Report - winbigsurvey.com/ID-iPhone-SpinFlag/index?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec

Report Overview

URL

winbigsurvey.com/ID-iPhone-SpinFlag/index?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
IP

172.67.211.65

ASN

#13335 CLOUDFLARENET
Submitted

2023-05-29T05:01:31Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

10

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
winbigsurvey.com (26)	unknown	2023-05-11 14:07:28	2023-05-28 05:14:36	22121	697224	104.21.37.177
hop.greenbluefrog.click (1)	unknown	2022-08-29 11:19:28	2023-05-28 05:11:37	414	1900	108.178.23.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/2.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/4.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/like_user_1.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/7.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/like_user_2.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/3.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/8.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/6.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/1.jpeg
2023-05-29	medium	winbigsurvey.com/ID-iPhone-SpinFlag/main_script.js

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (27)

URL IP Response Size

winbigsurvey.com/ID-iPhone-SpinFlag/index?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec

104.21.37.177

308 Permanent Redirect

URL User Request GET HTTP/2

winbigsurvey.com/ID-iPhone-SpinFlag/index?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/index?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 308 Permanent Redirect
date: Mon, 29 May 2023 05:01:13 GMT
content-length: 0
location: /ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tLg1QZ0ZdrIxHhkR4Jc7U5IoIo0vPUj4DJGAlmWLVPf%2BNAkBneUZapehNhApDIznUmKGp%2BhhcbbihzhbUnQOxWh5Z%2FxpPykzhf19WxslkHKt%2B4cRQ65h1vi51GYavDW68CGI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cec2d9ffcbc0b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

winbigsurvey.com/ID-iPhone-SpinFlag/2.jpeg

104.21.37.177

200 OK

1254

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/2.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3\012- data

Size

1254
Hash

9daf82b76b8477fa503d862af8cb74b1

541edfdc63ace3ab12f9b0cd3d79c862b1f548dc

f45eaab6cc5fad19d6aafef5daa7cf935f9139b3bcb2190eec5e1fd26a68c58d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/2.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1254
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "da7a04bb388f062efbaef384b07b0b17"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myBEZPPuWprtrnQLhODvTRUjU%2BAjeWfsBuen53DVs8nXJMzsNEUFmL625ptDQMQ6eGJZNnM%2BlLmDOHmJdSR0uOocFDfHS2P6b1qGcW9TbUx8%2BNTp6LwcWD9wjM9bXWF%2BipFP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ff50b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/4.jpeg

104.21.37.177

200 OK

1068

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/4.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data

Size

1068
Hash

6f44457c62359dac93d8092d7af63672

97020a1c8bd06962b1181385963f6b72dea2c902

b5958fd2d9043b4544b807259e74bba084a26acae998d2bd522d4acc62e9f4e5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/4.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1068
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "38cd8155788f35a87a49c7bc081bec01"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFI1haE4VxAH5lQwbd%2F4B58ycr77ISC2Dg6EREqhX%2FgwxszmRCsSbXzxTGxGUILCs4uwJntAcYVoWfOsrRXbpYIUcFvtkbs85MZcbMfrDPO21IWHONtXlF6aZnUeG1UniC4E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ff70b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/like_user_1.jpeg

104.21.37.177

200 OK

1293

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/like_user_1.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data

Size

1293
Hash

2aa0d43e70d60d76ac4bdff139f8c7cb

d7e3433297ad90f5d99249aee29b645265c9f3eb

e7c85bfa7ba6d75dd0de72e51da2e185351ced82b32090ab35395766ef4849fa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/like_user_1.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1293
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "9b2e5b29944560c02996cd0975502b7a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nk3%2B8%2Bu800R%2FEcCChF%2FnOTZ6ativhoQdZxxgb9ImDwcQTrZetU%2FNli8MuipIxZmQvovV4IZGlGHKIroh0GzmmbFq6tA72hezBl8RmVBWEmxSTTIQhL%2BZQfwdqczZECYACGNo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ff20b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/7.jpeg

104.21.37.177

200 OK

1138

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/7.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data

