rassid.site/tr=69366
31.170.164.241 707 B IP 31.170.164.241:0
ASN #47583 Hostinger International Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Phishing
GET /tr=69366 HTTP/1.1
Host: rassid.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 707
date: Sun, 28 May 2023 15:31:51 GMT
server: LiteSpeed
location: http://ar1gov.site/recharge/?tr=69366
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ar1gov.site/recharge/?tr=69366
198.54.120.153 707 B URL ar1gov.site/recharge/?tr=69366
IP 198.54.120.153:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET /recharge/?tr=69366 HTTP/1.1
Host: ar1gov.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 28 May 2023 15:31:51 GMT
server: LiteSpeed
location: https://ar1gov.site/recharge/?tr=69366
x-turbo-charged-by: LiteSpeed
ocsp.sectigo.com/
104.18.15.101 472 B IP 104.18.15.101:0
Hash e21131aee8c8c1c8f827a853fc0a0d01
eda5ff5aa1043bb5719de3ae96da675967713b2e
715b917403b6740ca19a730b32e99ad79df1193ef60333ee3b55a585b86ee59d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 15:31:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 May 2023 11:41:06 GMT
Expires: Fri, 02 Jun 2023 11:41:05 GMT
Etag: "eda5ff5aa1043bb5719de3ae96da675967713b2e"
Cache-Control: max-age=417552,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ce78c0b58d60b65-OSL
ar1gov.site/recharge/?tr=69366
198.54.120.153 487 B URL ar1gov.site/recharge/?tr=69366
IP 198.54.120.153:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash c536856f6f2771a9c2596a87b17741cf
054253962b178c3ca437dcf7395e582d8ab078e5
f0b7d660a7e9b5ec526b7526eafec89eb409970c0736a41370cc2c0a23ebbb83
Analyzer Verdict Alert fortinet Malware
GET /recharge/?tr=69366 HTTP/1.1
Host: ar1gov.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-powered-by: PHP/8.0.28
content-type: text/html; charset=UTF-8
content-length: 487
content-encoding: br
vary: Accept-Encoding
date: Sun, 28 May 2023 15:31:52 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
d28uhswspmvrhb.cloudfront.net/public/dynamo/smartLinkClick.php?offer_id=53244300&offer_position=1&visitor_id=Vdb882e620bcc0&m=0&user_id=2476&it=3544734&key=5ef4a&s2=smart-2570b3d&hash=10bafa95e963705b564bf462b40a5dc1
54.230.245.165 749 B URL d28uhswspmvrhb.cloudfront.net/public/dynamo/smartLinkClick.php?offer_id=53244300&offer_position=1&visitor_id=Vdb882e620bcc0&m=0&user_id=2476&it=3544734&key=5ef4a&s2=smart-2570b3d&hash=10bafa95e963705b564bf462b40a5dc1
IP 54.230.245.165:0
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b146e155ed4b106c6914c26a72843d7f
d784d598d87a07909577af3aadb1cf5e8501dcb6
36f316a2a6bb1e7b1ee13a47beac710ce13bb2b64029d4ddb4ed695de446f649
GET /public/dynamo/smartLinkClick.php?offer_id=53244300&offer_position=1&visitor_id=Vdb882e620bcc0&m=0&user_id=2476&it=3544734&key=5ef4a&s2=smart-2570b3d&hash=10bafa95e963705b564bf462b40a5dc1 HTTP/1.1
Host: d28uhswspmvrhb.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ar1gov.site/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 749
date: Sun, 28 May 2023 15:31:53 GMT
server: Apache/2.4.51 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-powered-by: PHP/7.4.11
set-cookie: dynamo_v_id=Vdb882e620bcc0; expires=Mon, 29-May-2023 15:31:53 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7ga3Yz3l0bxHparS7sbyNfnHDlkyCxiWgCHkSYhz8PInenzbQJGB1w==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.15.101 472 B IP 104.18.15.101:0
Hash 1a4037adfb0748bbd8542bafcdaa45b6
2cafae93c435d75dacdec80c9545a9822c948627
92b19a86408a498ecc7f46caead61344cfff24f25eda3337ab330d4bafa756cf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 15:31:53 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 27 May 2023 03:07:18 GMT
Expires: Sat, 03 Jun 2023 03:07:17 GMT
Etag: "2cafae93c435d75dacdec80c9545a9822c948627"
Cache-Control: max-age=474645,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ce78c14fd9c0b65-OSL
run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb60b7a2f33c7&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F
35.204.59.16 0 B URL run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb60b7a2f33c7&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F
IP 35.204.59.16:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=1309&offer_id=73824&sub1=Cdb60b7a2f33c7&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F HTTP/1.1
Host: run.storkmobi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sun, 28 May 2023 15:31:53 GMT
content-length: 0
location: https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=647373e9373e320001071e7f; expires=Mon, 27 May 2024 15:31:53 GMT; secure; SameSite=None
afoffers={"73824":1685287913}; expires=Mon, 27 May 2024 15:31:53 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
veftaunysurvey.top/js/_each-land-config.54074582.js
172.67.209.129200 OK 16 kB URL GET HTTP/3 veftaunysurvey.top/js/_each-land-config.54074582.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (53476), with no line terminators
Hash 3c743a1d77ca476d8a23dc0d410cd878
265b043769eadf58f04bd20cb2ef370965e25009
c0e0853dc478ea2079e1c47da36f31f8fedb37c503a6ee574bd6290fc11ab939
Analyzer Verdict Alert fortinet Phishing
GET /js/_each-land-config.54074582.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-d0e4"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6479
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lTewOoAWO3qyQMBbLqDngxhqF9vXnoFas7%2FNfAbh8%2BxNubBktkz97prunoHU3GhkMccNWXo4AutiWSeaS7ry1o4Ie638F57xauxLhIt7i7faU1vnNOnkmlZW86yRgc6vzq1e86A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d89fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT
File type JSON data\012- , ASCII text
Hash 2a5827d32a8a34ed6bd750f127e7afdb
135950edf1db01155eb79e7913620d2b592548f6
