e4e9f8d78254c1021eebe67589694f613c2f2cfe6d7f3bce3a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/jsxRuntime.module.rIB0llmI.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/_astro/HomePageHealthAndFitness.5JwotI44.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-1af"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2F%2Bz7es5nXWg3fJMKojy9JW%2FpxT0XPbW40JMPU09JMhW9q6qUe%2BPDdRM2bGw68LhQ03%2BAUCUV1ZY2kgXNtjndYDp2oSpnwxoCLo1Ogw6vnMEDOcI%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d551c67b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET fundingchoicesmessages.google.com/i/pub-6090737927599563?ers=1

142.250.178.46

200 OK

208 kB

URL GET
fundingchoicesmessages.google.com/i/pub-6090737927599563?ers=1
IP
142.250.178.46:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint09:73:D4:56:AF:03:7E:40:3B:60:95:56:66:8D:E9:27:E0:DA:EC:DA
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type
JavaScript source, ASCII text, with very long lines (2039)
Size
208 kB (208460 bytes)
Hash
b5b01cde7167e6525a33c812e9f67836
8718aa1a52725ca3e3007942b532e957c1d30815
c66c77286170c1c6cf37ddd7a4430a62af244c2e027cb8b921b94d7247492416

HTTP Headers

GET /i/pub-6090737927599563?ers=1 HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Jun 2025 07:05:17 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'nonce-eedGXLRzstqkXT9R7mMTJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw1JBiaL15jnU6EBsqXGJ1BuL76y6xPgfiD_WXWX8AcZHEFdYWIP5UdYNVpPoGaxL7TdYSIA51vMkaC8S7Nt5iPQzEZn63We2AuHD6bdZKIBbi4Vj79twhNoEFf77OYVLSSMovjE_OzyspykwqLckvSktOSy1OLSpLLYo3MjAyNTAzNNMzMI4vMAAADdc9xQ"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET wellnesspathways.info/_astro/_slug_.B3oXPvqW.css

188.114.96.1

200 OK

42 kB

URL GET
wellnesspathways.info/_astro/_slug_.B3oXPvqW.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Unicode text, UTF-8 text, with very long lines (41951)
Size
42 kB (41960 bytes)
Hash
04ac283676856c76cd16e60b396cf98c
7c7795367efb43a59fa5933e0a1b60ff874fa39e
a405089436c58f657178afc38633a3a3ac58967ddc9c31e52bc436bcc903a3c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/_slug_.B3oXPvqW.css HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:15 GMT
content-type: text/css
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:23 GMT
vary: Accept-Encoding
etag: "6852eb43-a3e8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
age: 3375
cache-control: max-age=1800
cf-cache-status: HIT
priority: u=2,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=i7ek2uLESC%2BxejQBjroSdBumtGTm6o%2FIrsLMUW8yCfKdWJE8XPQ7rUPw70K7w4xB57l9Gdnkl1WKUp%2FXuX4zUHZZYCbO403URDlin29CzSJP3Zg%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d507f23b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET img.buzzfeed.com/buzzfeed-static/static/2023-04/19/21/asset/7e5eddaa24d5/sub-buzz-1063-1681938051-1.jpg?crop=1255:837;0,0&resize=1250:830

151.101.194.114

200 OK

74 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-04/19/21/asset/7e5eddaa24d5/sub-buzz-1063-1681938051-1.jpg?crop=1255:837;0,0&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
74 kB (74340 bytes)
Hash
bb7ed85d404562c9cbb0b72162210eb2
1b6cf765d939f1d7a3d0d862bd04bedad5a8e8d3
61f2cc2750d814539e1691db5584d78cad6cb18db7a62d58864b16f6e370189e

HTTP Headers

GET /buzzfeed-static/static/2023-04/19/21/asset/7e5eddaa24d5/sub-buzz-1063-1681938051-1.jpg?crop=1255:837;0,0&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "NsOx0CkbyIwJhToD8f16z8+CNe7Wh/sNu4TVWlcoWUM"
fastly-io-info: ifsz=217962 idim=1255x888 ifmt=jpeg ofsz=74340 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010250
fastly-stats: io=1
x-amz-id-2: 1UzymdYM8iTqsSf61E8tRAKzdnocmuhK3g/kqovUwqHt5OSEscW8Qws1btoQukpc7H0WOIHGt/g=
x-amz-replication-status: COMPLETED
x-amz-request-id: BNKYBK85B9EAB8Q8
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: BX6kPEEjQ3Fs14TpfooiyN8OVaXZFF.2
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 749310
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kjyo7100097-IAD, cache-iad-kjyo7100097-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 1297, 0
x-timer: S1750316716.685141,VS0,VE1
vary: X-BF-Canary
content-length: 74340
X-Firefox-Spdy: h2