Size

1138
Hash

546e8c9e22c52b3e47dd2fe58f139fc9

204463ece3f1e0e497463d0b30cd3c988dcd0a17

9c2388e5c4d51f01e19af1c46805ca29ce7a558aad05e3eb9e565a7dc5a1127d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/7.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1138
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "7e2f08fe998deb0793e12420a3c36e93"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fePI1GB6jGj8qzoPIg4n6nByaoFhiAACMCSQ%2BgjaKChtILwO1VKI8IIKp1mRv3gcCpu2dgtIrQz3zOiV%2FBSDscEASyCiPt871vVtn3ZtAzRVLfy6OwVOb7EG4BmgTH3asl9z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ff40b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/14.jpg

104.21.37.177

200 OK

6271

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/14.jpg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 165x212, components 3\012- data

Size

6271
Hash

83dea2fa1f2cff1c3c228260b4bbef9f

069c3bb290335ec373202bd52e9b064a372acf5d

64b10a435c7d01c123b1ad3c5b6c2a3a66b95e0dd5601d6c6b5bcb786881beca

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/14.jpg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 6271
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c48844c16886c0e986bc6c9d4361a081"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmJlkU4gt8nynXBCFu0XwXZVCkJMCtaibt%2F9xPUmWpKdYAXvOF9t98G2WNMSYjkpNFdibsrg2xJukEE4oN4rMWOZ8LQw2rDJX8B755zojTUAmS0O3FxHjuVF5dob5JnIvubj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da35ff10b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/like_user_2.jpeg

104.21.37.177

200 OK

1216

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/like_user_2.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 50x50, components 3\012- data

Size

1216
Hash

f9299c2023539a8f27a6e1b12ed260e5

046baf9bcd1bbdf9d51ca63e3899ea2e7f5de0b2

ba0c57dd9fbd100462ac62c8c8b3156caf1283d250fb56ee8ce5b0f53e575ccd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/like_user_2.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1216
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "cd7d77fc4dab25f900f23ab8780822c9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYbhhOe4Mpj2pSqmCu7z1FFGUtb8Cv7WmD1rhaLvXTzli2p6iL2GM8v%2FkeKe3A%2FRfbLtPHLGiv%2BsfuqsJWvNKuME1BDtrlfDUMr033p37Le%2FtKtajj9%2BZhScr2BWSkCJY60l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ff30b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/i14wheel.jpg

104.21.37.177

200 OK

42443

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/i14wheel.jpg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 501x501, components 3\012- data

Size

42443
Hash

96609fbcc5f804cbe893946051325dbe

3f5a28fd0d29224836399ab8f4955c66046cd7bc

cb4e4f2e6895ba24c0ee34b0404cab1de81dfa3440b54e85a3f92e072da27b8a

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/i14wheel.jpg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 42443
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "5daed953a628014e2bdf1a464a91d5d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FOytgOf0LD1yYh5rMqzL2Fss0wqQadHpJXzH21Flh4%2BOWRiE2ryoznTWRvD3zwD6yjaCRK1tZg1w0lBd5UzkUb7OwGFE5laZbMiidDiHOu5%2Bt78E9gNOwIMMm3XrLEiQICB0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da35fec0b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/3.jpeg

104.21.37.177

200 OK

1183

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/3.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3\012- data

Size

1183
Hash

d10dfa46723e01a51116353ee511f4db

04dc2eb7734da000af852dd34d8e061055d61566

1e2f3f221d8d89df1d4ca3973eb346cd4b83ebb13df118f7278bb7a6ad35d924

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/3.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1183
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "687734afccf18bca9955ea44543a8dbe"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xG9HauYkZnF2hH8xjCpcS2Lusi5xxFMCCQvMmuNmH7dl52LTN05hnDwhWe0RirjMe5%2B%2FVpeI4j0%2FVlAWWv5jcYQOz9PFqr1bXRhDVXnLbGT0QiRh4zXcI7uO6DxKfj1Mmhe5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ff60b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/flag.png

104.21.37.177

200 OK

396

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/flag.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 35 x 24, 8-bit/color RGBA, non-interlaced\012- data

Size

396
Hash

4946ce8ece16515620550ffaa4794454

a2ce2cc55eb329be83209b35501cf23f0f8a0891

8d39313e9143edeee5d38c05fce025fa4edffd461b46ddd6bcc9a7eddcc50e0f

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/flag.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 396
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c6d668a33eb97f55f7efe14138a920fb"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2F3rIE8rOd70RxBWQPDBomF7KMZ2c1HZ6%2FEp0wws50zPtanVX8PPPolDAQZzO1SVboFDVj9YzEQo%2FwjeFeFYmCOa9eeKrCrq8Ae9BUIWKfrU1DPyHQU%2FxyjmhWA2vHFJc1h9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da35feb0b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/clip_footer_3.png