09e4c02382118f354257faaebaa3881ccc6a59d81f893eaf734038eccab1a3d1
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3b31b89e5be64e3bb835d1df0ac2bfd7; expires=Mon, 27 May 2024 15:31:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT
File type JSON data\012- , ASCII text
Hash 48ec4abc43c3c0d410378dcb4d2050cc
e65d7c475bb988211adc955e37f5e266f9d6c396
1433239c17ca3160164786f45430c2412e838408f6d6874b153ab531c2f4498d
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ab1a485ca0494b05bb6672ec61533cbf; expires=Mon, 27 May 2024 15:31:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
veftaunysurvey.top/js/config/comments/en.json
172.67.209.129200 OK 1.6 kB URL GET HTTP/3 veftaunysurvey.top/js/config/comments/en.json
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JSON data\012- , Unicode text, UTF-8 text
Hash 01c72c627a3038e7869405d68e78ab48
c4542fe77a2753163565ba73f8370585611e4359
3f9a0e2b1e418607c88ef2c2c52f7c8eac9c93d5f10409719b9d8f12b3745c40
Analyzer Verdict Alert fortinet Phishing
GET /js/config/comments/en.json HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/json
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: W/"646f514d-11ad"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nzBOGjRk7l8%2FQJhKNUaNzReDv4VyCxU87EHvoKhNkbU1%2FZlaVA9QyvdLffqq5zUlPsEr6jhoLwHG9Gh9fG%2F5TV2izTFDVHYDp7FWOBtZHgyuLF3FuDz0mBbXI9HZ25aLd9T3J9g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c19feabfab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/config/dict/cookie-consent-1.json?v=10
172.67.209.129200 OK 3.4 kB URL GET HTTP/3 veftaunysurvey.top/js/config/dict/cookie-consent-1.json?v=10
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JSON data\012- HTML document, Unicode text, UTF-8 text
Hash 4f1c632e971c4261f927ed0cf67bfdee
18c72b10719ca98b61b1f1f84e4b01f0ed8b3763
2bfa8e9b4326caea44f0d0c0345a31f34f19d47ae2e60fbc7c557df9ceffdca6
Analyzer Verdict Alert fortinet Phishing
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/json
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: W/"646f514d-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byOeUfm0rKKaKzB8%2Bh4OV9goLmlmvjKjFiCHPBMgohHyoxU2ZDgynNs%2F%2F57AONnAcmpoT0GmXne3Mk77DcDBDQxe9imnLVP08V%2FKYrIILUpNcjnCyDEUTifOb0dPJmwJEK5Ir6I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c19eea0fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/unnamed.jpg
172.67.209.129200 OK 1.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/unnamed.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 449aaf5a54e3fe3aa4f0f5875bede090
b2b897362626700277b7f8baca8b1f292d08b7e5
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59
GET /img/comments/unnamed.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 1378
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-562"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Be72mnX8G0LZc5J%2BsH0UJ8o%2FvdNI0dEHlSqJE0Xwr7IDseE3kPclJSZCrvB8jON0M79iLbaE394%2B%2BwstXiBo66jV%2FBGvjM7GyEHXvQfd6ufNi%2F1MMQGJrd3tF2O7oc85Z7HtqHg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1aaf6bfab4-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-1.png
172.67.209.129200 OK 6.6 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-1.png
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 8f9a954bf05965bb41cf97a7ddb7a375
de9db936bbea75043e08a55d1f371678fca2270c
a787bd40650924a7bbc61d6ea0bbcaddae4b3129fd8028b68c3629210e41e26d
GET /img/comments/person-1.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/png
content-length: 6577
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-19b1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mZqjoXB%2B%2BrFk49hxWPozLisWq%2B%2F46%2BZrcfT9XLlVQrxEtm8bdTW2m6nHcfOwzsvEO1cLFGGeAfLRCIUFFuy5zZbANXq9ZZOtgL8hoq%2B8pSlkPf1i5GpWa7PUlAZsfPzUtSpQFgc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1aaf76fab4-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-14.jpg
172.67.209.129200 OK 5.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-14.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 6012ff0d59aa6a34aaca1ea8f2fa88fc
ef59662c9b666106486039e9f1deb40fb4a8ff77
2c020310e91430067c7128425f14ac0ff1710aea5e67c144a8fceac46311182d
GET /img/comments/person-14.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 5392
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1510"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=awBxzo6LDMTmT6PYxeUAWyAg13AVX7G31Yh9n2yrO4sHY7d6Kvo6OcVtALz86haPVaCNOHtT4X1Evcm3J3HhdmlJKP1iNOxdp3%2Fzj%2B41sQtEPP%2Fe%2F15Cnei56h45mhyGXC4lN9I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1abf7cfab4-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-4.jpeg
172.67.209.129200 OK 2.7 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-4.jpeg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 6cf64555e2de0ff8b5391081b648b89a
a32008bacf7f8cd3859eb86c6c8d36eeb15dbdf0
d4f513bf3a5691b900739cf79285d18ef09ef4b81eca648261b15a693d21818d
Analyzer Verdict Alert fortinet Phishing
GET /img/comments/person-4.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 2709
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-a95"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G5C1ai0FfOgJ%2BUnKQk5Q%2B3ZQLjQKUP%2B6evLcepRcW%2FDNtdXC3btg9sGzmCdM6WztwO4ieSQwF1AyVoDPA4ulC7yCYIxbWOtM2cretWQfCfY83ntTnV%2B7Jsa3CzuD8MLBGBUt4BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1abf85fab4-OSL
alt-svc: h3=":443"; ma=86400
offpichuan.com/track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=647373e9373e320001071e7f
139.45.197.237200 OK 173 B URL GET HTTP/2 offpichuan.com/track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=647373e9373e320001071e7f
IP 139.45.197.237:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectoffpichuan.com