POST fundingchoicesmessages.google.com/el/AGSKWxXw-qtGKUv4lcYrA_rea8pjCYFYOACap0dIIx2INx-r2HuFESFAPXYFz1jurg_Sx6xeJlEheqeFba_OaCOYEUecrI3FDO_M8KT2Hm1Nj-ays65ployyLmk_YdkxrdWgshJJJkaAPA==

142.250.178.46

204 No Content

0 B

URL POST
fundingchoicesmessages.google.com/el/AGSKWxXw-qtGKUv4lcYrA_rea8pjCYFYOACap0dIIx2INx-r2HuFESFAPXYFz1jurg_Sx6xeJlEheqeFba_OaCOYEUecrI3FDO_M8KT2Hm1Nj-ays65ployyLmk_YdkxrdWgshJJJkaAPA==
IP
142.250.178.46:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint09:73:D4:56:AF:03:7E:40:3B:60:95:56:66:8D:E9:27:E0:DA:EC:DA
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxXw-qtGKUv4lcYrA_rea8pjCYFYOACap0dIIx2INx-r2HuFESFAPXYFz1jurg_Sx6xeJlEheqeFba_OaCOYEUecrI3FDO_M8KT2Hm1Nj-ays65ployyLmk_YdkxrdWgshJJJkaAPA== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 200
Origin: https://www.askandfind.net
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://www.askandfind.net
access-control-allow-credentials: true
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Jun 2025 07:05:18 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-EowbOtdxoJvkRGWRds9wAg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0ZBi-FB_mfUHEJv53Wa1A-LC6bdZK4FYiIdj3dtzh9gETuxtesSo5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwNzAzN9AzM4gsMAFF-K7g"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET img.buzzfeed.com/buzzfeed-static/static/2023-04/27/21/enhanced/79f5b5ff7058/original-1194-1682630974-3.jpg?crop=1244:829;0,0&resize=1250:830

151.101.194.114

200 OK

147 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-04/27/21/enhanced/79f5b5ff7058/original-1194-1682630974-3.jpg?crop=1244:829;0,0&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
147 kB (147191 bytes)
Hash
efed20cfec5b816f5b676c0549a96844
c8dbed41095747cfadd935c39db63740226cc064
ef9af13253100bb7c8e00b249b1ef023b4c4bcbe9f90fb8667d9891f827bf6f0

HTTP Headers

GET /buzzfeed-static/static/2023-04/27/21/enhanced/79f5b5ff7058/original-1194-1682630974-3.jpg?crop=1244:829;0,0&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "wbPyoib36JlCGfdPmwBqE4DtGhB5b4BBdrgcWbiLcVo"
fastly-io-info: ifsz=890475 idim=1250x830 ifmt=jpeg ofsz=147191 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010248
fastly-stats: io=1
x-amz-id-2: fNFDZiQU4vNOTv6NZwj3sdpcT1Lvq48t9YiEs1T8mAqucGbCwZTZ6m+2Rd9mZKTeZB4xcf4/UWe2Gjn01SZJkVYB39u72l7I
x-amz-replication-status: COMPLETED
x-amz-request-id: E16BKGTXYK6W8TPG
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: c.LPdIOJBflKEmhm6u5XKbSiz9YsFsq6
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 2038421
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kcgs7200119-IAD, cache-iad-kcgs7200119-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 15067, 0
x-timer: S1750316716.702334,VS0,VE1
vary: X-BF-Canary
content-length: 147191
X-Firefox-Spdy: h2

