| my.rtmark.net/gid.js?userId=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 IP139.45.195.8:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash5f6a7529a18a7086b8acd6c9dcf4b4d8 c2f958e4b67f470b29626b7546073100f7dc086d f496a9dc57a3179a553fca6317dcf9b8fff8711ee0eab83a7da8ec6e79cca9ee
GET /gid.js?userId=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; expires=Thu, 08 May 2025 03:55:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/_core-survey.1b09882a.js | 188.114.96.1 | 200 OK | 44 kB |
URL GET HTTP/3googrootsurvey.top/js/_core-survey.1b09882a.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65456) Hashc55db8837cff797e0b71f434711e6c67 9ed9a20f72c6f0177f1e9e8fc297b9a326451f47 83284da23d4d3e338837278b8926ceb145ed8bad7415a96ebe6a16d00c6233f3
GET /js/_core-survey.1b09882a.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
vary: Accept-Encoding
etag: W/"662b7651-296cc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OppniLeOdcQw%2FXUhgIWiugANfrThwJgsm1BjVtm4x%2B8FBC9WVAdB0sUR%2BGzpqQ1amyP%2FBb8wt0RxReKQkQNFy%2B8XNgrviMbTErct8VpCfx1l3f1xpglFw63HC%2F2yKlKe4s8QVkA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846acb4756c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 745
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: ea2d55280a67ebd95defb9f47a9d1adf
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offpichuan.com/track?offer_id=9540&z=6070194&request_var=2256&variable2=663af7bc4f4329000183bc89&oaid=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 | 139.45.197.237 | 200 OK | 182 B |
URL GET HTTP/2offpichuan.com/track?offer_id=9540&z=6070194&request_var=2256&variable2=663af7bc4f4329000183bc89&oaid=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 IP139.45.197.237:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
Hash518fbbd5a95951cd6212498955368d69 f6b781a48dee7d09f5b29745c4ced1397642bbe1 f8c19e1cf3423fb386d154c3effb94bc2774d81de6af91588f731e2ce2b6a4f8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?offer_id=9540&z=6070194&request_var=2256&variable2=663af7bc4f4329000183bc89&oaid=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/json
content-length: 182
x-trace-id: 66c650e22c867f5eef600e96163e5d59
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/pfe/current/micro.tag.min.js?z=6679105&sw=/sw/sw6679105.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/3googrootsurvey.top/pfe/current/micro.tag.min.js?z=6679105&sw=/sw/sw6679105.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (27174), with no line terminators Hash75c26ccd65e96e912725399ff3ce66e9 d300939979d2048844dc5ac80c51ed8121126f4e c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf
GET /pfe/current/micro.tag.min.js?z=6679105&sw=/sw/sw6679105.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:30 GMT
vary: Accept-Encoding
etag: W/"662b7652-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3nzl7yzjkPiy7ZI46V%2BAQqWC4VtI3Iou2Y3CKdp8hODIwUPCW7zPGJn3zWS1scVyxAFWctmt0gS5qKt9WpA3%2FXZ0ZSjn8IlnVUErnn5WM%2FmcqgSCdCKJ7L9hJlRQ7MtpTgKRfZQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846cec1856c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-attributes-to-props.js.a2e7cd04.js | 188.114.96.1 | 200 OK | 465 B |
URL GET HTTP/3googrootsurvey.top/js/v-attributes-to-props.js.a2e7cd04.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (702), with no line terminators Hasheb57bdb06e45aff1918587283bf415aa 27d660f01e5c888c9d38a6f784ee2f4458d7d89f ecdd5f30b2bd16e4aa0274c6fce3d598419837aa257c285f2e6d18ac5df9ce0b
GET /js/v-attributes-to-props.js.a2e7cd04.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-2be"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxZS0OSg0bh%2FdrZ3u1nYUuurL9pvcsZgDXes5pZrSG%2BzeKpwhiUcWcwvemh8DvABQmfLqvj1molai%2BKESoONPzcYbTZaqK%2FaFvY58sXXohVAvsPIbzY5D7B%2F4jJy3y57IsmdkyQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c4056c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-html-to-dom.js.ff1ae7e0.js | 188.114.96.1 | 200 OK | 1.8 kB |
URL GET HTTP/3googrootsurvey.top/js/v-html-to-dom.js.ff1ae7e0.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (364), with no line terminators Hashe7384582d95265db33b2a41c0a31f41b b609bec5a8718ab1c9c27a197a15e9a434c36dde c631c08f52c7380fc8f8f0247d68f9171ff8e63d41d7885b992f1374af5a995a
GET /js/v-html-to-dom.js.ff1ae7e0.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-16c"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BWT6uwv16ksReDNSuMEaZheRLOHM6ulGcIYyJIJOmnWS%2BChMyXhwgyyHledg%2FC8VerOL7tP%2FYlgkaAQIffM047OURa1qCviEtoCrbAj1a8zT%2BTzSJF0gx%2BruMRm70AHrJHGaqJw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d5c4156c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-3.webp | 188.114.96.1 | 200 OK | 982 B |
URL GET HTTP/3googrootsurvey.top/img/comments/person-3.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash489a7f64f96c92f3325af92fa2af78b5 098cbcbd7ee329321d2fb7bac74535ab258a1f97 fd84809b70e4186fc2529a7ce54316e51ddf51ff8b2f099dcdb88ea91840be4f
GET /img/comments/person-3.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 982
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-3d6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T04QEUXIY5n%2Fc5X8ZzxURFwdfJb4W97MmTjb4yufcNOC%2FUa8Zv7SGtGwb1VrQJuLET0RLWafqjLDTpr9ufoDqRy2%2BSlapwabzi6mw5gyXPBvhaadYiGDmK%2Fi64b9DWFTV4TAwAI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccfc56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-14.webp | 188.114.96.1 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-14.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7dc8c2c56e77f2a329230f677b6e5bf8 23b56b25ef6370e93d6c070c212684ba99612fcc 49ce3d1aa6533e2c9715cdc971939ba08f7072b87d7f60dd1dc3f0ef892e44fc
GET /img/comments/person-14.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1672