FingerprintDF:FD:C9:DF:54:1F:F8:D0:EB:70:9D:22:14:AB:31:A4:CA:18:1D:AE
ValidityThu, 30 Mar 2023 21:17:15 GMT - Wed, 28 Jun 2023 21:17:14 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash e9e7a97fcd614ae617ff3635a04b5fc0
421de701ee2151c24bc6b93f32939435875363dd
53321249104c7482a790c2d85d5e010d4fa5db018bdfbec7dee620f4b5b6f892
GET /track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=647373e9373e320001071e7f HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/json
content-length: 173
x-trace-id: 3106e05593bbcb3f53101d3d8d213238
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=explicit&hl=en
142.250.74.132200 OK 556 B URL GET HTTP/2 www.google.com/recaptcha/api.js?render=explicit&hl=en
IP 142.250.74.132:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint48:E3:15:66:FC:EA:15:BF:D2:34:C1:DD:60:D4:23:A3:63:57:89:8D
ValidityMon, 08 May 2023 08:25:18 GMT - Mon, 31 Jul 2023 08:25:17 GMT
File type ASCII text, with very long lines (852), with no line terminators
Hash 6eb227f49545693ff09e7e868952f4af
dc2cfcf4a5d33b127c8c5d18dbe577c1e690dfa9
0a22aef6916a4504fc4c1b3f83cf9ad8dec879e875888b7598ee8edde393d86d
GET /recaptcha/api.js?render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Sun, 28 May 2023 15:31:54 GMT
date: Sun, 28 May 2023 15:31:54 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
dortmark.net/sync?userId=ed35f340d838a67a54a315210550912e&partition=finance&duration=5184000s
139.45.197.248200 OK 45 B URL GET HTTP/2 dortmark.net/sync?userId=ed35f340d838a67a54a315210550912e&partition=finance&duration=5184000s
IP 139.45.197.248:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectdortmark.net
Fingerprint2D:58:01:B8:69:29:6C:35:45:78:06:E6:15:E1:E3:B9:8B:47:F6:52
ValidityTue, 11 Apr 2023 11:46:30 GMT - Mon, 10 Jul 2023 11:46:29 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 2156baba1e4d718bb8eabe342f277858
d7ac411de01238ce1a42ecdabf489c4d8e107a5f
20abcdb1d559150d349d47dab3655dabb6d74c5876f1afc7ee2ca41414948cc2
GET /sync?userId=ed35f340d838a67a54a315210550912e&partition=finance&duration=5184000s HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/json; charset=utf-8
content-length: 45
x-trace-id: fbc9d53481d41ce9a1df26e0b9ea6d6b
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: finance_ID=ed35f340d838a67a54a315210550912e; expires=Thu, 27 Jul 2023 15:31:54 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
veftaunysurvey.top/img/comments/person-14.jpg
172.67.209.129200 OK 5.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-14.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 6012ff0d59aa6a34aaca1ea8f2fa88fc
ef59662c9b666106486039e9f1deb40fb4a8ff77
2c020310e91430067c7128425f14ac0ff1710aea5e67c144a8fceac46311182d
GET /img/comments/person-14.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 5392
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1510"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16SZortZQrdBNj%2B5IZK%2B6vXWd5DoITeEoBCqdBFx2hBkqpKie3SGZpm%2FVTEmxznKyN7qmUo61S3THNVaQhuzfVcZq6wNfM6brV925nxIkNRkGqGN5Z8aMydbzoo9%2F3%2BJRz3AEyY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b8c610afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-5.jpg
172.67.209.129 4.3 kB URL GET veftaunysurvey.top/img/comments/person-5.jpg
IP 172.67.209.129:0
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 21fd6ef6d69b527c02e92a8c23d28d52
5980b75edc23f7fa2f57fa257cb67c9efb86fa58
f37490dbef620959d7124e3de027c5b5c43a57dc90737163947a6725444051eb
GET /img/comments/person-5.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 4333
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-10ed"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22f%2F4i2rZ3Vc96vwHRlLOgA9OmHNQsPmyOWR%2F1F6BT34QAR5KBj7fLeWsYKSCYH1KkV%2BGVqcDLcgKlZpD%2BSlqARTB1oXe%2BtV56Lyj5vP0ys97LjLzEyvbJcgNFk5p%2FYHqBnXMd0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b8c640afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-1.png
172.67.209.129200 OK 6.6 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-1.png
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 8f9a954bf05965bb41cf97a7ddb7a375
de9db936bbea75043e08a55d1f371678fca2270c
a787bd40650924a7bbc61d6ea0bbcaddae4b3129fd8028b68c3629210e41e26d
GET /img/comments/person-1.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/png
content-length: 6577
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-19b1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMfE0jrxNznsn2JiMqj1KbdQAZQNjNSK6SwdzBqqrhYznOEXzHO%2BbMmyPybMc6iQ77OEvWItTfJ9J%2BpnIqjDKpbbkZIJiklx71bjKk2sSbyl6MO7JBCkWu4FXBH6gVOiccWSpak%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b8c650afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-4.jpeg
172.67.209.129200 OK 2.7 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-4.jpeg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 6cf64555e2de0ff8b5391081b648b89a
a32008bacf7f8cd3859eb86c6c8d36eeb15dbdf0
d4f513bf3a5691b900739cf79285d18ef09ef4b81eca648261b15a693d21818d
Analyzer Verdict Alert fortinet Phishing
GET /img/comments/person-4.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 2709
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-a95"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTAt46lHUtz1EjjwXp6lRr5YQk6%2FKIThvUbRgXBQb72g3o%2FDWITAH1Wo%2BO%2FTPWsSC3W1EbN8XCzAdvcXJztIt8ZlekJ88Wh0V%2FkMlA0nu97cpycUBs5CWWeXhsehlsuzb1bqQ4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b8c670afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/unnamed.jpg
172.67.209.129200 OK 1.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/unnamed.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 449aaf5a54e3fe3aa4f0f5875bede090
b2b897362626700277b7f8baca8b1f292d08b7e5
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59