GET wellnesspathways.info/_astro/useCurrentUrl.DHfNBjYr.js

188.114.96.1

200 OK

439 B

URL GET
wellnesspathways.info/_astro/useCurrentUrl.DHfNBjYr.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Java source, ASCII text, with very long lines (438)
Size
439 B (439 bytes)
Hash
721ac65bf71a68d2fe1d0fa7a5427725
0c73d2aefa5305f971f8b27a9a6fc2757149e561
90ada2eb3948b2cac7a273b2c3e84c9cf73de1c44853136b88fbb7f88cf4a10d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/useCurrentUrl.DHfNBjYr.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/_astro/HomePageHealthAndFitness.5JwotI44.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-1b7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xIDnsCHEeB8V17LjBbXzP2YDPP0BXY8dSciJSjzIPHJZfdCRtU5ryI7GCtlbpz1loZ6d%2B1%2BQjKTV9%2FyNb7zMyAXutFUYjSXsOqYq8Eq6Fii0Y%2FE%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d552c6db4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wellnesspathways.info/favicon.ico

0.0.0.0

0 B

URL GET
wellnesspathways.info/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

GET fundingchoicesmessages.google.com/f/AGSKWxXrF5Um34IdCSOFMHAh2eeNua5VVMRxMWGdRKihciwA2nuWzwwqA-ypRwp1ugy5lrs3k8cFR0Lx965n66fHakCdhnGhWoDBXkre27xyrGGULUrOcyuSsYM69eXQvkTkaHsFTxQ8EA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzUwMzE2NzE3LDg0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYXNrYW5kZmluZC5uZXQvZ2FydGljbGUiLG51bGwsW1syNiwiMTgiXSxbOCwiUXE1ZGtYVHNjQ1kiXSxbOSwiZW4tVVMiXSxbMTksIjEiXSxbMTcsIlswXSJdLFsyNCwid2VsbG5lc3NwYXRod2F5cy5pbmZvIl0sWzI1LCJbWzk1MzU5MjYyXV0iXSxbMjksImZhbHNlIl1dXQ

142.250.178.46

200 OK

459 kB

URL GET
fundingchoicesmessages.google.com/f/AGSKWxXrF5Um34IdCSOFMHAh2eeNua5VVMRxMWGdRKihciwA2nuWzwwqA-ypRwp1ugy5lrs3k8cFR0Lx965n66fHakCdhnGhWoDBXkre27xyrGGULUrOcyuSsYM69eXQvkTkaHsFTxQ8EA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzUwMzE2NzE3LDg0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYXNrYW5kZmluZC5uZXQvZ2FydGljbGUiLG51bGwsW1syNiwiMTgiXSxbOCwiUXE1ZGtYVHNjQ1kiXSxbOSwiZW4tVVMiXSxbMTksIjEiXSxbMTcsIlswXSJdLFsyNCwid2VsbG5lc3NwYXRod2F5cy5pbmZvIl0sWzI1LCJbWzk1MzU5MjYyXV0iXSxbMjksImZhbHNlIl1dXQ
IP
142.250.178.46:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint09:73:D4:56:AF:03:7E:40:3B:60:95:56:66:8D:E9:27:E0:DA:EC:DA
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type
JavaScript source, ASCII text, with very long lines (6789)
Size
459 kB (458945 bytes)
Hash
406f1702c81544a1d29e997691e456e6
90a5e8445ef913809d24f059ece03028d4b95e80
5b579a61437af217810239433a7e664d35f6b0c956196507ee073bc911478a33

HTTP Headers

GET /f/AGSKWxXrF5Um34IdCSOFMHAh2eeNua5VVMRxMWGdRKihciwA2nuWzwwqA-ypRwp1ugy5lrs3k8cFR0Lx965n66fHakCdhnGhWoDBXkre27xyrGGULUrOcyuSsYM69eXQvkTkaHsFTxQ8EA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzUwMzE2NzE3LDg0NzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuYXNrYW5kZmluZC5uZXQvZ2FydGljbGUiLG51bGwsW1syNiwiMTgiXSxbOCwiUXE1ZGtYVHNjQ1kiXSxbOSwiZW4tVVMiXSxbMTksIjEiXSxbMTcsIlswXSJdLFsyNCwid2VsbG5lc3NwYXRod2F5cy5pbmZvIl0sWzI1LCJbWzk1MzU5MjYyXV0iXSxbMjksImZhbHNlIl1dXQ HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=utf-8
timing-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Jun 2025 07:05:17 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-m4sdTRDK6oXwsmTHPuxl1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjStDikmJw1pBiaL15jnU6EBsqXGJ1BuL76y6xPgfiD_WXWX8AcZHEFdYWIP5UdYNVpPoGaxL7TdYSIA51vMkaC8S7Nt5iPQzEZn63We2AuHD6bdZKIBbi4Vj79twhNoEZ175vYVbSSMovjE_OzyspykwqLckvSktOSy1OLSpLLYo3MjAyNTAzNNMzMI4vMAAAC1g9tA"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6