104.21.37.177

200 OK

2460

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/clip_footer_3.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 52 x 59, 8-bit colormap, non-interlaced\012- data

Size

2460
Hash

e1b626392882cc25b4d891afaa68afd4

454d7abdbc2548d04feb95436ea0ab4126b4f00b

ef3b8785199a0a640150a9d9ceb9b7cff2b118ee377ce36317d4a3e716bd944f

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/clip_footer_3.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 2460
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "706c35ac9626fe7cad6cad2e3ed78cf3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EFRz4uRSTTkDOG5PPsH8YIkkh4Ed5axBoiuVUWcHYMvRWTBrIuGbX66t6u8Bi6KYd3Nw9P%2FSN6TvGrcAwiIc%2FjGZJz3vgnhRSqo3PxKyWhVdaQQ1B525YL4XrBXGpHdJVUok"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ffc0b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/index.jpg

104.21.37.177

200 OK

5846

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/index.jpg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 203x249, components 3\012- data

Size

5846
Hash

038a492cc0a3488f0547dafc24c15838

e49b0adb8e08131c54b71c3325b8e9cb9ce716f9

e25ba7e0c1b7e4bb61773bd32df4cf010a0d6c65e773fcc2bdc3454edf3401c0

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/index.jpg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 5846
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "23c0ea5465877e24a9c39af66ebef756"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sKMGJRy82i213ZqZ0wkflHDfH6ZS0kUNUVo4kVz7pUUcZTJFcbavLWkerGCmr5Z4%2FMRsAduiBCilefV5TNmgcJZs7WSB%2BRel4GLZXhDqAGTpUeyR6NuWCvkEgaBb7YKh95XA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da35ff00b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/8.jpeg

104.21.37.177

200 OK

1203

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/8.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data

Size

1203
Hash

b7f49f9e865aed63fc64a6d4c784df9e

b20038adf8b3312fae9f5f72a057d98c4f119ed8

54dc1727eabc97535b59704be621ca245f36376ee32acab675a40ff5ab1a389c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/8.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1203
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "71970b9b9d26d1f567191eba02aa7536"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hvEIeZivJcBShfa4iwenA4usYJTVNjqi0V1R8s7TK2SBAaJq6yEZHGn8oF6DATjGmhZTG199MNkZPxrYht1c82RfTevudH0gbfB6FtJK7ir1Q60Lc6PPwO4oB5wx45SeY4i6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ffb0b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/6.jpeg

104.21.37.177

200 OK

1092

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/6.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data

Size

1092
Hash

e957fbde5c4146a2740a772ce622c1f0

f8fc768f34f4be98f8dc098b42e8559d38523b3b

337434d918a2662370261fec6d9ec095ceaa27aa3249ef323be97f8183528eef

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/6.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1092
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "048eb09c3bf696b178688e3edfe260dd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nPT9bBEFQz8Wgdg2d2rF8zVWc8I%2BTULH725DEjYw64tH9OQVMiQamSsn3GuwxocSliJ89xw7S3TayN93gC88qruh%2FPlPAnLY0ImMmY1vnzuuz0mMtBP7aVjKhxxgQdeER4Fv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ff90b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/1.jpeg

104.21.37.177

200 OK

1258

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/1.jpeg
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data

Size

1258
Hash

e28a5798007788d032feee066fa01efc

af4c6ee2a4688f615cc3c2ca3bb1937c759e99d5

722d0fbdeea1aa70ebe7b7e4a731a7b778e35d0bab46ad45c711ace64166fdaa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/1.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/jpeg
content-length: 1258
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "00703d65a52cc8e49cb5b40e8061efdf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8VRBurcyM9d5fKc9V%2BwQnVVduAs1a6sdRhlU8ml3HxypsP5zPGcbE4qOwl7nWY4lxkc9aKen8WRSBqZlTVEoun8DUhMy3ctpPXUZdQOXyZuACYtJxLP7QsggFeKNAIdDPdj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ffa0b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/footer_right.png

104.21.37.177

200 OK

4919

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/footer_right.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 168 x 66, 8-bit colormap, non-interlaced\012- data