GET /img/comments/unnamed.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 1378
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-562"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D14hChKyywpa4n5c1TMjobHs9aWZmdBp5uhKZXWkpBUgVL%2B224mc4kKvkgmVZDO%2B4v%2BlaqBJmHjcBhWuvkkec6itRS8kWfWL%2BmWrCPJpxckAXmPaG%2ByvkzIPSK4SRYYIjddTUnI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b8c680afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-8.jpg
172.67.209.129200 OK 5.7 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-8.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, software=Google], baseline, precision 8, 100x100, components 3\012- data
Hash 6b10e71656e51e27520e854712b44f1c
f78b92dded977e9f275aba726453138155420bcf
64588485da7d470991fdba6c20a6d05c7ad39f92cca72769a95cbe3d873e8edc
GET /img/comments/person-8.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 5748
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1674"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BomJgSlEnx8F81hPDbVslgkfDc84Bip0rqPVn303kL0rIAw06Uc9C9lmwUK0nxQaQd%2BrcUoXgqXi%2BEcwcUzvugElLFyVCPVK0LNP%2BeEbZEiXZAL2TX8eH8AEskia8CAc9eFJwM8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b9c770afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-6.jpg
172.67.209.129200 OK 4.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-6.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash be9ff88491a5bc0745579a3813eb2cbe
870f88a7fae9fdd928af33f47c5ffdddc6a4082b
698d413ddf6b2ec37acf0e982237d239bd912cb097e243cb355855ac2b8548d3
GET /img/comments/person-6.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 4392
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1128"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1pw3xDFhIpdAjs3TqCPD5MfHmFoEX8fcld2HqetFXZk4ZzDWPQrksScy6yFbYy5LWrtHxoQDaRADv1iAwqw87IKkzPxS1p%2FyS0SVlfGlm8hrIPrmQa%2FdAPu3NJGYyC3yS8buKis%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b9c740afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-2.png
172.67.209.129200 OK 6.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-2.png
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 3e6eaea87b2891590972dd11373b09a3
f038c6e6306ca708defa2b601bf9477f0cf78a3d
15aadd2e7f4f83e79f35e760da382fb8b5045d2cf506f531bdc15b7b27f699a5
GET /img/comments/person-2.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/png
content-length: 6428
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-191c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3iOHKRctdIEJw4fw0arwDuwOg9EeG8j8P086uSe%2BHXfsMkkFO8tiuBeT4SM7ZwWF6kf2ADfumVdYbiTmOdAivobre%2BtUqVZjlX0FY48F8k1bKtdL7%2Fhae06B2%2B1%2B9VWOGoaMv0g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b8c660afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-11.jpeg
172.67.209.129200 OK 4.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-11.jpeg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 3924bdc784dc4947f52b779aa4d5a0aa
1e3f3fdd99490addd60014aa7327fe27c6bd5589
b3f882f57f9a213d85eb1c5c6a8a1451bd16dfcd9e4bd00e0a74584422dbd950
Analyzer Verdict Alert fortinet Phishing
GET /img/comments/person-11.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 4175
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-104f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DructPQqBk%2FGQka4opFmR%2FpcAsVxpqVo9PumbNUce2sqZAfLmDeD816YmxOcNhK4c7E5DjEE3SRXiqcUVhJ6Yrgo%2F8PC3Ml24TCSwOjLClg7vWO2zt8K9cRj1mZobyjlck30HVw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1bac910afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-10.jpg
172.67.209.129200 OK 6.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-10.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, software=Google], baseline, precision 8, 100x100, components 3\012- data
Hash 044ab37551bfe632f53b8f15d991f36e
77fdc6210608e5e36e1d36ac7fd867104cb20d9e
36adcb32026c016feaff678063911fcc9e7985e9f0c56bb1daa776f98964ef91
GET /img/comments/person-10.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 6178
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1822"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elbDQw5VMYgh%2FV27Vl4sWAelzBjYNUOEeCd0nlN916cpDRrAxeWTPyK0iTfQOpSr1SwLrFUaTvfuwXwG8WgJxJxevJfKVSaopa7faak2QKeooUbLGS5KI0FFB3KRODDe%2BZEz%2B7E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1bac890afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-9.jpg
172.67.209.129200 OK 5.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-9.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 529370f9fd3b0f4da6c81ca91a931155
1a4c3e0e7af1ce30dc2ca18d48b5fc3f1b40aad3
cdf1b8dcdce4e9b76157ce90e086ebafb100063eaeb091e97087d97f5d0fb50b
GET /img/comments/person-9.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 5190
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1446"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8XJLoGhv0T6RqhyVOHsV19Tq%2Fk3NNs%2BQriUvppDb0BNoMOgTExA6AxRErzRNtegwWRrNuX8MxHmTxqYEewHG2fSRwICnIPBgDm4vJZrwMPMwIR6dXjwER3nKH34ywMTauSn1DNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b9c840afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-3.png
172.67.209.129200 OK 7.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-3.png
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 2f62e53b6333bc904be22a37a1fd0ace
6e972fefcbe0193d9b28817c47c1ceab2a0235d1
9128194f1b1bf44435a3e80f994157b94a40a3365cd8f0794dcadb41a24c3b41
GET /img/comments/person-3.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/png
content-length: 7368
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1cc8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jL7i2QT6h2TayjbfrUdFrfyCWcl6LvrnmtBMwPVKpyzpBrFkBddlF9xtS0uKYF%2BLsnJgVywXk%2BQz%2B056JFPR5dlMec2GQPmfU8P3zGPHmN8DIzc7i9pN1iSSmvsL3yZ1bIm2UlU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1b9c800afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-12.jpeg