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-688"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VbDtzRyCWPIU5PaAimYYm3sESbHDHozpvAro%2Bd3%2FmiukMTugPsTG9RyBIWxwW9vfToMpaLASPUjbnkwz7QrvTuq%2FEAuaEcBzs8%2BAdK6347OygY%2FZMpIrhBWZdUHNpIUrguaFAnk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccf356c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-2.webp | 188.114.96.1 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-2.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashcd20c1e86fd66d301b6e35a97af461fd 3f92712ef775681d59dfd96bb9b6429227a944e9 0d5556f5acd9a72ca66c6bfab3d813e35f504dcf73e6e6baca816da78a8fbad0
GET /img/comments/person-2.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1104
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-450"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3lu3So46iu72r7u56uMvBwEhbKoKW9UgkQsqxyiWTxDHuCWjWlWmklkwnxMzmtDwFpmto%2BLVyKISaq1pSrxzZ3YR%2Bjw5AcTe8KdP3uHiBDtAUKTdv1BfrlAqEo0gBKOXbqZVBE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccf556c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-4.webp | 188.114.96.1 | 200 OK | 1.4 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-4.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha78233e0cf1abbb3c5c98ef32a087d96 5ac6cdfb7f9e7be828a4d01e57f10379ef173889 3854114bf0acf8bc190e93893a80429d611c1d16b61d6cde07af182c232a30d7
GET /img/comments/person-4.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1356
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-54c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O5%2BaeusuCuPtjgfYG1uL8QrqpZ%2BaRsR4yhgGcUM9CElbL9EcWeUPh1Jl9ROWdEeM%2BMdbsqexNpAXAcFas%2Fa9%2FQSLvfwkolZWYV7OmlGbxbIrgwrOoDEPdiHM%2FbFR2y8bKBoXi6s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccf656c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-5.webp | 188.114.96.1 | 200 OK | 1.8 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-5.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash10f4b15b0a471e17ef598de73ffb319b e3fd3478fa27f2cce0a9b945c50d640832594594 21411e70dfd7d12a4180188a1ccf3797df346cf6cb6f477f5ecbfb505d6fa378
GET /img/comments/person-5.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1846
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-736"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGfh4%2FAGtS627zPI7%2BJWlO1uoPGEcv2v1VFm%2Fm5H0D1ysKTJnvNCR7cLmfcMRNcCvlPWW%2BKq%2BFRrVWZCF1wzOy2LmdJ1dYrEeCcKLHl18wimFWJV11ymDb0HXkGmGTXurCtw%2B0A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccf756c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/css/_core-survey.d3ac2ee0.css | 188.114.96.1 | 200 OK | 1.2 kB |
URL GET HTTP/3googrootsurvey.top/css/_core-survey.d3ac2ee0.css IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with no line terminators Hash30d726a40ffe74d794b282ca1795b44c b43155653a1b9cc8d257687df9a75e0f204db348 4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"662b7650-54"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTpTv%2FJiSTwXQTezyc21qoOOpJPyD0oeOxfNBufglcz0GZGGvF30iuk0xgybjPzv7T8zaX4U2LEFANCx5Is9QNBYont4tVzMBEGYMvk6hXTwNmUkfvgukKAf%2FfjwuytC9fHkg5g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846acb4a56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-9.webp | 188.114.96.1 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-9.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash12f578cbef79e63d347e2c8384c03ce6 496afa2132dc6a09052596587de749aefa634975 be233e744893994063c5cc341d9f60ff9ccdaa582da7b05bcfc01a7415b7cffa
GET /img/comments/person-9.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1654
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-676"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JsrIGkpRALa3%2Bgmvmmi8YBMc2wzSomJVZB1CYpYY%2FwcyXnRzYjQ3V0Ioi4%2BJSCMWFxy3dwSMZh7VG0t3ZUYM5Dqe9QrhL%2FhiW4xGmgnAztaYQDv7JvF3tTj0iEijzeWf0ix9y6o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccfd56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-node.js.28d8082c.js | 188.114.96.1 | 200 OK | 4.0 kB |
URL GET HTTP/3googrootsurvey.top/js/v-node.js.28d8082c.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (6251), with no line terminators Hashf61d0e9af048cd71962dcb945f405c63 aefdc99a8057ced201da8aba0640905dd05375d8 1d383bb00e9e3a4d2f58354b41bc0ffc60516bcdcf4486516b8638236b0aeb9d
GET /js/v-node.js.28d8082c.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-186b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jp9YVI%2Bql32o4BLiPfVjdqplLUK1aZiznQD4cz9DeCI7VJGEQCS8vZKiMhZHJFIrShGNZqVoKhXDlZegwfq0I2WYzG7HI20XLEwLVDtWvTBCxLMGEtYorTQaJVOmKnRQ%2BcNU4fU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c3756c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-constants.js.49317f47.js | 188.114.96.1 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/js/v-constants.js.49317f47.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (600), with no line terminators Hash973e735a355fd5b10428c250e8fd7236 bd3fb14c90e2700400c69b15a84e317d52493bd9 16f1d5ca604ad59b9e5b484b1a0cf2d43eebda055ecee80ac847fbcc4437f0b2
GET /js/v-constants.js.49317f47.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
vary: Accept-Encoding
etag: W/"662b7651-258"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bj5PRNdJrwhWUxauKsp2KotxFWyAf6HdYBS1vrXRrTDefV6ILPZIwJCKEY4lmTL0HG8bO2SwbIpUOy7C%2F7JgSKLf%2BDAtpmsBuQImScOG2CC%2Fgwag8gGXGiRET8w3f6jeXxCMP1k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d5c4256c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/config/comments/en.json | 188.114.96.1 | 200 OK | 3.0 kB |
URL GET HTTP/3googrootsurvey.top/js/config/comments/en.json IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