Size

4919
Hash

0e786b7344ac0b63609290a3a415fc4f

c2e77827e895aaa13522f1c5c0ef79d4caef0bb2

f044237e4439b415a4947127f26fb14b4d32cf1d32ff51fd8f0ff4d21d2692e5

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/footer_right.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 4919
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "3b6543f8aff814ffed2e98bb3f6ddce3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N19KYg4qG9NCwZxuyTh4%2Fl%2BvmD4nJt27IghgLoUqpr7aiFyve9IHa01FC8oId2CvA8btWSq8wcKH%2Fd4exnOyrqi0GE17v2Vf2hqZkzkwzpi2M6WwwPx5Vnix58X7TGa5QuB%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da36ffd0b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/comment_action_2x.png

104.21.37.177

200 OK

641

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/comment_action_2x.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 24 x 120, 8-bit colormap, non-interlaced\012- data

Size

641
Hash

e9b3872b3e63e19728176d45f0aa6986

b638f89d5d80c4cd65327da973c52f778e30bd55

a3f59e07404f1745bed88a314113a86da376526e7e1e555c99b3e249178c6ba5

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/comment_action_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 641
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "9051b501a938dc2d8883f5fab13c401c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4ImsqTXsJ%2FNg7Fv0jHt86h3in%2BkbnP9mBuMs1CBtI4t3T099WEVSmDwYsb4FBeuFtpIUdmLdPzaypRgf8zc9QSiDtF%2FmjMs5szZBSYy1eh1p6mWmFyjNIqhE09oidFkyzvP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da448560b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/notify_2x.png

104.21.37.177

200 OK

229

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/notify_2x.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 36 x 32, 8-bit gray+alpha, non-interlaced\012- data

Size

229
Hash

988234626ae7a880ed9c6a92f6336c0f

173967c2b59baed4a06997d874aba32ab65da201

4566dd8f59a09f51415a7c8955f48f75298522fc6db554bc1a59ad79c3e3e314

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/notify_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 229
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "6b45dc6a31d3d4062c29615fe0b98a64"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qd%2BwSR9IiGsUA%2BAQF0lb5Og2%2BBcY4t7h2mB107CsgQ3VafxUtwdfITDsKr1SqTYaVZj%2F01TIX%2FIhOeUc%2BTB32CGQ5%2BlvF%2FHXWw6duOUUHwVKQP8ic3kkUyd%2FKqmpERy%2B50ol"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da448510b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/action_icons_20px_2x.png

104.21.37.177

200 OK

1726

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/action_icons_20px_2x.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 40 x 360, 8-bit colormap, non-interlaced\012- data

Size

1726
Hash

b699975b5fe73b087e711a33ff24ee1e

0e33cc5c32a5e7d18440751e3946076664caaf53

4e06866c22bb275c6c4f01265e1f3e9f00fe9face9739f6531371d688a8e7a7e

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/action_icons_20px_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 1726
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "2987e834107b7e35c3c404b4ddd14296"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DltubPxtekkGCMHbgwyaRX4pCY6dtBQnN%2FAqdlgRlE5H1fHfi3Gz0pz30UlKn1Vsia%2BGEJIlJCDUuiAHoeI4a9JCr3dPAu6dQridealMoC6BhOEuQzwuOjh%2BPPCLQ8hZ7raZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da448550b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/spin_prize2.png

104.21.37.177

200 OK

2814

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/spin_prize2.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 142 x 173, 8-bit colormap, non-interlaced\012- data

Size

2814
Hash

f278c8d30fc51b72e0774b9ecb49214c

03b574db82b31ee5758eb5093fda8ea25d1b00d8

43f3e6d7e7b011430b39020bc5ff8fe6be2947100c597de44ca549ea96a0fd7c

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/spin_prize2.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 2814
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "974e1465fe4d9ef295b8e49f5cdfc392"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9nWJC%2FS20JWRdtN2bCpwevapq3XmFtwnCQQHL8a3hlrYMhq8PCeDkxuglkbyUIWkot28M2IRe2Jq%2Ftte%2Bw4LPw8ulaK1Oe%2B%2B0XCcEJTO4JHEQ0Y1ps7VxKRcUx22e78mHeb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da448530b31-OSL
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/menu_2x.png

104.21.37.177

200 OK

124

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/menu_2x.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 40 x 36, 8-bit gray+alpha, non-interlaced\012- data