172.67.209.129200 OK 3.5 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-12.jpeg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash c937339f4ba54ff7dc150b9865c29084
44206828ca23cbed303193bde1dfe47bdc532972
8e872daac17de58d352c9f4082e6e35af76a8b2138c142a8cf0fbacea195c73e
Analyzer Verdict Alert fortinet Phishing
GET /img/comments/person-12.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 3519
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-dbf"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1e0shypVYFMZE1UnyFM%2B%2FMKMmevJ3rwwckHhpGGe74ErwwC%2BzP6tHgK59y3VjtJ2Dg3ESF205B%2BObkNB7FX1dAVlXyvRhLIXc6rwRdaISPFj9U1NBmzX0F563eHPHH5ys0hLSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1bac960afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-13.jpg
172.67.209.129200 OK 3.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-13.jpg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash a3364ed9e772ae6f696b814072001bf8
b8f34c657c31bf1e4d42b5d864b2519493d80e92
88f30b8552d0ab928d895390b337a0049405f3b1e8446631e606ba787e1205e1
GET /img/comments/person-13.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/jpeg
content-length: 3172
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-c64"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 151
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T0l1cf%2FEV80yPYFk1lzWS78CWs%2FInuP6Si35OsJHEZzIGx5WcqGtJOjVaQVlGmDAF2pf5rM3QI2Te4Rn2A8t33WU3ilhjTXb64dTbz3PFlTa0tBPR1rUb7FuJgxunWH2OYB14fo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1bac970afe-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js
172.67.209.129200 OK 43 kB URL GET HTTP/3 veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 925bb81eaa725b80e8dce9ade125a94b
29e32bc68e79dad785e94113e1402d700c3dd133
2ea31962a5f2df9665ffcd095d704efb79003916cc395ea967807ee7edef56e7
Analyzer Verdict Alert fortinet Phishing
GET /js/v-react-dom.production.min.js.6effe279.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-1f8eb"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T5w1eJq%2FUIs2mF9Qr8R0DON9bjQcsNQRM2pT62wXU1SitBUzhj0wNJIY%2BSOSOa%2Bz47%2F2uTF7Qzn7J23edie4vbXumcyX7ggDQUI8swjWu8wTmvOXk%2BuicGheMOck0ivqis0zXL0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c170c24fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 01306b55f5d6e6a8e1ff9411386a89a0
1c06c985114ad08023398fe3597371715cf6aa27
7d4df964819e827fdbd588784bff90bdb09b6938ca788e013144d1600e8ecc16
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 15:31:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
laugoust.com/zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest
139.45.197.250200 OK 0 B URL POST HTTP/2 laugoust.com/zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest
IP 139.45.197.250:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectlaugoust.com
Fingerprint99:7C:6B:09:6A:A1:BC:70:53:D5:2F:97:56:F3:C0:A5:06:9F:80:C9
ValiditySun, 19 Mar 2023 05:11:02 GMT - Sat, 17 Jun 2023 05:11:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest HTTP/1.1
Host: laugoust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sun, 28 May 2023 15:31:54 GMT
content-length: 0
x-trace-id: 709958b5925a5d26b4babee04f7fa717
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash bb63f1caaf551e76a88f326c8db516ce
513533cccfb522767abf37082518f766adc3c070
cfe2e32528181d9ff75d3946d789811d6d2c71e153c39aa72c0a586b922ebeb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 15:31:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
veftaunysurvey.top/js/v-redux-toolkit.esm.js.84f60255.js
172.67.209.129200 OK 173 kB URL GET HTTP/3 veftaunysurvey.top/js/v-redux-toolkit.esm.js.84f60255.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (11317), with no line terminators
Size 173 kB (172582 bytes)
Hash a5270a375315257104f71750f409c0fd
69563034f666621e05c9d68ef10c9f39b264feb0
f2508629d82e4f362ffe474facab978e128e8151dfe13e209c444bfe12b50753
Analyzer Verdict Alert fortinet Phishing
GET /js/v-redux-toolkit.esm.js.84f60255.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2c35"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6OpLXiumzNMtLAql2m%2FVDrmr%2FBZpfXFE1wFQMUNihujNeuncr%2FkcI02jj%2BGZD0C0cjjdRFJpqFjmsVmVM2c5qgheJ0MbRMf5P0oY8yi%2FIJiRwHXYNKC%2FnOKJ3H6AX76lj%2FhGVOM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c16fbe4fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash bb63f1caaf551e76a88f326c8db516ce
513533cccfb522767abf37082518f766adc3c070
cfe2e32528181d9ff75d3946d789811d6d2c71e153c39aa72c0a586b922ebeb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 28 May 2023 15:31:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.15.101 471 B IP 104.18.15.101:0
Hash 329d2fdeb6faae323b672824323f1e8f
034f8214df486538936ceec2fa30fa52f939d8c3
d2d6f3b0ef3034770be7099a695f7895294b8d06298fdaa48b248a3d935c6f54
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 15:31:55 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 25 May 2023 05:19:52 GMT
Expires: Thu, 01 Jun 2023 05:19:51 GMT
Etag: "034f8214df486538936ceec2fa30fa52f939d8c3"
Cache-Control: max-age=309171,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ce78c1de8080b65-OSL
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
37.48.68.71200 OK 12 B URL POST HTTP/1.1 datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP 37.48.68.71:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint6F:17:15:C2:7F:CC:16:6C:9D:C0:AD:C3:EE:DA:69:61:8C:77:0B:5B
ValiditySun, 18 Dec 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1476
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 28 May 2023 15:31:55 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://veftaunysurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js
172.67.209.129200 OK 10 kB URL GET HTTP/3 veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (10496), with no line terminators
Hash fb46146a17eb0c4a887b7df1f66f7fa7
4be05a7ad649b3b907cecb1e92262ef8eb849946
d326fd3d05fc533b5f383d2695e3c013e267d1de919a64c798b49c7f8f36b55c
Analyzer Verdict Alert fortinet Phishing
GET /js/v-immer.esm.mjs.d9bdbc14.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2900"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VeViiB2gCCtgcpogzSzeo5KTLauF7IJryiCEgr03NAJ5YyGk%2Frh5S2pnHOBYHLcXblbP2FXqc%2B70uEs2u813JiZXPr%2BLKu6bMijfYMFGigrGKhTXVAf43G8Z1bB2QEIjzsI%2Bbvc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d85fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/config/data/sd-2025.js
172.67.209.129200 OK 9.2 kB URL GET HTTP/3 veftaunysurvey.top/js/config/data/sd-2025.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (9549), with no line terminators
Hash edcdb9407b2987df48166bfe2de6c40c
10d47a89a281d6fcfecd1f0d282af995d5bbcb8d
76279535713eaa977252ab71a88308fa2c09412cc6d22435c00b910565f2ab12
Analyzer Verdict Alert fortinet Phishing
GET /js/config/data/sd-2025.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2411"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 348
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FaAfCsIt1SCpmReKir3TNQtVRlTyeG8u7KKX0K20vKW2F%2Br5N9HWbEfo9W1MTWLHoUKpGGrF%2BVDus3kUMLxuXFfFQHS6MWQn1ghCPrPnwIe8qDlzKGjKchHryMPUp%2FDn3SKDms4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c194e15fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdntechone.com/stattag.js
188.114.96.1200 OK 18 kB URL GET HTTP/2 cdntechone.com/stattag.js
IP 188.114.96.1:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint22:B1:48:87:A8:EF:B2:9B:65:EB:D6:C6:FD:8D:EF:A7:A7:DE:52:29
ValidityThu, 26 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (17871)
Hash 0fdff67feab23cc69ecfb6800fc54cb7
eb84c650e6d27e290795207b1f37dd7b67f2aa06
456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:53 GMT
etag: W/"646736c9-4859"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5478
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NjnqlDGtfmT1QJcdLbU4dCoTjUGQdk7kcMkyp%2F27K%2BPqQAmvO0ladm8Xh%2F8BneaMI8SaIrF8fgB8FH3VtTrA9gl33O%2FzLTJnwZFEEbjhP5UaGoVj5CgBxi0Glsft0T9mIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ce78c1c5c09b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js
172.67.209.129200 OK 1.2 kB URL GET HTTP/3 veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (1216), with no line terminators
Hash a6d0cd1e59a9153917d7b1f955df03ba
8062cabc3e39bfa8c0a7d12109ac3bb174cbdf9d
e4e8ac53c3f131032d88c852c1c2f6cf04dcd0b64c2368830d746648200fbea9
Analyzer Verdict Alert fortinet Phishing
GET /js/_global-config-sd.6c57bf6e.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-4aa"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r1GD%2FOQINRV%2BlxIvbq65smZ3qDQjfVTEU5EsKDIPgTphFFuKpVxOM5iwBJR6trymtZWfLi684hK78A4MB5LrZ0uL7X77iwfupW0LYXcmXJrw6SRtMFtsXRpouk6DtcDCF3KCNOk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d7ffab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/_rtc.1844c1d6.js
172.67.209.129200 OK 11 kB URL GET HTTP/3 veftaunysurvey.top/js/_rtc.1844c1d6.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (11189), with no line terminators
Hash 883b0649630864a2149008489d4ef7ec
7e59a27da52c8200f7c8d3718c5e88f9c6d40ecd
36b3238c01774500a75f9a44b860a700e713e89f103db5a915cd114f19dd9659
Analyzer Verdict Alert fortinet Phishing
GET /js/_rtc.1844c1d6.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2bb5"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QzLWJVo8CFpkqq9nWaSqf1X7nQmDHxz3iPmEMH9vCqIzw8BeuQadkVkNjM85%2BHSqXic57BmYgTm3lnkQeJq%2BWpF%2F2xbfKnM8rZ4ghVSBbj8WVoA%2B%2F08635BC7PAI96VnrugwZYU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d81fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/favicon.ico
172.67.209.129200 OK 1.2 kB URL GET HTTP/3 veftaunysurvey.top/favicon.ico
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 668ba1a9fa1890ba16cb8adc28d3dad8
5e35223b2541265114eaf61b9da2556c812fea17
7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
GET /favicon.ico HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/x-icon
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: W/"646f514d-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6406
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbK6J94tOprblMVp9R6y1mUpvAgQp%2B9iL0UrPzD4amzTxAvymrXm0MPQn6WvBHuIZu5z1nNfvx5eZdDh0deededGOkmskfql1OPJ8YvMP%2BWspmrCqnkd7RoaAWy%2Be2fUO1365tE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1cad9d0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
172.67.209.129200 OK 4.7 kB URL User Request GET HTTP/3 veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
IP 172.67.209.129:443
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4929), with no line terminators
Hash b1a9cd89a9c8d90bc6a34ac1531e46e2
5f08db9b85b129e55566bafa881816a2675bc898
9ba092a7505cfc6b97afd58d27f9988d769c3a99fc39dbae1fc077d3622845ad
GET /finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: text/html
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VtoZnctnuzSnWm0HUZzpX32xoXGzDkH6%2FkU467MQnNZol6z9HovCp7PQdnu826t1NLOYA%2B1Idph034obkvy3Mp%2FBZof4ASvoHhhpIfrnzWOiXjgdEtTCfTYWn430gcX1Cm45xQc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c180cf5fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/v-index.js.5d90fc84.js
172.67.209.129200 OK 40 kB URL GET HTTP/3 veftaunysurvey.top/js/v-index.js.5d90fc84.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (40269), with no line terminators