Hash78839fd14b7a4af467f2af5e01fa3e78 6caef62470c7af62bff2f68158df90ff3d7944b0 e7c39794bf2d944828bebc5f9cb494b6377a69e40d506918ee52a7582794fefa
GET /js/config/comments/en.json HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/json
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
vary: Accept-Encoding
etag: W/"662b7651-11aa"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LGmfijk1ecLdebuAGdKNQ9M3ZKmhkmCwZU8KqzpNaR3Q9a9cktyWavPJ5%2BRrB%2Fh8E7nq9rPfjjqdbBlxdwkKaHiMvN11E4OA8L4UhuxYpElc64V9BBt%2FhEKwBZAaIqG3wBM3n%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c3256c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 830
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 9dcb77870f8754f17727f8d96cc22685
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6679105&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6679105&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest IP139.45.197.251:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectofklefkian.com Fingerprint04:A9:FE:8D:C9:B9:EE:6F:3A:C4:29:EA:19:AD:C3:1D:7D:3E:14:02 ValiditySun, 14 Apr 2024 05:38:05 GMT - Sat, 13 Jul 2024 05:38:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679105&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-length: 0
x-trace-id: e69c2d92b01af2d143bea4caeca1102c
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/img/comments/person-6.webp | 188.114.96.1 | 200 OK | 1.9 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-6.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash0f174a9245ed9f2a0660204a8320880f fd36dc7b39c675bff5d4dff0b331d70b57f0ec7d 1cfb6cdf94c080825e93d4bff72079fdca2d8f3d9f7d2e75badf48c29d4e31c4
GET /img/comments/person-6.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1854
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-73e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jS%2BGouJ3sNkLELCRuj94W%2BCYXqdi5kkfsq%2F%2BODR3nMUH7g2HgluR03yeWjYfv9d5ZkVrS8NnrVIoLWis7vNztmBuGPGCIvu1sT%2BkT0N8Dd4mwovOug2qgFjvRdikhNt8sNTDdLI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccf856c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-8.webp | 188.114.96.1 | 200 OK | 1.8 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-8.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash2ad9296fef7cd1f60823b80098d31c1f 145b3a66be3deb658a453963cef39a018b6f0928 82bcaa459e3d55b1f99c7154b506f5f5f464f04c5873a3e66ebaf5d064c4de6d
GET /img/comments/person-8.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1802
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-70a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aJJKAROaibcngueZKngRVR1Eee2z%2FZJn%2FIXGNQVXu2TtoDmhyVUAjBX9vcpWba4oKy5tZh%2Fj2tZh%2BeDNsAe%2BOASRFkm9UCcDluYZWXC%2F6G%2BJnjHc3JkmCDqrfZpkIOLq%2B61g3GY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccfa56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 849
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: a6dce86bcabddccd56d79a45d5d362ec
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/_each-land-config.3299fec3.js | 188.114.96.1 | 200 OK | 27 kB |
URL GET HTTP/3googrootsurvey.top/js/_each-land-config.3299fec3.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65452) Hashe50959a36d50199dd1e5357099e71a21 e9bde06c83f10ac6300701792180dc50c298e79b 231a989a44135e73887bfa3a1a56a6205e7e00a00f746976bb4bc0601125ab77
GET /js/_each-land-config.3299fec3.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:30 GMT
vary: Accept-Encoding
etag: W/"662b7652-1196b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ifAt9K5OQM%2FTPAektel%2FMV9jZYs0qY2MjJ67mbWbQYeHx58g1xgcfBbc83DGylCd5ms17dis2iPgvIYu%2FxRaOkLXGQ%2F3bS3r5nBKvQsS9MRCl8hsPDJidgqxCjlPayMeyYotNOI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846acb4556c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/icon/finance/woman.webp | 188.114.96.1 | 200 OK | 2.4 kB |
URL GET HTTP/3googrootsurvey.top/img/icon/finance/woman.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash590fd4a60be002011c4d09a32b3dee9e 45dbb90f6edd9dd9b777e5b3fc98b82ca18eaaf2 12f0bfe3db63dff3314b64cb12871681258a87bfcec40db1bc7712d4a32620e7
GET /img/icon/finance/woman.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 2356
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-934"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IzjUffbu8q%2FGjlxEOJQg9Dwq%2FPxc6b95r%2BKQhVmFajqm9kGVCsjD4uaZLbwXE%2Fw15Tg5xrsoOo5HoerBxOdGQAk51gVhLRuFKuK%2FDYVvlmO%2B1EhP01PXXTpiKf%2BDHWfovh37tDk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846fdd8156c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 157
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: 1cebc406720f23c20e08c3613436ccf2
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/img/rain/dollars-1.webp | 188.114.96.1 | 200 OK | 10 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-1.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
GET /img/rain/dollars-1.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 10546
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=naiesFY%2B6Pyj9d5CyBNESr5uctmGMvRSEXAHm6dMHWpsHJNJyc%2FQ5LUoXwe4aSIFYVXUm%2FwLctJUGKUyKGr%2BHgI3JmaQwl%2BOl0QwK5SosBqHRAavqkVYx%2FV%2BgoM4TTiNT9dYo0c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846fbd7256c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-2.webp | 188.114.96.1 | 200 OK | 8.1 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-2.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
GET /img/rain/dollars-2.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 8140