Size

124
Hash

8f68efd9388ccd80b43759b2ed542305

9f2cf96efe3bdec2ab64bc51856619cc02958fe6

455b82fa1e54fc88fe0699eabecb02155f1d6228e0ae3d7f72e1abe92dae8f3c

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/menu_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 124
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "a55d3d499644740fc2ad414a4e2132c8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0Dtwjg0JlLDRBIafrPqPvp%2ByX%2ByUwfWfXxASbh4LWOWIhtVatAlSI7jXJYCbWB2%2FZMd3M37iTF6EnAKKS03ewAKjmf95CsG%2Fu3rXtK5OBoim9WIU%2FOFlJ9No0o5gmsqAdAG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da4484f0b31-OSL
alt-svc: h3=":443"; ma=86400

hop.greenbluefrog.click/js/pub.min.js

108.178.23.115

200 OK

1482

URL GET HTTP/2

hop.greenbluefrog.click/js/pub.min.js
IP

108.178.23.115:443
ASN

#32475 SINGLEHOP-LLC

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjecthop.greenbluefrog.click

FingerprintCE:A2:6C:BC:81:F9:3B:C1:3B:FB:26:60:24:8C:E2:8B:9C:79:65:C9

ValidityFri, 07 Apr 2023 03:14:42 GMT - Thu, 06 Jul 2023 03:14:41 GMT

Magic

ASCII text, with very long lines (2752)

Size

1482
Hash

842d4889c73f6664245d70112389026a

3f5d934289e1acfebce633760640881a81ac8299

99f43e50f4179af4ebf4c93668866d5a5607914fa0a5daa087354c3159d3fa03

HTTP Headers

                                        GET /js/pub.min.js HTTP/1.1
Host: hop.greenbluefrog.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 05:01:14 GMT
content-type: application/javascript
content-length: 1482
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
vary: Accept-Encoding
etag: "631b2780-5ca"
content-encoding: gzip
expires: Tue, 30 May 2023 05:01:14 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
accept-ranges: bytes
X-Firefox-Spdy: h2

winbigsurvey.com/ID-iPhone-SpinFlag/main_script.js

104.21.37.177

200 OK

2910

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/main_script.js
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

ASCII text, with very long lines (3045), with no line terminators

Size

2910
Hash

dee36c0431f2ed8108d312bc6b98e284

441ce96e3ac19e0e3f31db988cba22cad145e6d3

fb7c436692a3e1a4ce32cb7dbd0b5f4297c62745d0c7085ada99e8f8cb30b088

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/main_script.js HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"a5c4f18c627e48e33db195ed879464f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9KZlJNt8ZVYC9E6wT08XTJSxQ%2B01oRMgfsAOpzQ58QWj32T%2BL2QwwyhtRjYGoL3V0jrJNMHZ7v7DQ1vD9u7X%2F5txlHarXjmoM02NIqgnuOwlIl7%2BwrJiURjYX810pkLuQVuH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7cec2da36ffe0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/favicon.ico

104.21.37.177

200 OK

2968

URL GET HTTP/3

winbigsurvey.com/favicon.ico
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3124), with no line terminators

Size

2968
Hash

b4b645417322a39b864e6769e991f494

c05f6f6c1d4303713acdf9d836bf5b55e07a97be

f79c9213bb54321682e050418fc25dceb9855dd8ff33d2106c3237ed213fa752

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ow4GUGHeoUcfW%2FfAy0GVLWb8NjQuYJVgVe%2FRzDoebkfOq0JgAn3%2B2N5bcVvvNaWWUvIrwM6Ji4uxDc1GkmYj9wOQs8UMYh3d8BYd%2B8bd6lLDmO%2BIwGRwQg1Pl0JfkiL0%2F6D0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7cec2da548cc0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec

104.21.37.177

200 OK

15084

URL User Request GET HTTP/2

winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

Size

15084
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Mon, 29 May 2023 05:01:13 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0O4rB0H%2B6LDLN2A4wvlCXItkhVDj0XC07cq%2BUr1A%2F3hLVJgnWG4clEY32EmMWYyxutvzeNViohSaFmgiLsV1zEr5Iatsm3iICRq1QOCueSA2JvP7ImFN%2FQ9NJNp9e4NMrk8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cec2da02ccb0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

winbigsurvey.com/ID-iPhone-SpinFlag/style.css

104.21.37.177

200 OK

14929

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/style.css
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