Hash afc495189442bdabb9e5b67ac3c078ff
f9c9d7548d2b0df9f21f99c47daf8c3c7f84e2b0
803c7de2a9b0aee6ddb09e05dfb538b78081d7447ba041b11f4901fd17e803b6
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.js.5d90fc84.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514c-9d4d"
last-modified: Thu, 25 May 2023 12:15:08 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o3Mbsaxuq%2BbF5aPKt%2FIbdc5vOJf6bAzCyqN2sCsvl%2BPxnh%2F21lUtsldv2h09s926MPCYfFWbfCrHePwv1IS4nH1n1RRM4c8%2FzzBBEMHwDuyF9HKJ3ZAxcfFD73rTBIh6eS6Utoo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d83fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/v-index.mjs.84459691.js
172.67.209.129200 OK 35 kB URL GET HTTP/3 veftaunysurvey.top/js/v-index.mjs.84459691.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (35051), with no line terminators
Hash 605e628e434cc33f498d5cdf36ce6ee6
21115523910906a041b0e8611aed2222cb1b7782
e7676f8c16879d9ce22f17a7d0cd1ad93d43f00a487d71798ed02f7a683d615e
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.mjs.84459691.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-88eb"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y4xbPLeqqYljO7AnrIXiSQRAFuLQb%2Bn8BKx4%2BwajgldYd7jEjYx%2F%2BEjDq2mfacaJraCzcWzJ3%2FuYLFc1YxbaNIVBa2OPLm7AB7HPHOpvIXMhXP3rz2eWNRdfaM44yBm%2Fbu6y0GY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d8afab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/css/survey.2bfeef83.css
172.67.209.129200 OK 67 kB URL GET HTTP/3 veftaunysurvey.top/css/survey.2bfeef83.css
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash ba8ddbfa60d2feec516710cd5de1746d
9ddfc2f60deda512e71fa888c546c4300e3a530e
04ea2783c47b74e28c9583983c12e1ea4ac25e5ab50f0270829687607a03a782
GET /css/survey.2bfeef83.css HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=66591
etag: W/"646f514d-1041f"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4g2xOWCK18N4J4sj11UmoN8TNnr%2FUvHDBrnye60WvRyOYCGW0Wi2QDl1w%2BkOcyZ1189l4%2FfQTrrJGsbqq%2FeKG3XHaJNt2yxXwGor%2BDakn%2BUMD1UhIt7UlrZYWJxlJQoVPrIRNN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d93fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
142.250.74.35200 OK 417 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type ASCII text, with very long lines (660)
Size 417 kB (416807 bytes)
Hash 95a32a4d8f8be968bc15d6ab9b9491d1
fbfbcb40c8d8997096cd2ea3d8cfc3dee1981015
a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981
GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166449
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 23:49:29 GMT
expires: Tue, 21 May 2024 23:49:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 May 2023 20:58:33 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 488546
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
veftaunysurvey.top/js/_is-browser-supported.c49ec082.js
172.67.209.129200 OK 1.0 kB URL GET HTTP/3 veftaunysurvey.top/js/_is-browser-supported.c49ec082.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (1102), with no line terminators
Hash 347149a5f2db6ba9662854836bd194ba
dad9564747ff98e7449226386615f6846b11920e
c84c175bb7a22aee56cd585dfeec157387639c062a12b726f8f4dd3f0c36cc7a
Analyzer Verdict Alert fortinet Phishing
GET /js/_is-browser-supported.c49ec082.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-3f7"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jv6ul3wzrxEZkMXYxrIgMbccjMFjgq%2FNGin4dBdnyyEjUVyBmX48eMQVpZrB5q%2Bl4mms%2FZBJOgfSvgseW01t5idvcPvJwoOTkjNPpWenKC4DNYQhIN2NjRojhRaer%2BkJE8iGbz8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c188d7afab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/icon-survey.svg
172.67.209.129200 OK 3.1 kB URL GET HTTP/3 veftaunysurvey.top/img/icon-survey.svg
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3164), with no line terminators
Hash be0098d1d8838c0172c3107086338256
924bedb900cfbbf46aee1acc68b09666d1cd08b0
cce75f9c57b1c4430adecff06f7575ac7316c3381477a841f557646d0ac6af8a
Analyzer Verdict Alert fortinet Phishing
GET /img/icon-survey.svg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: image/svg+xml
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: W/"646f514d-c19"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OMXwGI37rN86iEmUWf22ST%2FLiWWFYMD6V0dK3Nz87j7uTTrW6xTebzJO4fakXLKyb2i2oj2d0k33nAPSznFiNLUhz9rfzRVm97ao2udwyoGWTKhFe%2BD1EWdqWDLX%2FsKydvo1FyI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d95fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000
172.67.209.129200 OK 1.3 kB URL GET HTTP/3 veftaunysurvey.top/sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (1381), with no line terminators
Hash c21b76d8c5cc98d28e2ded4d7182cfb3
615a50d523a68a9b87e50715c88671e6b70e2868
ce15252772a764d35cbda3d5faeeb3c3e190ed7c4a1c56f75b0997666ad44322
GET /sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1; finance_ID=ed35f340d838a67a54a315210550912e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:55 GMT
content-type: application/javascript
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: W/"646f514d-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LqVcuQso%2BWf4kgh2St0g5YhPEEolT5zSARD1WHg4mtZO5SeOtxBuhCqHDKTTDfNDUDx4yiIciQPjeL%2F5UGzWBdYBvegQCiMgBYKJH%2FfIknMB0%2BcfkrR909dNZgO1NXqYzBG4KiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c1e2f590afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/config/data/sd-1203000.js?v=10
172.67.209.129200 OK 2.7 kB URL GET HTTP/3 veftaunysurvey.top/js/config/data/sd-1203000.js?v=10
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (2839), with no line terminators
Hash 501882c63654cc39a921890ab999f9e8
0d1f94ce2336fcb0f5aa05e50ce579007d1d3eaf
70dfcfb1c3c467b41bb0e0bf33302cd6ce971a2d4e6227c7f9ca4be5b90072b1