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bgSgfeoBD3MiTxwcrm2N4iZKJO1jFHYhX59QO2F46%2F3m1KwT2Pq1euehuDb94OoBmHygg%2FjUdfsOkYyqwJdFGy%2FiLiSAAblP5l5QCGZoEgWDPMivEQQNZsUg%2FdX6%2FDCq9xgm8JI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846fbd7456c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-storageService.js.bb9f7a22.js | 188.114.96.1 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/js/s-storageService.js.bb9f7a22.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (2170), with no line terminators Hasha804db09269d602a8a7a50877b60fc86 7aa84eb6c94037c3bfabdf407060ba7b9ca73ff3 f5e3a988f32cdcd8ccdff165e33a1807acdde6426cecbb464c315306ff5e6f6f
GET /js/s-storageService.js.bb9f7a22.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-87a"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FuUYGu%2B7H8MoXPtmxc16SQJzMVU%2B84pSmkLm%2F52H%2FsyXI3sW0uY0J96J0kBVu1V3UTFw7BDxZ0FES%2BNdLXzpma7oeP4I2cw%2BqhMqUt5jiLDVmDc0Gsf3F%2BYfWGeeUQOHaBJ8ljo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846abb3c56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/icon/finance/man.webp | 188.114.96.1 | 200 OK | 590 B |
URL GET HTTP/3googrootsurvey.top/img/icon/finance/man.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hashd729db2f101fe611a5a74cec2fa7a7d7 5a13312a8723c57605804f07f064b5f233ea9595 929f7c5d50d2bea65039de8cf572e24c1957209c92b983eebe4c322a93ccfe87
GET /img/icon/finance/man.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 590
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-24e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x2EytrO%2F4jr6NzaGV7j5i66VmNDYsJgLq%2F6SZQnc7qUlU4C4MPNAtU9wq8YdJ3SPusbZtoCcEVrjsukLlMn0RmHLMnlD%2BX0LXuXSgm75BYlfTj8wFhY54ZFSrA3c9tImeGoavdk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846fdd8056c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 963
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: bdb9e632998d30712a4c7b9df3283eb0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=48e31717-66a7-49a8-82c8-f7e8474dfe59 | 139.45.195.253 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=48e31717-66a7-49a8-82c8-f7e8474dfe59 IP139.45.195.253:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=48e31717-66a7-49a8-82c8-f7e8474dfe59 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1486
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 08 May 2024 03:55:59 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://googrootsurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js | 142.250.74.3 | 200 OK | 206 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js IP142.250.74.3:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File typeJavaScript source, ASCII text, with very long lines (631) Size206 kB (205803 bytes) Hashe2e79d6b927169d9e0e57e3baecc0993 1299473950b2999ba0b7f39bd5e4a60eafd1819d 231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
GET /recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 205803
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:56:11 GMT
expires: Fri, 02 May 2025 01:56:11 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 525588
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:56:00 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectarleavannya.com Fingerprint8A:67:B7:06:5F:61:ED:52:C0:9B:58:C2:64:98:7D:1B:64:03:3F:47 ValidityThu, 18 Apr 2024 17:09:05 GMT - Wed, 17 Jul 2024 17:09:04 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 850
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:56:00 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: c93845899107d4bf19b99a0e05318b5b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| www.google.com/recaptcha/api.js?render=explicit&hl=en | 142.250.74.164 | 200 OK | 12 kB |
URL GET HTTP/2www.google.com/recaptcha/api.js?render=explicit&hl=en IP142.250.74.164:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintC6:A2:DC:31:5A:53:FA:DD:55:71:A3:F4:DD:43:3D:16:71:B8:B3:99 ValidityTue, 16 Apr 2024 04:20:32 GMT - Tue, 09 Jul 2024 04:20:31 GMT
Hashbca6fcbdf5376a5fe486e56c6cb5706e a7eab0335928a730647c45fb9269670b91dfc905 4ac291af8e02636c5ccc9dc98b8ac763fbf85bf3a3719cfe29e95d8c0a282d01
GET /recaptcha/api.js?render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Wed, 08 May 2024 03:55:59 GMT
date: Wed, 08 May 2024 03:55:59 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/sw/sw6679105.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 | 188.114.96.1 | 200 OK | 9.0 kB |
URL GET HTTP/3googrootsurvey.top/sw/sw6679105.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
Hash070e1c22b742597e5ed34c9d1ac321df f81a228d4995cc0d79d570ab914823c89b60eb6a 98ae5102a008958c4c279825f58420974c4d3e5ddfcc40e286e6ebe705fc72f0
GET /sw/sw6679105.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 03:56:00 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H3z0AG0Yn79Zs4ABLM22WKAZudqLj8ruURHYu0o0%2BCEK6DxJUEKi4I%2FWoccxmFD5z0Xt5ykt4hM28VW5wHb%2FFvCKZ6Ao9QBBPodRrKhdwa2kajWo55cGYn87YnUm07H8ldf9%2B1U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880684746f0656c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 | 139.45.195.8 | | 43 B |
URL my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 IP139.45.195.8:0
CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File typeGIF image data, version 89a, 1 x 1 Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:56:22 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; expires=Thu, 08 May 2025 03:56:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/rating.b794a6e6.js | 188.114.96.1 | 200 OK | 5.3 kB |
URL GET HTTP/3googrootsurvey.top/js/rating.b794a6e6.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (5550), with no line terminators Hashc4e2b0023f5c633d93d607737f7a4cf8 e9f0331805b1c8c7ef174e470397c970d8fe0358 b5845a691a478a30780f19980810f572448effa2eb1ae1e5b16992cdf1a1f772