172.104.228.214

200 OK

7.9 kB

URL User Request GET
www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (546)
Size
7.9 kB (7856 bytes)
Hash
05711c0b6deb137e8912e4d7cb57f29c
d44c03c69466337f35e7ec1cbf2b822343986ddc
cf386fd04ea1ef868db4f7c6aa1fa261c25fddf7f82b7a5c094b53109d324257

HTTP Headers

GET /garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6 HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wellnesspathways.info/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=0, must-revalidate, private
date: Thu, 19 Jun 2025 07:05:16 GMT
expires: Thu, 19 Jun 2025 07:05:16 GMT
set-cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb; path=/; secure; httponly; samesite=lax
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintE1:0C:8D:E3:24:8F:B1:9F:BA:8E:CF:BE:4B:8F:D6:6A:39:8A:9D:7A
ValidityMon, 19 May 2025 08:42:51 GMT - Mon, 11 Aug 2025 08:42:50 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.askandfind.net
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 12 Jun 2025 13:11:28 GMT
expires: Fri, 12 Jun 2026 13:11:28 GMT
cache-control: public, max-age=31536000
age: 582830
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST fundingchoicesmessages.google.com/el/AGSKWxXw-qtGKUv4lcYrA_rea8pjCYFYOACap0dIIx2INx-r2HuFESFAPXYFz1jurg_Sx6xeJlEheqeFba_OaCOYEUecrI3FDO_M8KT2Hm1Nj-ays65ployyLmk_YdkxrdWgshJJJkaAPA==

142.250.178.46

204 No Content

0 B

URL POST
fundingchoicesmessages.google.com/el/AGSKWxXw-qtGKUv4lcYrA_rea8pjCYFYOACap0dIIx2INx-r2HuFESFAPXYFz1jurg_Sx6xeJlEheqeFba_OaCOYEUecrI3FDO_M8KT2Hm1Nj-ays65ployyLmk_YdkxrdWgshJJJkaAPA==
IP
142.250.178.46:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint09:73:D4:56:AF:03:7E:40:3B:60:95:56:66:8D:E9:27:E0:DA:EC:DA
ValidityMon, 19 May 2025 08:41:43 GMT - Mon, 11 Aug 2025 08:41:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /el/AGSKWxXw-qtGKUv4lcYrA_rea8pjCYFYOACap0dIIx2INx-r2HuFESFAPXYFz1jurg_Sx6xeJlEheqeFba_OaCOYEUecrI3FDO_M8KT2Hm1Nj-ays65ployyLmk_YdkxrdWgshJJJkaAPA== HTTP/1.1
Host: fundingchoicesmessages.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 168
Origin: https://www.askandfind.net
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
content-type: text/html; charset=utf-8
access-control-allow-methods: POST, GET, OPTIONS
access-control-max-age: 86400
access-control-allow-origin: https://www.askandfind.net
access-control-allow-credentials: true
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 19 Jun 2025 07:05:18 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'nonce-fBPH0OK9RGOVQFElxogYFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw1pBi-FB_mfUHEJv53Wa1A-LC6bdZK4FYiIdj3dtzh9gEJnT-usmo5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwNzAzN9AzM4gsMAFFOK7o"
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET img.buzzfeed.com/buzzfeed-static/static/2023-05/31/20/enhanced/84851f378ae9/original-3350-1685563330-16.jpg?crop=1243:829;0,0&resize=1250:830

151.101.194.114

200 OK

140 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-05/31/20/enhanced/84851f378ae9/original-3350-1685563330-16.jpg?crop=1243:829;0,0&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
140 kB (139534 bytes)
Hash
a533590aaaffa99ae661389578f16e2d
adf3f198f623c9a9aa557e7b082f055c70676303
7f59997b60a4a0819fd5ab967adba4f0381bb867e56713f316ad0987133a1116