ASCII text

Size

14929
Hash

8c24a5cb4c55b9d6cd3029f5fd2c6fe7

e7371a614b9902e7a1256ab05cfb58d2a332c3e8

ac21c169cac551dc3ce8ee3c85f35d8c16fc76c3006618f39f428798904656f6

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/style.css HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"ffd7f948346ce664bf75cb6ac5a4442b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3G6GvFGXKpCBd1fp1iXXao5Po9%2F8SjHwttdgFQ6WvWji1O7vpXTWSKjgbHO%2B1pPKAU%2B1fQAuH72mmf6%2B36RwgQ4U3OzavRLSHgG90B71R5tymcQApyraHo7k51WdFQT4muD7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7cec2da35fea0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

winbigsurvey.com/ID-iPhone-SpinFlag/ixo.png

104.21.37.177

200 OK

561946

URL GET HTTP/3

winbigsurvey.com/ID-iPhone-SpinFlag/ixo.png
IP

104.21.37.177:443
ASN

#13335 CLOUDFLARENET

Requested by

https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
Certificate

IssuerLet's Encrypt

Subjectwinbigsurvey.com

Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69

ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT

Magic

PNG image data, 423 x 880, 8-bit/color RGBA, non-interlaced\012- data

Size

561946
Hash

3db6e9a86a250c13268be4a224a40333

63fdc9bdf962bd044cc99800e68a7c945298e05b

0f3a2e2e7f8ab18b9513fd334f82e227911e2f0f378ddc63b8b34347f12534c6

HTTP Headers

                                        GET /ID-iPhone-SpinFlag/ixo.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-iPhone-SpinFlag/?cep=QmftFZjB3eai2GU-MYCSXdkIzam4WAWzvj_fNNZQLaXXGcP_gumGjiiWr3XdaDxSTdaiGjvauu1dltEnCA-NrLYYFJ4aISoKUZxFGelCmZ1N208H3qhhUTsySvoiSl_vGt5kR2qPPYGnx-rqCLa4GdreaC8wMvE9SxqzDBghyWtlJkiwH1mXM3H5mm1033p3v65AuADi9VXqez5DUI0x0mKqRnTSQ8k3kZejcM9RntuHjjE4qHhwS4JPiFQSbakI9mwTtfgl5LrCxQ_h2BuUh0IxzFVZyUyrO1TFlM7WwL6zP3CS4GwAxSq8a7-vOsFqjx0tymlAjTuBgKUYRT44gbagyay1rIUOkkbf4OiryxwkCnnq1ooIAUVnFXDADWaOrb74Gf4itHyJ1b38f_7x4EOzL7Ygy5xfcGAJlMhz0VY&lptoken=16d1856b330d828464ec
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/3 200 OK
date: Mon, 29 May 2023 05:01:14 GMT
content-type: image/png
content-length: 561946
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "0051a33ce0432471cb95c31a2e154e53"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7F4BeHnVDtJhlBqlVLB1eWKi3bCM0iORkt0BSMWdg%2BF%2FVL77Gr6W4Xdr3ED%2BzrhwQJECOyV5LmJd1NPhSkmXEyX6QoiTdg%2BvC8mM5VdPM5xGHH02hOui4jazF6KS1aFUCL1%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
server: cloudflare
cf-ray: 7cec2da35fee0b31-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

#1 JS:Script (size: 855)

#2 JS:Script (size: 2753)

#3 JS:Script (size: 30)

#4 JS:Script (size: 324)

#5 JS:Script (size: 29)

#6 JS:Script (size: 53)

#7 JS:Script (size: 62)

#8 JS:Script (size: 56)

#9 JS:Script (size: 63)

#10 JS:Script (size: 63)

#11 JS:Script (size: 55)

#12 JS:Script (size: 55)

#13 JS:Script (size: 55)

#14 JS:Script (size: 378)

#15 JS:Script (size: 544)

#16 JS:Script (size: 2910)

#1 JS:Write (size: 19)

#2 JS:Write (size: 0)

#3 JS:Write (size: 12)

#4 JS:Write (size: 12)

#5 JS:Write (size: 12)

HTTP Transactions (27)

URL User Request GET HTTP/2

IP

ASN

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

Magic