GET /js/rating.b794a6e6.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7650-14bd"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gz7BzutBeF%2BLAcYF3JT7vcVaYm1ZlWA0%2FNPH7%2FAGALbwx30ouxATG%2BY43yAuQdJxG%2F2GA%2B3EYPPBDR%2F5bcj2gEHaVYyF9kHQe0xNHFlDnrmOcLNE43CcdwWAkPbrO%2FJJTrFEdxc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846edd1056c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-index.mjs.19622407.js | 188.114.96.1 | 200 OK | 35 kB |
URL GET HTTP/3googrootsurvey.top/js/v-index.mjs.19622407.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash1de1ec2d8e7940b88970d8fbce40ed6d 510aa24127fb8bc3578d9ca4628b2eea5a84ce01 b473156bef833bcfb2e84658093f1ebc1e64011dcba904e26ccb31f1cad8b762
GET /js/v-index.mjs.19622407.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:30 GMT
vary: Accept-Encoding
etag: W/"662b7652-89d7"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zsNtdJgb1eky9VOalyf%2FcRml%2BB2qoyA9CRbwDA8%2BFBxg9Y8ZpLb1xLsZ%2FgfYRFuV6zKMLAHATKFwewEz9WAxcuIc71EFAlBPog1pRj0cZcx5BkUCSkclErdK8YerEiEAfHP4v4s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c3556c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/pfe/current/stattag.js | 188.114.96.1 | 200 OK | 19 kB |
URL GET HTTP/3googrootsurvey.top/pfe/current/stattag.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (19053), with no line terminators Hash3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78
GET /pfe/current/stattag.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-4a6d"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j3lUuShJ0b7XBTL%2Fahbxt5WN0NNPUdtapfkKej6m%2BfMBwTpkyuXe4%2Bw4gzTmBSkg7fisrWGhoLwEMriB9Cd4JH8woL4Wka%2B5pem1lo6gL6Zxz9qvSukUUjURHp9in2fO06xJpuE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eed1556c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/config/dict/cookie-consent-1.json?v=10 | 188.114.96.1 | 200 OK | 6.8 kB |
URL GET HTTP/3googrootsurvey.top/js/config/dict/cookie-consent-1.json?v=10 IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators Hash4b2ff958e811a50d2f641818590b443d 6abae297812bb55fad869e953e7fdf7469cbe1ae 9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/json
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
vary: Accept-Encoding
etag: W/"662b7651-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpRzQCkhDxaiQRQ5lmAtpNoqAMlJM%2BfhPjh6yke4Jey2dKXVnVb82xip6mhQns8whYAup1zXfkKtdBoQsu9dBxa4PN2Sq93%2Bljpklnf3sxwRFwWIcakFhfcX0d5aQrnmXoeJvm4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846c5bde56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-10.webp | 188.114.96.1 | 200 OK | 2.2 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-10.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash9dd9074774147c349c8a5bd4760c3cfb 99675a91391516dee57d557728a8cc96257429a3 318ecbca5e7cedf56bad3a556b5c8a8fd14b22a3d536c85f0e4a646e40d8d332
GET /img/comments/person-10.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 2222
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-8ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3E0B%2F3X4XmHQ%2FkxyTRcuth6jciL2FyEXD2EVbdhO3Dz6%2BXjHMl07au4hSlWmy3bU1Cb6GkHgFZDEprYiSl3O8K2HdEb1hHcX%2Br6yvGyxO5Z62vQ7iPoCVbGso1ydwCesQdu4V84%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccff56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-13.webp | 188.114.96.1 | 200 OK | 1.9 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-13.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashad1e0d431ec5fcb9a1e7ba8680d14a21 0f30fc9c7a5460458fb1e01acff03df4d5809950 45f8553b96fbe562a88e1366e8986d14b4d51f7d069604f8d29675844a19b204
GET /img/comments/person-13.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1888
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-760"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2a5UovvOJ7PIFsbRzztFUUvsaOYZ06UgVHMxDDnJG1z%2B%2B7g0TKvY9oYLjvFoWGXX3vlkVk4xaKBNXqqmHkUY%2BAPpofbjj4ebEXtPAyDEae%2F0WPvWYNrgYi7OYupkGDOj8Ovmu4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846edd0f56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/favicon.ico | 188.114.96.1 | 200 OK | 1.2 kB |
URL GET HTTP/3googrootsurvey.top/favicon.ico IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
GET /favicon.ico HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/x-icon
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MzVLhObw%2Bo5BxCdZJQ%2B72p0CygALl5b6t4AuHpdilkFYSBcxEctPWAByfsKmujceBJtnlvK1FBUOpbtLY9qVJ3ueACnxKTuOb2xQN7%2F7qFpfIa1MzKlNtNVdKW2OCKScYPdWSOg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880684726e7256c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/unnamed.webp | 188.114.96.1 | 200 OK | 264 B |
URL GET HTTP/3googrootsurvey.top/img/comments/unnamed.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash606085e7a74fd169da34f9fcb43ad12d 77226a50488fb48256d36f1810a136b69d635f74 df20f4c1d87cb10514a6d526dde70759334705d90a909df0e6cb130061ce1ea5
GET /img/comments/unnamed.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 264
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-108"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iupLfMkv2te7Pza3diW72xO%2F4QkaPh4XYVj9bLKDF9lt59WbftzmuboPFMCmXQgTTs%2FeWNJoh8ix3IXO6SGhU%2FRDXbecQs1YpcR2PT0V4kgPXPqasSV3JNhxi9chzN2%2BRD4ua4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccf156c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-11.webp | 188.114.96.1 | 200 OK | 1.5 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-11.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash0100f949c3302195d906e13bc199399d 2b39580485f3e9ca81a8a2ead4747f89731800f4 10df37a82d90b2225e19460cbe7403726591fbd02caabfdf6a2884db631d8511
GET /img/comments/person-11.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1526