HTTP Headers

GET /buzzfeed-static/static/2023-05/31/20/enhanced/84851f378ae9/original-3350-1685563330-16.jpg?crop=1243:829;0,0&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "GhFyIpKdZebfhiKKuYzAj3sIWcm0BEFDAne7sHMU3nk"
fastly-io-info: ifsz=654303 idim=1250x830 ifmt=jpeg ofsz=139534 odim=1250x830 ofmt=jpeg
fastly-io-served-by: vpop-kiad7010251
fastly-stats: io=1
x-amz-id-2: lUxE2IvyQFOx7wH9NEhGNPFAEKbjEZ0XTbu6VIWlb6TNUEXlgNNT7s2G6qHfY/cx/0B0UmYlDEZi1PLPG3nZU7dqZnt51D9WIotdGmgDyjk=
x-amz-replication-status: COMPLETED
x-amz-request-id: SNCKPCDBYWF62HQ1
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: SSjY18e2SqX3rMsMzDe_kMoSG3ie0QLp
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 666339
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kiad7000097-IAD, cache-iad-kiad7000097-IAD, cache-hel1410025-HEL
x-cache: HIT, HIT, HIT
x-cache-hits: 0, 16381, 0
x-timer: S1750316716.688648,VS0,VE1
vary: X-BF-Canary
content-length: 139534
X-Firefox-Spdy: h2

GET img.buzzfeed.com/buzzfeed-static/static/2023-04/19/20/enhanced/a53be0ae7be2/original-913-1681935476-3.jpg?crop=1373:915;115,19&resize=1250:830

151.101.194.114

200 OK

168 kB

URL GET
img.buzzfeed.com/buzzfeed-static/static/2023-04/19/20/enhanced/a53be0ae7be2/original-913-1681935476-3.jpg?crop=1373:915;115,19&resize=1250:830
IP
151.101.194.114:443
ASN
#54113 FASTLY

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGlobalSign nv-sa
Subject*.buzzfeed.com
Fingerprint00:7D:75:13:17:09:CF:27:1D:F5:A7:5A:28:09:00:72:D1:77:29:42
ValidityMon, 23 Sep 2024 21:56:03 GMT - Sat, 25 Oct 2025 21:56:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1250x830, components 3
Size
168 kB (167896 bytes)
Hash
4a889a563a35b34bb3d09b3e3e7ef515
9f5ba6b36eeeb8946bb00ace3e00ec1c896cb929
f98ad8b3524421311e4bde0628ca740e35ae28f47ac0fea71cef5208864b3eac

HTTP Headers

GET /buzzfeed-static/static/2023-04/19/20/enhanced/a53be0ae7be2/original-913-1681935476-3.jpg?crop=1373:915;115,19&resize=1250:830 HTTP/1.1
Host: img.buzzfeed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
etag: "DJSzOe6Qon+UpQ7PJYlwvV4VF3W7vZIEahl4GqNycZM"
fastly-io-info: ifsz=748509 idim=1600x957 ifmt=jpeg ofsz=167896 odim=1250x830 ofmt=jpeg
fastly-io-served-by: img09-us-east4
fastly-stats: io=1
x-amz-id-2: gOZ43fEZ8jddXCCdpW5KyubLhe3vlHJqnhuDzs++QWimLOlqN5OoInnk80lGnkxlylTsXamvCeE=
x-amz-replication-status: COMPLETED
x-amz-request-id: EYHG08TZMR0VX84W
x-amz-server-side-encryption: AES256
x-amz-storage-class: STANDARD_IA
x-amz-version-id: aYpRVKoCYyTuw6aJpJvLwlR.ySch5QsZ
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
server: FastlyIO
cache-control: public, max-age=86400
accept-ranges: bytes
age: 2579248
date: Thu, 19 Jun 2025 07:05:15 GMT
timing-allow-origin: *
access-control-allow-origin: *
x-served-by: cache-iad-kcgs7200136-IAD, cache-iad-kcgs7200136-IAD, cache-hel1410025-HEL
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 4615, 0
x-timer: S1750316716.705831,VS0,VE1
vary: X-BF-Canary
content-length: 167896
X-Firefox-Spdy: h2