GET /js/config/data/sd-1203000.js?v=10 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-aa2"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 85
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C7dKn3fKtmtwwXc44KoN53mVlx%2FLmEAB6LhZ2XgCPMFrvb95SF%2BTsmGlT%2F44rp7j6LnDmeDBPWKS4vOsgP%2BISr8J1TqUnWWJ%2F6bxjubJJ%2B6cdAmAhtGjnHv5Q4O1pFRciCuq4T8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c192df9fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/_core-survey.973e410f.js
172.67.209.129200 OK 221 kB URL GET HTTP/3 veftaunysurvey.top/js/_core-survey.973e410f.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
Size 221 kB (221227 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /js/_core-survey.973e410f.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-3602b"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C6qEaz5eIxaV0Sg7rNcwNKHUc7Qhf7z00yQNC53QvTy%2FJupAAYqoS2XttAOt3o%2FkJQHw6O8FxN24h%2BJx%2FSzG3%2FJN1A%2FChf9MgbvTaIH8bFQQL%2FImhcyXYpyD5B1YMOVD9fYf86M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d8ffab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/survey.1f8ac4cf.js
172.67.209.129200 OK 5.4 kB URL GET HTTP/3 veftaunysurvey.top/js/survey.1f8ac4cf.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (5583), with no line terminators
Hash 4c42dc19cb890c5e7681013384a8496f
15c963e9574f93a6a3ac2cefda43fb6f96d7e8d4
85ba83159a37ec6774f9bf1feccdbdb5724314bc1138d2d4ff19f1dea4c1e7a0
Analyzer Verdict Alert fortinet Phishing
GET /js/survey.1f8ac4cf.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-153d"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvGBXr9A4tclI8nZJ3w2Y3Qy99sMM4yb8pOs%2FDFqEzLKZhkIgGbmCZzbDq3oKBBwgU2WKQxpZpIVgG38IQnBMg8gV%2FSy00vVzj%2BJLlmNFQw27KLP5id%2Fy8jKybblIOt%2FNdueemw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d90fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/css/_core-survey.26c0898c.css
172.67.209.129200 OK 3.2 kB URL GET HTTP/3 veftaunysurvey.top/css/_core-survey.26c0898c.css
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (3187), with no line terminators
Hash 2e6143d07cb0a0273cd0fded0cd7b430
4853285adf3a468cc8a42b1c6f17d8353cfef896
f2690b871425a66071365ba5be475a5089e8074dbdab7df95a71bbee62e2f5fb
GET /css/_core-survey.26c0898c.css HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=3194
etag: W/"646f514d-c7a"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3%2BrpUTDnSynF%2FS%2FUVgGWvE9EUodpuej9BKKbpTmBW8FWDDUVT1ZNDMwrqrcy7nyor17yRYtkXqB7ASSDB8uv4iCtYuLqA%2FJ6B0rVlfN%2F3cBOKuZEQRY2W%2BQy%2BnI%2FSMXDJNXPqw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d91fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000
172.67.209.129200 OK 42 kB URL GET HTTP/3 veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type C source, ASCII text, with very long lines (41946), with no line terminators
Hash 9c1a21a7325f334b8f1115b7c6476950
6cbe8da2596f380db8bb7a40fb42c7958f357c6e
9243782de0a2103b4cb642615ede16afdb1cafcb6aab5eba687a796e44f0a84d
GET /pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: W/"646f514d-a3da"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqzQGLZbJEk%2Bhb21g1Yyt6UJWqoV7Q9Ik0caFusrpa4Lmd8mugIZ4tiSIYltGnxsNRvPetDWBGY13NYHVN2VMpPdj9eajglTSIGVdjLgxsGnDwGx3Va64ld%2Bk6hnMnZ7p%2BB%2FCrI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c19eea2fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
offpichuan.com/rotate?zz=4292523;4326652;5128285;4949467;5381239;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=ab1a485ca0494b05bb6672ec61533cbf
139.45.197.237200 OK 7.3 kB URL GET HTTP/2 offpichuan.com/rotate?zz=4292523;4326652;5128285;4949467;5381239;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=ab1a485ca0494b05bb6672ec61533cbf
IP 139.45.197.237:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectoffpichuan.com
FingerprintDF:FD:C9:DF:54:1F:F8:D0:EB:70:9D:22:14:AB:31:A4:CA:18:1D:AE
ValidityThu, 30 Mar 2023 21:17:15 GMT - Wed, 28 Jun 2023 21:17:14 GMT
File type troff or preprocessor input, ASCII text, with very long lines (7317), with no line terminators
Hash 3cdf89a2a2b479d53c91898c7423df1b
8041b3b4c632c51991cd3927304a34de2ed1807e
5854daa64422f64a431de29c4a3066d4c37c13e72e02af59f91e30183ea3c0c3
GET /rotate?zz=4292523;4326652;5128285;4949467;5381239;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=ab1a485ca0494b05bb6672ec61533cbf HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
x-trace-id: fd8ffec4413e586acbec8af9b1c0ba92
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://veftaunysurvey.top
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=ab1a485ca0494b05bb6672ec61533cbf; expires=Mon, 27 May 2024 15:31:54 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
veftaunysurvey.top/js/s-storageService.js.24e15119.js
172.67.209.129200 OK 2.6 kB URL GET HTTP/3 veftaunysurvey.top/js/s-storageService.js.24e15119.js
IP 172.67.209.129:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=647373e9373e320001071e7f&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2624), with no line terminators
Hash 92ba5c835e9273abcc9a4e5bd9ce7949
75050f148900e64655c7c225dcd016fdc9165718
1a17cd3a15460fb7839645aa0cdc52efc308f769807c4810f8ae59602b441e9a
Analyzer Verdict Alert fortinet Phishing
GET /js/s-storageService.js.24e15119.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 28 May 2023 15:31:54 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-a0c"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 3596
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9BuzSO%2B4hPfqqW%2BLeGsShGgVMe534A3PetxhJag4vZXcgiH%2Bbj2DsD3aWkAZzM2lt2aO79Jf%2FhDfyuj9YRuOjncgbmckyo6crdj%2FGvKpqkLvEbxxX5g2YkAOspxOBZUj6x7%2Fec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ce78c189d82fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400