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-5f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QZGARNaYVgPGoOjUFzXZc%2BCV6xe%2F1ukUahuXS74qtImoJ1w%2FPI1A0iJD%2Bu7sONNm97WskfbR0AiAikpy277OqwaVpRmqozZtGYYoiiPOcl2Ba5pKYWcwW9MdY4nyDEuYAEYhNpA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846edd0d56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/betting/sport-betting/star.webp | 188.114.96.1 | 200 OK | 246 B |
URL GET HTTP/3googrootsurvey.top/img/betting/sport-betting/star.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash01caf8f85cfefbebbb8cd3fde3f6d973 f47df1411899076e0856c75114597168e2afd8d0 7bae9821e9132aee43121502a061a55671dbc660966e0c5c3e2a88a6d48b9a84
GET /img/betting/sport-betting/star.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 246
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=piNwtUwwOxqBvl0B17IpZwUYdrjUDHt7s4LFXi5NFVGaSG8%2F0H8sZVBqOM%2F7xJ7f0vVvxOwNVpU%2BYmANX4gCVLLWS9f7HT7bZDW7Yt3TsPs7gLDikjF1XlffmwG2QqmfU6MMSRI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846fcd7e56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-possibleStandardNamesOptimized.js.205abacb.js | 188.114.96.1 | 200 OK | 7.6 kB |
URL GET HTTP/3googrootsurvey.top/js/v-possibleStandardNamesOptimized.js.205abacb.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashf80cb2aef29b4a80d135d1a598ce1dfa 0653306df1fd8d8591f84661643825e41684d3f6 43c16ae11cea687efa4ca55dec516b23257c3fcb22c9d3541041f1816aaa7b5b
GET /js/v-possibleStandardNamesOptimized.js.205abacb.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-1d99"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AAfDgt0IT%2FfUdTlJ%2BuF8W%2FgA0Qocq1h%2FKUKzmCAIWihs0rbNq8Y%2FFTqdsFeRswuD8QFDkpe6t2R56ZQJmYwu7ppkrP5w484OEPQw5S0xKKlL%2BFrB0QKb8z2SMH1YsmT11iEQPEA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c3a56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-checkSessionStorageAvailable.ts.e8412d91.js | 188.114.96.1 | 200 OK | 330 B |
URL GET HTTP/3googrootsurvey.top/js/s-checkSessionStorageAvailable.ts.e8412d91.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash6eb1ccbb769935debb74de9858287720 5302f94074f05eb22f05368dfe3464b85c89fb48 1e016cce8f09ded837e6e46c9e26d5dddccc19bbfa89c9dc583c04d85e2c7bb4
GET /js/s-checkSessionStorageAvailable.ts.e8412d91.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-14a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QYovBc7471%2BgBeIlOiHHOoAKXUUaYIfon%2FADuK49MtG2oKzOzAH3gNLK%2F%2BUkhfmTK%2Bhk0RK%2BnG09iQNO3erO6DgYg3ZO5ZPOUaR7qiXTiJwBuesP7nHmvubzvfwJwiOam%2BCE0Mg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846abb3f56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-dom-to-react.js.26fdf751.js | 188.114.96.1 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/js/v-dom-to-react.js.26fdf751.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (1101), with no line terminators Hash5693cb2629dd3231ce6fed788c41b150 872d71cae7dddc37389be6bae0fc4a5b611ec9c0 b312636bf1d349d818517865e89c22f8b9ef9e61d1805cf315e44241ccc05d26
GET /js/v-dom-to-react.js.26fdf751.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-43d"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LypfE%2FTS9oG0gd7TfYIXI2K9tRotLkgdUCfGpbufflpe%2BogfmWI97CMjKdeWM9Z%2Bhu%2BtpdRA0ozzrR3JRO5%2FXBz91AI1iBzVpO1%2FNsOTeZcif3r6Xc0zZnWusy0vKAP2C91Ksdk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c3e56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/css/survey.3b7d0b23.css | 188.114.96.1 | 200 OK | 72 kB |
URL GET HTTP/3googrootsurvey.top/css/survey.3b7d0b23.css IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashb73782889f162bcbf6cb45913f540ec3 27cd8e6d8b4159b1a4f3e466b845b7d0a7e61d67 ea6df993a607e008f434e5e950a08da1397044cbc442cb76d25f02cf3499c77b
GET /css/survey.3b7d0b23.css HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=71475
etag: W/"662b7650-11733"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TVoB71l%2BwgwXad6UoiJDZVCAUis%2FCjbgVZiWWEOMOmhFEtqyIMDTaV%2FxrPKyYYBhzJ2YZGVAHz8G7JzgOCEi7zZgb97f%2BHbxjNh1KRAI8GZ6%2ByLoCjKiczYZ9nfnJ6IXX9aqjgo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846acb4f56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/SurveyContainer.e2959212.js | 188.114.96.1 | 200 OK | 57 kB |
URL GET HTTP/3googrootsurvey.top/js/SurveyContainer.e2959212.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (57003) Hash1716bf0d79004adf0eb2cdcd64159891 67852b096bcc8817fb0b9b98abf264e40a59310c 56cd17eb9def743ef4bc4909a6eacb77266b749181cfcaec4d478336b1c6ff21
GET /js/SurveyContainer.e2959212.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
vary: Accept-Encoding
etag: W/"662b7651-defd"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W4TROTQqIvCnpNzkzqHR1vqIfxffrO6zvyV3ctlebs5YkcJmPbhRpunw3x7yfXXFxVm2JvpCNcA3bmaPO9DwBpR83UeDeOBnQ%2BRs1ag6YilxXl0B%2Bx91aZr9pXtjHZmlf09qF6w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d5c4456c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offpichuan.com/rotate?zz=6543018;6543082;5128285;4949467;5381242;5381316;5381339;5381307&var=6070194&ymid=2256&uid=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 | 139.45.197.237 | 200 OK | 3.3 kB |
URL GET HTTP/2offpichuan.com/rotate?zz=6543018;6543082;5128285;4949467;5381242;5381316;5381339;5381307&var=6070194&ymid=2256&uid=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 IP139.45.197.237:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectoffpichuan.com Fingerprint8B:DE:51:B7:81:9E:EA:DE:73:A4:3D:67:F9:5E:6F:7B:F4:D6:77:5A ValidityMon, 15 Apr 2024 21:54:27 GMT - Sun, 14 Jul 2024 21:54:26 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3331), with no line terminators Hashd23c20f0574dd3d57a6a78be2e8450d5 26e334cda0e07790d912ca5c991ab3a65c05f5d0 ce73b593bf86a59bf1f57caf2dd5040c4a010fbb8d581ee40d02811fb11c48d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=6543018;6543082;5128285;4949467;5381242;5381316;5381339;5381307&var=6070194&ymid=2256&uid=ea92ngtr4k84sysyfpkcaoh4lki7jlk1 HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