GET wellnesspathways.info/_astro/Adpeek.Cxx81-RQ.js

188.114.96.1

200 OK

558 B

URL GET
wellnesspathways.info/_astro/Adpeek.Cxx81-RQ.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Java source, ASCII text, with very long lines (557)
Size
558 B (558 bytes)
Hash
1b3861a7fd52661229f663ea324e57fd
0cbb5d0bf41c8a1d890f40acd140859e59e65375
5b3fb0324f66c479de4b6d8878ae42a4c29b16985041e70d17e172e88afa275b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/Adpeek.Cxx81-RQ.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-22e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MtU6ZLy8bf4vHe2iMWs93YLIEs5XWD%2BeiXM5pp%2FYZo%2BaZHA%2FyTgaqgVS6jHjTvkh%2F%2BnzWKT0TxFweKdSehf1o3MVGWfnB%2B1p1a4Qq6Az0K0dOB4%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d545b6ab4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wellnesspathways.info/_astro/HomePageHealthAndFitness.5JwotI44.js

188.114.96.1

200 OK

932 B

URL GET
wellnesspathways.info/_astro/HomePageHealthAndFitness.5JwotI44.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Java source, ASCII text, with very long lines (931)
Size
932 B (932 bytes)
Hash
9da401f2291c87d35c2338a6b24ce9fc
662b210205a94adeb865b2b84e67ea01c2a18fde
a6509076f98f6f4441545921efc94095a1295e4af778f1aca3e7a316d229a139

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/HomePageHealthAndFitness.5JwotI44.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-3a4"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VGYF0t5znvYOY0Iyrz9QrSKnooy%2FfQ%2FllIIvzb94PcAQiNbHL%2Bu%2Ffwdwgu8CxJ0qg9QGO8xpN0LQ8cLhugYqWhy4B1ZWc98cpZp2xRWYMokKJoo%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d546b7ab4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.askandfind.net/build/askandfind_net/images/favicon/favicon.ico

172.104.228.214

200 OK

8.3 kB

URL GET
www.askandfind.net/build/askandfind_net/images/favicon/favicon.ico
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
8.3 kB (8254 bytes)
Hash
7a7fd2a7f00bf080e059e43bab6f455e
4a460e007fd55cf0995a88eae8000f26f40f452d
f5dd2849a8cb1cefff8ea7e4f8037816bdf40a648ca56fe79bf61c699d5217c9

HTTP Headers

GET /build/askandfind_net/images/favicon/favicon.ico HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jun 2025 07:05:17 GMT
content-type: image/x-icon
content-length: 8254
last-modified: Mon, 16 Jun 2025 11:38:08 GMT
vary: Accept-Encoding
etag: "68500220-203e"
expires: Fri, 20 Jun 2025 07:05:17 GMT
cache-control: max-age=86400
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
accept-ranges: bytes
X-Firefox-Spdy: h2

142.250.74.10

200 OK

127 kB

URL GET
fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintFF:78:1F:2C:E7:6A:27:90:8B:25:07:97:DD:25:4A:FA:6F:1F:0F:31
ValidityMon, 19 May 2025 08:42:52 GMT - Mon, 11 Aug 2025 08:42:51 GMT

File type
ASCII text, with very long lines (1572)
Size
127 kB (126895 bytes)
Hash
2b7e7cde8fd27f64023facfd51424eb7
dc6f03db40e410e035555f52552088c1690116bb
d388893abce94dca3485d78914c6f0853bbad71719d6d1d6f941990724c795d0

HTTP Headers

GET /css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.askandfind.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 19 Jun 2025 07:05:18 GMT
date: Thu, 19 Jun 2025 07:05:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET wellnesspathways.info/_astro/client.BF5YdGWT.js

188.114.96.1

200 OK

2.1 kB

URL GET
wellnesspathways.info/_astro/client.BF5YdGWT.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
JavaScript source, ASCII text, with very long lines (1951)
Size
2.1 kB (2135 bytes)
Hash
0483ce89f3842d2b7a32e21e70170970
fe9a0e241794dfdd59feb7d0197ab2894c70f87b
2f374147566314e1fe1211f2a04af60c638cd5f972842ab7069dc04026c04d6b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/client.BF5YdGWT.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-857"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0fo4JigakJo9j%2BZm%2BkEKS%2FE%2FRGaZzTfnPyZc1jA7h5h1WaKp9DZv6EhZhT9tT8KyPbRHMNnc7KK6Fi%2FjKZJ01SozThqCotbJIvWwnptF8E4DuNY%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d544b5eb4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wellnesspathways.info/_astro/Favicon.CenzvOau.js