x-trace-id: 5a494c5aed6a107fddf224cd80e72901
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://googrootsurvey.top
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; expires=Thu, 08 May 2025 03:55:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/v-domparser.js.97173b2e.js | 188.114.96.1 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/js/v-domparser.js.97173b2e.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (1772), with no line terminators Hash46dd2964e007bc585a8f72ed695089e8 d02de9abf34cf05d707899e2562c067a8e5326bc 96d95d967e2f5ca4a1be19cf0d21f756ba2d0295ad5f4e967048054e85f6072f
GET /js/v-domparser.js.97173b2e.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7650-6b8"
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xD2F0MLIyVgCPB0Pp5jVOlMiojTmN2RlnUJOKKAzzCuf%2FNZdduxRGmd7g5ppOwgqg2gDt4joOOBNaPKzfJDyHF%2FzMW2FjwVAVctGTgDXm3%2Bq2eYBnHZaRDlm39NaDvvNt5M6Ttw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c3d56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-3.webp | 188.114.96.1 | 200 OK | 5.9 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-3.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
GET /img/rain/dollars-3.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 5938
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hhYe1NUXFstzwLOaOolm6N%2FoelkvzIls%2FUdU8dsyKTDx%2FRlhOppc7Ea2RZJALQAWOVUXg9H%2BYZbfVxNmWPLduXroOrGHWwwR%2FJULufNtbSXm7qQi8QQFX1dCbbxnsHdMisdTf4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846fbd7656c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/_rtc.f86a36d7.js | 188.114.96.1 | 200 OK | 12 kB |
URL GET HTTP/3googrootsurvey.top/js/_rtc.f86a36d7.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hash128d6eec0793a7e02c314d2f6245f260 c9f09311c3f229b770f38d0cc69b422430f1c748 bf1606ac64db254cc565a094e7162a96f31f7e48ddece56fc92c654559e5abb8
GET /js/_rtc.f86a36d7.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-2fbe"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ijkBGnBIGAHdiV0OxSpUlcGmvOic8f4V6%2FIDN8G%2Baf%2FQWp7Ioy9UBkokN1Mum5PNuP8nDvNemE8ywPm0c6jhCjfw%2FuMY3mfbhJamK2Cz%2FU4FGsEuWoNznZXCxEiocf2wxm9yeFI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846abb3956c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-1.webp | 188.114.96.1 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-1.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash56441eb05774cd7ed15d829e06947346 25649e1ed3820d97bd8bcdc737974e0c65adc1aa 5be168d58cf2dc0e41bc5a9b386add0d57fee26848613ca601f0c31378a8ad02
GET /img/comments/person-1.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1122
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-462"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vvt90hrfmpsg1XEcyNLEOMbzSjQu71frETpd4M%2FRt5ubEorwzT1j7erT3WW85tP4qa%2FhyDo4CC3jRxY4p0lGNkBn79cSWPzo4yHPUas3maON2GVSdJiCN4vKrsbLH4Q7jumSgbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846eccf256c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-12.webp | 188.114.96.1 | 200 OK | 1.4 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-12.webp IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha2a75db01afaab639bcc0c6c76a14c09 2c773be63192164745f2a42c2fde74812c6e905d f22ac207c07f65a697682c466b4e87364c43a720b4e240df2d418ffbd8070e5e
GET /img/comments/person-12.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: image/webp
content-length: 1390
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: "662b7650-56e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GgTXNP0wTmNTo2ZcPJBVwvG63mGgOSvKWMhL1Crk6Pl8%2FR1yQVeVs%2F3ZVuzUYL%2BADXaW8a%2ByPjWndy4pBhQhfyEYH7luFljW1h%2FFmNxfNnpZZSICgwegaAC6Z3%2FwjBrOxoCnjo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846edd0e56c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 | 188.114.96.1 | 200 OK | 8.1 kB |
URL User Request GET HTTP/2googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeHTML document, ASCII text, with very long lines (8372), with no line terminators Hashb1418b523b3acbb71552e8f26ff6df15 1b8b21a1c7f7e942c7cb41aa1f8f345444efa1bd 57489100966fb5e98e099cf5f89dd80967b99e19efacd42b8c903121f586a015
GET /finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: text/html
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01oxnwLsMce2jzqWwafk5zmuyZ9%2FYui1nZIMxa8J%2FSWrz6hOqBeNFiAv5ICMR1QCQmfZZHfSQhmerTT6iql2yQAXPQlwvqtBrnkLzuhIl5S9lDIIYOPGgl3UW4kwoMoiuKkHonA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880684685815712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/img/icon-survey.svg | 188.114.96.1 | 200 OK | 2.7 kB |
URL GET HTTP/3googrootsurvey.top/img/icon-survey.svg IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeSVG Scalable Vector Graphics image Hasha000ba4d0e7570d810feafb22bc50bef af8fce44a683d3dfebe69cbe856e747739c9a666 9ae848c180201d8ae5c59ce118b0b7ef395a01295fb04d57e81cfe0566100679
GET /img/icon-survey.svg HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: image/svg+xml
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JtdaRdPMspyZUgj9XwDbmspsUK6hmXOqjZItmOeoSJ2FjqrSijdPvcHOsS82grvFbJ88HWPDX%2BCBAIcalmCJQyvfABpgbHJv0WJLTGxO0x%2Fj58EojnRos2DD1%2F5dyF3KcAyFAMI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846adb5256c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-checkLocalStorageAvailable.ts.f2fef93d.js | 188.114.96.1 | 200 OK | 330 B |
URL GET HTTP/3googrootsurvey.top/js/s-checkLocalStorageAvailable.ts.f2fef93d.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hash9a78659da737fccc89546e61f0eb6213 84e705584bdbc81715e0326742f426c2f472d3a9 bb46fe2e65cc91e5a01a8e731754fdc9b8f30813835a673bd96b48672ac82d60
GET /js/s-checkLocalStorageAvailable.ts.f2fef93d.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-14a"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HQ%2BYT7lJnbyfvNyiQFr%2FFpswlXBuAqnUe3E%2Fnbtl3Fi9C9W9kRLtxOvSqRwXjAn9xaPMJfD5t9hrPbHFT%2BF1Cx59RVOjKHioHNE1V96IefrjTB4K1MFDlICydd4jUMoKxfzgAE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846abb4156c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-redux-toolkit.esm.js.fe3487ca.js | 188.114.96.1 | 200 OK | 11 kB |
URL GET HTTP/3googrootsurvey.top/js/v-redux-toolkit.esm.js.fe3487ca.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash5aa3676547abc9a38889c09e69ca968d d19ea919192e86f97c34c0a5959ad05c52299aec 21648e7ba668a077e403b6bd1a38f05d55d987737b959d57e3b3c53787107eb7
GET /js/v-redux-toolkit.esm.js.fe3487ca.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-2c37"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H1EW%2FglAkHRliKKm%2BnF%2Bzn64TvCOQF%2FAi6AkyIpkiVfjyBpZtwTv2sNjA5E9pOeabG33bMV1pg61tdrQ3%2FR%2BMxVQ3lFfwrH3OUl6FxG4xkYL9FJKkVnnRRmFbudJ2FjURNXK%2F70%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846abb4256c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/config/sd/sd-9540-en.js?v=10 | 188.114.96.1 | 200 OK | 8.0 kB |
URL GET HTTP/3googrootsurvey.top/js/config/sd/sd-9540-en.js?v=10 IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeUnicode text, UTF-8 text, with very long lines (8359), with no line terminators Hash979517482417bab72a87fcb46bb96ed7 f6b50889f9e61c0cd733ee8e0a7d4e5019e655aa f151d790cd58c035bfcc7068cc75a49d194eb7bcdd77dd0b92a340c86c380b82
GET /js/config/sd/sd-9540-en.js?v=10 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-1f1b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u2qTjvTtU%2Bm20OCbChkktPWzIUfd81XjcXVi4T8c4bGLZL1Ij45YKpmBmlbYdk7OxySlIjVBypLiJpnqIZg5yZq4jlsT0CMkWspqQIp%2FqO7CbodoHHZHjW8b%2B3yG0DEzYkC3%2B0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846c0bc556c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-utilities.js.d1112fc4.js | 188.114.96.1 | 200 OK | 2.6 kB |
URL GET HTTP/3googrootsurvey.top/js/v-utilities.js.d1112fc4.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (2645), with no line terminators Hash3f45699a0edf3555d230727e3e1ba866 f30b9f52153e77b9ce60a30ecb15f36657792908 1b312ac32a5c37ffe1c4bf861a048a76d807155fe494adf5dd356d067367f488
GET /js/v-utilities.js.d1112fc4.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1; syncedCookie=true; oaidts=1715140558; ID=ea92ngtr4k84sysyfpkcaoh4lki7jlk1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:59 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"662b7651-a11"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ebfHB%2FCH%2FH4OJUoeUIumIrpMjB1AeK4iD4nvfaelfWSQjhc53NrQefe1XbBWHQNb%2FGhBSWN3KOqwUeRzQAy0lL7yee0Jdm%2FTiqaveRh529fS5g40peoDqREkjXU3WhnFxW%2BifGk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846d4c3c56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-index.js.da9f7529.js | 188.114.96.1 | 200 OK | 41 kB |
URL GET HTTP/3googrootsurvey.top/js/v-index.js.da9f7529.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (40985), with no line terminators Hash47a5b821c80a532b5e989cf87d451283 c0f9e87128e1d7d634649fb3c7b6c08f714e79bc 2526538666fe9c7811b9afaf71794b4f8cb4f0751f62872e1a0d8c3a6c131f07
GET /js/v-index.js.da9f7529.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40988
etag: W/"662b7651-a01c"
last-modified: Fri, 26 Apr 2024 09:39:29 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XTXnhyoGICnMAqwxDbSjW7x6IFUgkeu5r7zv8hnTUdbnJN7pdHo88FVHKt1zYJzsajq75TtD7lNCf%2Bn9JSMK1IT8Xbi%2F6Q5k%2FyyeffAvD0UCiXIk50zPGCogiVMeBvNnku0Vvs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846abb3b56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-react-dom.production.min.js.c3329619.js | 188.114.96.1 | 200 OK | 129 kB |
URL GET HTTP/3googrootsurvey.top/js/v-react-dom.production.min.js.c3329619.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (65440) Size129 kB (129359 bytes) Hashf5e47be85ac64238a6511377c99bef6b 14202f5ec5092ffcb622a84db5877f1c99493b4c 198b63ec93086fb7042c6052dc6558626c506852de0903547cd1b2d52780839e
GET /js/v-react-dom.production.min.js.c3329619.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:28 GMT
vary: Accept-Encoding
etag: W/"662b7650-1f94f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qxl8wHdULn%2BL8A%2B9o4JlpTfLUMRmj1bVxEyegtd57kpH7n0iMrhLHYhGZ6eJzdQPRZXoVPtFoYpfkmRleDRHM0w3BBTqOTvd1LJCpjUGQki%2BjlvsdVLEbE%2BYKa%2Bvta6Qqko8wBk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846acb4656c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/survey.1ad1decb.js | 188.114.96.1 | 200 OK | 6.7 kB |
URL GET HTTP/3googrootsurvey.top/js/survey.1ad1decb.js IP188.114.96.1:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=663af7bc4f4329000183bc89 CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint45:9F:A9:15:13:FF:F3:F7:69:62:41:D1:AF:F6:A3:C6:F3:4F:F5:30 ValidityThu, 18 Apr 2024 08:07:48 GMT - Wed, 17 Jul 2024 08:07:47 GMT
File typeJavaScript source, ASCII text, with very long lines (6885), with no line terminators Hash57f91299803086e8f6423e2eab698843 e4ce738ef3f77e882c6064d86acf96099b1a955a 96f55c89bc96f23f53a8b1b730734649a63862359a02ddcc88c58392c8015d36
GET /js/survey.1ad1decb.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 03:55:58 GMT
content-type: application/javascript
last-modified: Fri, 26 Apr 2024 09:39:30 GMT
vary: Accept-Encoding
etag: W/"662b7652-1a0b"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GzuliPB6DGu8PnF4fXTgS98xu3Zb2vh6TwG6QC9iQewbIEayQjt1q3uJMpkQt9TyEsTcn33M9xOTHeju6YiUg5aQZrT9PmAPuLeg15osPMIWKCmL15j3%2B%2F8OkgVJYfehCYWn%2B%2Bs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8806846acb4956c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|