188.114.96.1

200 OK

284 B

URL GET
wellnesspathways.info/_astro/Favicon.CenzvOau.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
Java source, ASCII text
Size
284 B (284 bytes)
Hash
6cbb70987ce78d7066caf302a370d244
e3c0c44118ab9e8758d19566367bf636053b7d29
71b25793226e26446e9316b1de141596a33b5c9809cbe7a3ab5f8558420f1ed1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/Favicon.CenzvOau.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-11c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ycyuruo1MyoE3XuBhm9mBfbjMWbHp1hMu7025WkIjzCtml46cmLGgd2BxTa4J9i2oN6ZSoOsSW%2FrIAlP%2FDujCrnYHzDnysynCsg4fb4qiqGnl2Y%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d544b5fb4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET wellnesspathways.info/_astro/hooks.module.C9WLiBQm.js

188.114.96.1

200 OK

2.6 kB

URL GET
wellnesspathways.info/_astro/hooks.module.C9WLiBQm.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wellnesspathways.info/?target=https://askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerGoogle Trust Services
Subjectwellnesspathways.info
Fingerprint4A:40:FE:94:6E:20:54:41:C5:F3:99:8F:C1:64:D1:D0:79:8E:DE:30
ValidityMon, 16 Jun 2025 15:45:54 GMT - Sun, 14 Sep 2025 16:42:13 GMT

File type
JavaScript source, ASCII text, with very long lines (2646)
Size
2.6 kB (2647 bytes)
Hash
26c2a13c0f56377d024c49f4499db3a1
f08491a18d64f9fac94421abda014285e09c37ab
8a5101bc927602711d5677ad1d1406ee4824c468f3e6ff085978e45cfb8619cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_astro/hooks.module.C9WLiBQm.js HTTP/1.1
Host: wellnesspathways.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wellnesspathways.info/_astro/Favicon.CenzvOau.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 19 Jun 2025 07:05:16 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 18 Jun 2025 16:37:24 GMT
vary: Accept-Encoding
etag: W/"6852eb44-a57"
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
cache-control: max-age=1800
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=iquqB0tNQdithnpdEieBR0U8Xi9u7vh%2BqWx5CF5Qw7Wjp45nup%2FtQdWc6DtnqBbcoo0tHIvpnamseXSaxhQPkW5FXrEMNHRAYYYBJMObtDj1uOU%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95212d550c56b4f1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET www.askandfind.net/build/askandfind_net.ec9d0c54.js

172.104.228.214

200 OK

7.6 kB

URL GET
www.askandfind.net/build/askandfind_net.ec9d0c54.js
IP
172.104.228.214:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
Certificate
IssuerLet's Encrypt
Subjectwww.askandfind.net
FingerprintC3:FE:E2:60:EB:D1:84:E6:85:17:C0:9F:71:9C:95:8A:DB:DB:F5:6C
ValiditySun, 25 May 2025 14:36:11 GMT - Sat, 23 Aug 2025 14:36:10 GMT

File type
JavaScript source, ASCII text, with very long lines (7551), with no line terminators
Size
7.6 kB (7551 bytes)
Hash
5efff39cf29adc28e0702fba777f5b0c
b210aa9d79bede8d1d2d844307a86ad0ea73b17b
789879c54811a95be24348c393fd11b331030e0667c7220884e92feba69bd304

HTTP Headers

GET /build/askandfind_net.ec9d0c54.js HTTP/1.1
Host: www.askandfind.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.askandfind.net/garticle?q=dokkanrglobaltms&pc=0yyw2cnwnvc969m11x23e0mark&visitor_id=959459866756263937&target_id=2694033&campaign_id=9463613&source_id=4267612&link_key=a5da9ec9cac8464a71e5a2c3d9acf267&utm_rr=019786ff-81f7-7ce7-979f-f526a84c7700&_cfrid=019786ff-8200-72ed-95cb-10159ad021c6
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=n32prs9pcrhot75v1avi5rsimb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 19 Jun 2025 07:05:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Jun 2025 11:38:08 GMT
vary: Accept-Encoding
etag: W/"68500220-1d7f"
expires: Fri, 20 Jun 2025 07:05:17 GMT
cache-control: max-age=86400
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML