Report - rassid.site/tr=22491

Report Overview

Submitted URL
rassid.site/tr=22491
IP
31.170.164.241
ASN
#47583 Hostinger International Limited
Submitted
2023-05-29 12:29:52
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
52

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-05-28	999 B	2.1 kB	142.250.74.131
run.storkmobi.com	99480	2021-01-14	2021-03-27	2023-05-27	601 B	548 B	35.204.59.16
veftaunysurvey.top	unknown	2023-05-24	2023-05-24	2023-05-28	17 kB	672 kB	104.21.93.116
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-05-28	450 B	167 kB	142.250.74.35
datatechonert.com	46154	2021-12-24	2021-12-24	2023-05-28	502 B	486 B	139.45.195.253
cdntechone.com	64371	2021-12-24	2021-12-24	2023-05-28	368 B	19 kB	172.67.149.153
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-05-28	660 B	1.9 kB	104.18.15.101
smrturl.co	299580	2019-01-29	2019-02-01	2023-05-28	505 B	1.9 kB	172.67.182.139
www.google.com	7	1997-09-15	2015-05-10	2023-05-28	394 B	1.1 kB	142.250.74.164
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-05-28	931 B	1.4 kB	139.45.195.8
ar1gov.site	unknown	2023-04-04	2023-04-04	2023-05-26	888 B	1.7 kB	198.54.120.153
laugoust.com	unknown	2022-07-22	2022-07-22	2023-05-28	486 B	376 B	139.45.197.250
offpichuan.com	unknown	2023-03-30	2023-03-31	2023-05-28	1.0 kB	8.9 kB	139.45.197.237
dortmark.net	unknown	2023-04-06	2023-04-11	2023-05-28	468 B	831 B	139.45.197.248
rassid.site	unknown	2022-09-07	2022-09-08	2023-05-25	476 B	1.2 kB	31.170.164.241

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-29 12:29:36	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-05-29	medium	rassid.site/tr=22491
2023-05-29	medium	ar1gov.site/recharge/?tr=22491
2023-05-29	medium	ar1gov.site/recharge/?tr=22491
2023-05-29	medium	veftaunysurvey.top/img/icon-survey.svg
2023-05-29	medium	veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js
2023-05-29	medium	veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js
2023-05-29	medium	veftaunysurvey.top/img/comments/person-4.jpeg
2023-05-29	medium	veftaunysurvey.top/js/s-storageService.js.24e15119.js
2023-05-29	medium	veftaunysurvey.top/img/comments/person-12.jpeg
2023-05-29	medium	veftaunysurvey.top/img/comments/person-11.jpeg
2023-05-29	medium	veftaunysurvey.top/js/v-index.js.c7edebe7.js
2023-05-29	medium	veftaunysurvey.top/js/v-index.js.c7edebe7.js
2023-05-29	medium	veftaunysurvey.top/img/icon-survey.svg
2023-05-29	medium	veftaunysurvey.top/js/_is-browser-supported.c49ec082.js
2023-05-29	medium	veftaunysurvey.top/js/_each-land-config.406ff2d6.js
2023-05-29	medium	veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js
2023-05-29	medium	veftaunysurvey.top/js/config/data/sd-2025.js
2023-05-29	medium	veftaunysurvey.top/js/_rtc.1844c1d6.js
2023-05-29	medium	veftaunysurvey.top/js/v-redux-toolkit.esm.js.61e25c00.js
2023-05-29	medium	veftaunysurvey.top/js/_core-survey.47874637.js
2023-05-29	medium	veftaunysurvey.top/js/v-index.mjs.6da8765a.js
2023-05-29	medium	veftaunysurvey.top/js/survey.1104d4e1.js
2023-05-29	medium	veftaunysurvey.top/js/config/dict/cookie-consent-1.json?v=10
2023-05-29	medium	veftaunysurvey.top/js/config/comments/en.json

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-05-29	medium	offpichuan.com
2023-05-29	medium	offpichuan.com

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	veftaunysurvey.top/js/_rtc.1844c1d6.js	11 kB	2023-05-23	2023-05-31
Pretty URL veftaunysurvey.top/js/_rtc.1844c1d6.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 14:03:46 Last Seen2023-05-31 04:35:27 Times Seen816 Hash 883b0649630864a2149008489d4ef7ec 7e59a27da52c8200f7c8d3718c5e88f9c6d40ecd 36b3238c01774500a75f9a44b860a700e713e89f103db5a915cd114f19dd9659 Loading...

	veftaunysurvey.top/js/_is-browser-supported.c49ec082.js	1.0 kB	2023-05-15	2023-06-05
Pretty URL veftaunysurvey.top/js/_is-browser-supported.c49ec082.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-15 14:50:40 Last Seen2023-06-05 10:27:16 Times Seen2068 Hash 68e1a61f2550d6589e5ae1830fd2d3db aeefce07be8a0ea5485c7463a8a368806c55e059 a0b2b72ecb2738d1f49c83d11a844bc96965537fb634ed8d1c8c3dd95f4ef0b1 Loading...

	veftaunysurvey.top/js/v-redux-toolkit.esm.js.61e25c00.js	11 kB	2023-05-29	2023-05-31
Pretty URL veftaunysurvey.top/js/v-redux-toolkit.esm.js.61e25c00.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 14:08:48 Last Seen2023-05-31 04:35:27 Times Seen113 Hash ef0d81c5f3a115afbaf585c02c59dc3d 4502f6e492b723cd1dfd3535e74a978d0fbadc49 b632a3ba12a7ea94430f44ee7ada51e5e3295d1a1ee32f45993ae6a4cd9dd050 Loading...

	veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js	10 kB	2023-05-23	2023-06-01
Pretty URL veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 14:03:46 Last Seen2023-06-01 12:56:58 Times Seen843 Hash fb46146a17eb0c4a887b7df1f66f7fa7 4be05a7ad649b3b907cecb1e92262ef8eb849946 d326fd3d05fc533b5f383d2695e3c013e267d1de919a64c798b49c7f8f36b55c Loading...

	veftaunysurvey.top/js/config/data/sd-2025.js	9.2 kB	2023-05-25	2023-08-03
Pretty URL veftaunysurvey.top/js/config/data/sd-2025.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2023-05-25 14:36:02 Last Seen2023-08-03 09:53:24 Times Seen418 Hash 75a1a7295785d43701c2ae0e8829668d b1928ddd2bb46cccfb73bdc9b959c24b2cfbff95 becbc9d00e418641d9766ed3bdf34bc0b1334c68d93cc5aeea43066c814a3782 Loading...

	veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2	947 B	2023-04-05	2023-06-07
Pretty URL veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2 IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 07:30:31 Last Seen2023-06-07 14:52:41 Times Seen1528 Hash d1e72beb1dee97272ab297ff00092f77 902a8f9ce932b41cf9b3b6b6d29af0e2cfc035a8 f755101aed96ff79400ade91a689b64b11ae1851d2c410eea9bfea1dc1d194ff Loading...

	veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2	805 B	2023-05-29	2023-05-31
Pretty URL veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2 IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-29 14:08:48 Last Seen2023-05-31 04:35:27 Times Seen52 Hash 613a5ad82c03baca70d081c3032027a1 808e124fbd37faaf03693b9fb2b4489e8ce951f7 aeb1ea97cfdc25e55b3200cd9b75ea6cb2e131ab68527dbd930882a755696b4f Loading...

	veftaunysurvey.top/js/s-storageService.js.24e15119.js	2.6 kB	2023-03-29	2023-06-20
Pretty URL veftaunysurvey.top/js/s-storageService.js.24e15119.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 21:31:29 Last Seen2023-06-20 23:37:46 Times Seen2145 Hash 4816f938e9d10c0caa7cd06c6a9b4795 ad3bd074f4b8b7550d6f9563e5097683a2dc76c2 36c9a2201b667c84dbecb7415e6fc6b9697ce920edaf258db96831ff284177b0 Loading...

	www.google.com/recaptcha/api.js?render=explicit&hl=en	852 B	2023-05-26	2023-06-03
Pretty URL www.google.com/recaptcha/api.js?render=explicit&hl=en IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-26 00:38:59 Last Seen2023-06-03 07:03:55 Times Seen712 Hash 6eb227f49545693ff09e7e868952f4af dc2cfcf4a5d33b127c8c5d18dbe577c1e690dfa9 0a22aef6916a4504fc4c1b3f83cf9ad8dec879e875888b7598ee8edde393d86d Loading...

	www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js	417 kB	2023-05-25	2023-12-01
Pretty URL www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 23:34:05 Last Seen2023-12-01 20:53:29 Times Seen14311 Hash 95a32a4d8f8be968bc15d6ab9b9491d1 fbfbcb40c8d8997096cd2ea3d8cfc3dee1981015 a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981 Loading...

	veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2	41 B	2023-03-07	2024-04-26
Pretty URL veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2 IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:03 Last Seen2024-04-26 17:23:47 Times Seen7154 Hash 2ec370ca0eaf3069dce13df24243d863 64c1919bbb18a6d851d1b7772f830320b8ab5cc1 6a31a3a39783d09cc53dd9e9baeb4a4fa49be602eef90f6bbb9f78af02688064 Loading...

	veftaunysurvey.top/js/v-index.js.c7edebe7.js	40 kB	2023-05-29	2023-05-31
Pretty URL veftaunysurvey.top/js/v-index.js.c7edebe7.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 14:08:48 Last Seen2023-05-31 04:35:27 Times Seen111 Hash 007c05ac7cfae006ebe099061bf7edc7 c856495b7c48194a3aeb9527a0224ce4482da35f 4a3dfb4f39645830068d08fdebc83f015a28ffcec0aa7e9bd0ad819edafe3fcb Loading...

	veftaunysurvey.top/js/_each-land-config.406ff2d6.js	53 kB	2023-05-29	2023-05-31
Pretty URL veftaunysurvey.top/js/_each-land-config.406ff2d6.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 14:08:48 Last Seen2023-05-31 04:35:27 Times Seen106 Hash 4ca2ea7c541b071ade5b5cd426c9696c b78c05d44929f4e49c6de4688a07273f204391c1 8fcfebe2f6fea5c63d83b2ad133b9fe43c02566e40c4c2a669123a148d3556fd Loading...

	veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000	42 kB	2023-04-28	2023-05-31
Pretty URL veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000 IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-28 17:56:15 Last Seen2023-05-31 04:35:27 Times Seen1431 Hash 9c1a21a7325f334b8f1115b7c6476950 6cbe8da2596f380db8bb7a40fb42c7958f357c6e 9243782de0a2103b4cb642615ede16afdb1cafcb6aab5eba687a796e44f0a84d Loading...

	veftaunysurvey.top/js/survey.1104d4e1.js	5.4 kB	2023-05-29	2023-05-31
Pretty URL veftaunysurvey.top/js/survey.1104d4e1.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 14:08:48 Last Seen2023-05-31 04:35:27 Times Seen69 Hash b01dca0851e025b646704c6963d3f87c bd98b8951a55de90e1a5472671bfb74f0c4308d5 f8f395cc8d85afb5c177942e2e82a2b2b87d272ad848e07481bf4f7ca82f01c1 Loading...

	cdntechone.com/stattag.js	18 kB	2023-05-22	2023-09-07
Pretty URL cdntechone.com/stattag.js IP 172.67.149.153 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 16:28:01 Last Seen2023-09-07 08:45:40 Times Seen4488 Hash 0fdff67feab23cc69ecfb6800fc54cb7 eb84c650e6d27e290795207b1f37dd7b67f2aa06 456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378 Loading...

	veftaunysurvey.top/js/v-index.mjs.6da8765a.js	35 kB	2023-05-29	2023-05-31
Pretty URL veftaunysurvey.top/js/v-index.mjs.6da8765a.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 14:08:48 Last Seen2023-05-31 04:35:27 Times Seen107 Hash 3330fa0f6a155bb09bfe7298fa2244c9 8997fbd35187ee5421fd4e640a11cf83c1ff6122 ef9812805366724890185fc2fc15aea43c94cbdca29769886c8a318f5eed3eaa Loading...

	veftaunysurvey.top/js/config/data/sd-1203000.js?v=10	2.7 kB	2023-05-25	2023-06-05
Pretty URL veftaunysurvey.top/js/config/data/sd-1203000.js?v=10 IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-25 14:36:02 Last Seen2023-06-05 05:23:20 Times Seen122 Hash b0264623f1137ebfc5fe924ecc5f111d 9b677216e28e11a444c576413677648c7b80e04a 8722cbace536c2b864b373e1657e9e22effadb08fefe9bfe2d9153a29b0b1690 Loading...

	veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2	250 B	2023-04-11	2024-04-27
Pretty URL veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2 IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-11 14:49:40 Last Seen2024-04-27 01:19:54 Times Seen11182 Hash 9d9b48d49f88bc3e71b52a408295effa ca122790003cf5d50f71165ed81d120d8a91199e e7427cfeefd59822deeb50274e744da9ce4173ab34ba825aff2d79f1dbc7be76 Loading...

	veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js	129 kB	2023-05-23	2023-05-31
Pretty URL veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 14:03:46 Last Seen2023-05-31 04:35:27 Times Seen816 Hash 925bb81eaa725b80e8dce9ade125a94b 29e32bc68e79dad785e94113e1402d700c3dd133 2ea31962a5f2df9665ffcd095d704efb79003916cc395ea967807ee7edef56e7 Loading...

	veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js	1.2 kB	2023-05-23	2023-05-31
Pretty URL veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 14:03:46 Last Seen2023-05-31 04:35:27 Times Seen596 Hash 8441142cc75792a94f123b2b192ec157 eee527ff1becc5bc1859ce1fbb36f19783804eaf 7133a3448bcfd236054272a0b8c6a04d776e4c4ebf5e1b40a721e276daea9891 Loading...

	veftaunysurvey.top/js/_core-survey.47874637.js	221 kB	2023-05-29	2023-05-31
Pretty URL veftaunysurvey.top/js/_core-survey.47874637.js IP 104.21.93.116 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-29 14:08:48 Last Seen2023-05-31 04:35:27 Times Seen78 Hash fdd66b3c5ef9e3f59d465cc35c637880 b7a5f668de7a87c4ec76f33d3586e6b5ddccd712 1931b8555e90fda4ca8fd491fb336569a554f844d3f80c8bf13151c8dc221ace Loading...

		Size	First Seen	Last Seen
	#1 Write - 5531a5834816222280f20d1ef9e95f69	4 B	2023-03-12	2024-01-28
Pretty Observations First Seen2023-03-12 12:17:15 Last Seen2024-01-28 13:22:54 Times Seen21116 Hash 5531a5834816222280f20d1ef9e95f69 445cd2fd3273962bdf09425109a2d09f7170e837 d398b29d3dbbb9bf201d4c7e1c19ff9d43c15fd45a0cec46fbe9885ec3f6e97f Loading...

HTTP Transactions (60)

URL IP Response Size

rassid.site/tr=22491

31.170.164.241

707 B

URL
rassid.site/tr=22491
IP
31.170.164.241:0
ASN
#47583 Hostinger International Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tr=22491 HTTP/1.1
Host: rassid.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 707
date: Mon, 29 May 2023 12:29:34 GMT
server: LiteSpeed
location: http://ar1gov.site/recharge/?tr=22491
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

ar1gov.site/recharge/?tr=22491

198.54.120.153

707 B

URL
ar1gov.site/recharge/?tr=22491
IP
198.54.120.153:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /recharge/?tr=22491 HTTP/1.1
Host: ar1gov.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Mon, 29 May 2023 12:29:34 GMT
server: LiteSpeed
location: https://ar1gov.site/recharge/?tr=22491
x-turbo-charged-by: LiteSpeed

ocsp.sectigo.com/

104.18.15.101

472 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e21131aee8c8c1c8f827a853fc0a0d01
eda5ff5aa1043bb5719de3ae96da675967713b2e
715b917403b6740ca19a730b32e99ad79df1193ef60333ee3b55a585b86ee59d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 29 May 2023 12:29:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 May 2023 11:41:06 GMT
Expires: Fri, 02 Jun 2023 11:41:05 GMT
Etag: "eda5ff5aa1043bb5719de3ae96da675967713b2e"
Cache-Control: max-age=342089,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ceebe657b6bb4ee-OSL

ar1gov.site/recharge/?tr=22491

198.54.120.153

487 B

URL
ar1gov.site/recharge/?tr=22491
IP
198.54.120.153:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
487 B (487 bytes)
Hash
c536856f6f2771a9c2596a87b17741cf
054253962b178c3ca437dcf7395e582d8ab078e5
f0b7d660a7e9b5ec526b7526eafec89eb409970c0736a41370cc2c0a23ebbb83

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /recharge/?tr=22491 HTTP/1.1
Host: ar1gov.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.0.28
content-type: text/html; charset=UTF-8
content-length: 487
content-encoding: br
vary: Accept-Encoding
date: Mon, 29 May 2023 12:29:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

smrturl.co/2570b3d

172.67.182.139

1.0 kB

URL
smrturl.co/2570b3d
IP
172.67.182.139:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
1.0 kB (1019 bytes)
Hash
c6a8cba7b214941d8da0037655c55eec
2e53b3bd1f47a22d8cea7cc5d3f7613cb719c96b
4661577bb79cd4bd54c03724e6097ec18453430b9a6e91c24539ce6593c3f323

HTTP Headers

GET /2570b3d HTTP/1.1
Host: smrturl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ar1gov.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 29 May 2023 12:29:36 GMT
content-type: text/html; charset=UTF-8
location: https://d3ikgzh4osba2b.cloudfront.net/public/dynamo/smartLinkClick.php?offer_id=53244300&offer_position=1&visitor_id=Vdbe0a40c56771&m=0&user_id=2476&it=3544734&key=5ef4a&s2=smart-2570b3d&hash=abfa813e1925164410b6c4affca8dcd5
x-powered-by: PHP/7.4.11
set-cookie: CPABUILD_API=df2d32b5adfe1a964536; expires=Wed, 06-Sep-2023 12:29:36 GMT; Max-Age=8640000; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9GBF2XfJRzbGXS5fuqo6loIBE6ZI7Cbai6EXfIB7g4XncdDk4MlD%2BqOiK9hx65Ta1OoeLAHqiBddPBv1QHv4gbL8aKtQt%2F%2FQz1bPT49L6kNzc95sQjPSap16ITZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe6bfab7b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.15.101

472 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
1a4037adfb0748bbd8542bafcdaa45b6
2cafae93c435d75dacdec80c9545a9822c948627
92b19a86408a498ecc7f46caead61344cfff24f25eda3337ab330d4bafa756cf

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 29 May 2023 12:29:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 27 May 2023 03:07:18 GMT
Expires: Sat, 03 Jun 2023 03:07:17 GMT
Etag: "2cafae93c435d75dacdec80c9545a9822c948627"
Cache-Control: max-age=397733,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ceebe72ef03b4ee-OSL

run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb86c447a5492&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F

35.204.59.16

0 B

URL
run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb86c447a5492&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F
IP
35.204.59.16:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=1309&offer_id=73824&sub1=Cdb86c447a5492&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F HTTP/1.1
Host: run.storkmobi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 29 May 2023 12:29:37 GMT
content-length: 0
location: https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85
x-adjust-use-original-forwarded-for: 1
referer: 
referrer-policy: no-referrer
set-cookie: afclick=64749ab121e612000186cb85; expires=Tue, 28 May 2024 12:29:37 GMT; secure; SameSite=None
afoffers={"73824":1685363377}; expires=Tue, 28 May 2024 12:29:37 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

veftaunysurvey.top/img/icon-survey.svg

104.21.93.116

200 OK

1.3 kB

URL GET HTTP/3
veftaunysurvey.top/img/icon-survey.svg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1080)
Size
1.3 kB (1284 bytes)
Hash
9612f51aebfc959fbe20466738ad7a35
40018ba48bd4ed13c219ceb9efdeccac7902ff4f
a35df0cc8723374ad7b9b6a99e7b07b23a32783d0ae1897fbf8dbc6e6ffe11d6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /img/icon-survey.svg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: image/svg+xml
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: W/"646f514c-c19"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OKG5GVwyH%2FQywoIFCMOgOUiPX3%2B80nhS6Iq4JXkRmbU%2BeEMlikNg%2F5axbQ4fxXVqC0pVPzKK11AEJDfYjx45IEGBcZd2GrWSvAz%2F4Gubxc0%2FnJYkCb1M%2BI1Wa3Tf9GOIwEZX9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb2b0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js

104.21.93.116

200 OK

42 kB

URL GET HTTP/3
veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42157 bytes)
Hash
925bb81eaa725b80e8dce9ade125a94b
29e32bc68e79dad785e94113e1402d700c3dd133
2ea31962a5f2df9665ffcd095d704efb79003916cc395ea967807ee7edef56e7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-react-dom.production.min.js.6effe279.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-1f8eb"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2B%2BySkfdvwoqMY0JoIX8TQyJFhODKP16e8pjYHalNGH3wfCsdScSIzvs6AMbd8dEixGURF6bPJ4q54bjCwN7Fl2v0DcknX5l6QTVt6gtPecBgDBdLCk2O1UiPMp0s2cy97PMkW0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb1b0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/css/_core-survey.26c0898c.css

104.21.93.116

200 OK

4.4 kB

URL GET HTTP/3
veftaunysurvey.top/css/_core-survey.26c0898c.css
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (3187), with no line terminators
Size
4.4 kB (4434 bytes)
Hash
2e6143d07cb0a0273cd0fded0cd7b430
4853285adf3a468cc8a42b1c6f17d8353cfef896
f2690b871425a66071365ba5be475a5089e8074dbdab7df95a71bbee62e2f5fb

HTTP Headers

GET /css/_core-survey.26c0898c.css HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=3194
etag: W/"646f514d-c7a"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70ypjAPvz18q7YO2hNZNwWNeN%2BDh2S35P69M8HijRf34QZ4pwdlc5LdvnXUrXAMJv%2F8rQS2nPXIEMtmRXQLOYoJuhRw7ddrUhwNz7diBeYwDsPLHn6VvhaqxDXBatgGpWPkpm%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb280b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
11ddcad6f0fc074c4f1b86c66ced6d86
cdd65841fec92aca297dfc5c17dee8c8b525fd1f
64cf10b6657bc2be18416ea274885a23d1dfaab08a13f87f113e19c9aeaf4fd8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 12:29:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js?render=explicit&hl=en

142.250.74.164

200 OK

556 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?render=explicit&hl=en
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint48:E3:15:66:FC:EA:15:BF:D2:34:C1:DD:60:D4:23:A3:63:57:89:8D
ValidityMon, 08 May 2023 08:25:18 GMT - Mon, 31 Jul 2023 08:25:17 GMT

File type
ASCII text, with very long lines (852), with no line terminators
Size
556 B (556 bytes)
Hash
6eb227f49545693ff09e7e868952f4af
dc2cfcf4a5d33b127c8c5d18dbe577c1e690dfa9
0a22aef6916a4504fc4c1b3f83cf9ad8dec879e875888b7598ee8edde393d86d

HTTP Headers

GET /recaptcha/api.js?render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Mon, 29 May 2023 12:29:38 GMT
date: Mon, 29 May 2023 12:29:38 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js

104.21.93.116

200 OK

6.7 kB

URL GET HTTP/3
veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (10496), with no line terminators
Size
6.7 kB (6676 bytes)
Hash
fb46146a17eb0c4a887b7df1f66f7fa7
4be05a7ad649b3b907cecb1e92262ef8eb849946
d326fd3d05fc533b5f383d2695e3c013e267d1de919a64c798b49c7f8f36b55c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-immer.esm.mjs.d9bdbc14.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2900"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buKFB18o90MmbnKDqAP%2FSNi%2BvArB5TCXz%2F2xrXU6ITUSpiUnDzLa2eUKmf72Ivq0J5hAUuPrjshm%2Bah97a8MfAKbgPoLr2940dkKHGLrPGrxRd6z2NzHbCsETBPqP7EFcwkTn64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb170b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/unnamed.jpg

104.21.93.116

200 OK

1.4 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/unnamed.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
1.4 kB (1378 bytes)
Hash
449aaf5a54e3fe3aa4f0f5875bede090
b2b897362626700277b7f8baca8b1f292d08b7e5
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59

HTTP Headers

GET /img/comments/unnamed.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 1378
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-562"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KclUt5eRMDHpJgWCDRPhcVX5y6G%2FoJd0TDVAHPfxv%2FaN0IFU9vAkaYJBrj0pTpt1m88CzVLz7pa3ogxuV05qt9SwgyitQR8lxKdNg%2BtRaUs%2BZ0FXshGV4dIL5kUbcPxLv5ndZkM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998590b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-14.jpg

104.21.93.116

200 OK

5.4 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-14.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
5.4 kB (5392 bytes)
Hash
6012ff0d59aa6a34aaca1ea8f2fa88fc
ef59662c9b666106486039e9f1deb40fb4a8ff77
2c020310e91430067c7128425f14ac0ff1710aea5e67c144a8fceac46311182d

HTTP Headers

GET /img/comments/person-14.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 5392
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-1510"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JDnBPa6hypQuoG7ms1ga%2FxuDp4bCfyXu024gmYNa9kbcSS1gOnBh2rJULx9bVFI2WJJDZzPe%2FqgCPfDlI%2FPxbr04nl8HiyFKdqE2xBIGBgCY4kDIyYGs3%2BmBPVWTbzdrFWmq5c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79985f0b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-2.png

104.21.93.116

200 OK

6.4 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-2.png
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Size
6.4 kB (6428 bytes)
Hash
3e6eaea87b2891590972dd11373b09a3
f038c6e6306ca708defa2b601bf9477f0cf78a3d
15aadd2e7f4f83e79f35e760da382fb8b5045d2cf506f531bdc15b7b27f699a5

HTTP Headers

GET /img/comments/person-2.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/png
content-length: 6428
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-191c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeCzYlVNqKOSzaJIblXxUJ8KGc1g5H4h%2BjVT3qD1i6lXS4EKaYBEkukFgMDJ3uMe48nTH70xeWXrJpU5i3CIc7fIV1mdaOwvlOdjEyIvNpPPkxZN7JKLifIpXyG3GMe7BqZxRd0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998600b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-1.png

104.21.93.116

200 OK

6.6 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-1.png
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Size
6.6 kB (6577 bytes)
Hash
8f9a954bf05965bb41cf97a7ddb7a375
de9db936bbea75043e08a55d1f371678fca2270c
a787bd40650924a7bbc61d6ea0bbcaddae4b3129fd8028b68c3629210e41e26d

HTTP Headers

GET /img/comments/person-1.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/png
content-length: 6577
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-19b1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXQUtBI%2FFY0x5Jsa7eGoGqTLKPaHcnECOQRi%2BlZQJf6saILJmfmfQnQ3KTgHHbd6c%2Fc%2B8iM3oG%2FWRsMP1CF9XRyfCa6ORf%2FSdQu6l99ftgbMIT81CkO6Y8cmp29viotqmn%2Fua44%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79985b0b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-5.jpg

104.21.93.116

200 OK

4.3 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-5.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
4.3 kB (4333 bytes)
Hash
21fd6ef6d69b527c02e92a8c23d28d52
5980b75edc23f7fa2f57fa257cb67c9efb86fa58
f37490dbef620959d7124e3de027c5b5c43a57dc90737163947a6725444051eb

HTTP Headers

GET /img/comments/person-5.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 4333
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-10ed"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0eAver6nnklG%2ByvMw88ZAh8U7OvIVl5NiF3fXlH3vQhhHVH81%2B2z0uHOq3cReZXygiYEYloUhKnV6hwGPlWt%2B4ImbAXgkbFyI6OfVNOjEjSkVWlhlmYjDG93kRkspFyYtCjHag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998660b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85

104.21.93.116

7.7 kB

URL
veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85
IP
104.21.93.116:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4701), with no line terminators
Size
7.7 kB (7706 bytes)
Hash
556f9e5cfda44699a147fc757258737d
35da9c26ca403bc1b42fa1cb3c3267dcb48c00ca
b72d8e8a3804c4097994d8330989ba3235c3706570960a38fb36b9640af9e089

HTTP Headers

GET /finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/html
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4U3gQtt4uY6c1w4kEMoanmwuAxoEW9gJrdCcjhhkaSmBRM210jZoHyCYZYardQpicn8vyBp1WxhenHNMsU%2B6yoz5UtwEoDyGU%2FPCCn8v%2FyIF7v7kKjb9ld7J3Qs6cBArpyzz6E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe73dcebb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

veftaunysurvey.top/img/comments/person-4.jpeg

104.21.93.116

200 OK

2.7 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-4.jpeg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
2.7 kB (2709 bytes)
Hash
6cf64555e2de0ff8b5391081b648b89a
a32008bacf7f8cd3859eb86c6c8d36eeb15dbdf0
d4f513bf3a5691b900739cf79285d18ef09ef4b81eca648261b15a693d21818d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /img/comments/person-4.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 2709
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-a95"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dv9bkE48DabY5B6DMnvzfcEEoCht1I4jLFyMMpyKZmyUtbvrsBcKIjXju3n5qmhFNQJgeO96hq8QfSMDevu9c8j19nXIkJ5oilnPly0OwfGnjQUlYMJ3q6Mstqat%2BEY%2FowKpp4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998620b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/s-storageService.js.24e15119.js

104.21.93.116

200 OK

1.4 kB

URL GET HTTP/3
veftaunysurvey.top/js/s-storageService.js.24e15119.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (2572), with no line terminators
Size
1.4 kB (1369 bytes)
Hash
4816f938e9d10c0caa7cd06c6a9b4795
ad3bd074f4b8b7550d6f9563e5097683a2dc76c2
36c9a2201b667c84dbecb7415e6fc6b9697ce920edaf258db96831ff284177b0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/s-storageService.js.24e15119.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-a0c"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WM9hjCGxltfqBSn56R58nBQwk5dvcWP57NWUBwtB0Go9%2Flrg1pnc5RkHWS5ikObA7zYZhMSM16yheVANXpKqucwbMCkwFZrTQzY7cV7PPyG2yM3DcJrkzBoMTQ1ZoE8Em5Fdceo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ace20b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-10.jpg

104.21.93.116

200 OK

6.2 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-10.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, software=Google], baseline, precision 8, 100x100, components 3\012- data
Size
6.2 kB (6178 bytes)
Hash
044ab37551bfe632f53b8f15d991f36e
77fdc6210608e5e36e1d36ac7fd867104cb20d9e
36adcb32026c016feaff678063911fcc9e7985e9f0c56bb1daa776f98964ef91

HTTP Headers

GET /img/comments/person-10.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 6178
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1822"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NQdOjSFzxI4QBrZQg%2BP28AgTfg22y3QUx5solqPasOLX64ZwasyXckw9FXbRvVoqHroBCHA6qWGqIWMIXxQKTJSoIqeLDEPI%2BqOTWC3yrYzwTw9BHCaptL%2F04RK%2B6AdepDDHi0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998710b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-9.jpg

104.21.93.116

200 OK

5.2 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-9.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
5.2 kB (5190 bytes)
Hash
529370f9fd3b0f4da6c81ca91a931155
1a4c3e0e7af1ce30dc2ca18d48b5fc3f1b40aad3
cdf1b8dcdce4e9b76157ce90e086ebafb100063eaeb091e97087d97f5d0fb50b

HTTP Headers

GET /img/comments/person-9.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 5190
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1446"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpcgPHx9R%2BeO6SHkXyDTLWGyKZLXf%2FqVPBD8oyiZ3UzXs4H7GMfo8XEyWWWqik%2F%2BK3FUg8BIIQj6Ddo%2FJfRcivVGMAekbKIDgDb5NuDXuVunMwCMD%2F8wT0dPyvWi795dybfQBJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986f0b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-3.png

104.21.93.116

200 OK

7.4 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-3.png
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Size
7.4 kB (7368 bytes)
Hash
2f62e53b6333bc904be22a37a1fd0ace
6e972fefcbe0193d9b28817c47c1ceab2a0235d1
9128194f1b1bf44435a3e80f994157b94a40a3365cd8f0794dcadb41a24c3b41

HTTP Headers

GET /img/comments/person-3.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/png
content-length: 7368
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1cc8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dnSDsY8hdNkJ13zibYd%2FIdHv4K9fOE4XDijLxpdcyQKLgSndC%2BsCO1vIUI3B%2B6IVdJg28S7g8YRl4D%2BRsFqsUXSGzpC9ZBDrExwPLVKbXJ6bRfbrMYJSFRIojV65CD6szZpZ18%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986e0b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-6.jpg

104.21.93.116

200 OK

4.4 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-6.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
4.4 kB (4392 bytes)
Hash
be9ff88491a5bc0745579a3813eb2cbe
870f88a7fae9fdd928af33f47c5ffdddc6a4082b
698d413ddf6b2ec37acf0e982237d239bd912cb097e243cb355855ac2b8548d3

HTTP Headers

GET /img/comments/person-6.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 4392
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-1128"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNq%2FoIJNyunOb76uGIh0yr3oM3bDSxwUApEdzsFpoKc07oi0dVZQAEY4Jb7tEKLrhqBDxfj2bp%2FW%2Bzs7y5MBmZNWDAR4XHLyfeCw4Dl9C4OqEGUFH0jzpQiYWrGfoWL3M4F79Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986a0b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-12.jpeg

104.21.93.116

200 OK

3.5 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-12.jpeg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
3.5 kB (3519 bytes)
Hash
c937339f4ba54ff7dc150b9865c29084
44206828ca23cbed303193bde1dfe47bdc532972
8e872daac17de58d352c9f4082e6e35af76a8b2138c142a8cf0fbacea195c73e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /img/comments/person-12.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 3519
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-dbf"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WHBUtJQWREIWsqAKH6cUCwS4kgwqicl8e%2FXLe%2BLV0mFXzjBT9nLjCWawhUD2BNvZ9uSv7nL5VActZBR7aikFCw5e7qmNn0Lc6DG1fXPHECwGlJBmk9mn7vG34kKSQTaQm9%2FdFMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79b8870b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-11.jpeg

104.21.93.116

200 OK

4.2 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-11.jpeg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
4.2 kB (4175 bytes)
Hash
3924bdc784dc4947f52b779aa4d5a0aa
1e3f3fdd99490addd60014aa7327fe27c6bd5589
b3f882f57f9a213d85eb1c5c6a8a1451bd16dfcd9e4bd00e0a74584422dbd950

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /img/comments/person-11.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 4175
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-104f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=angvNeWAv7a6FSuwWoWb7eLrfhNkEd5PBfIvBvFqdqA3UGnggoW%2Fi4JY78o1mBS5p%2Fv9QUBmeECeVl7GmKLGNjdB1KMglcsqiLBs6QpScGejwj%2FxPK7lDXXEq4mAiiTUKbvH8QM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79b8890b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-13.jpg

104.21.93.116

200 OK

3.2 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-13.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
3.2 kB (3172 bytes)
Hash
a3364ed9e772ae6f696b814072001bf8
b8f34c657c31bf1e4d42b5d864b2519493d80e92
88f30b8552d0ab928d895390b337a0049405f3b1e8446631e606ba787e1205e1

HTTP Headers

GET /img/comments/person-13.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 3172
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-c64"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lu4ZqLJsFJHnPsQH6gTCNH5uExRP9SyvMjv6TcMhPvULkbo5N8ub6uKVp%2BkiSttQtz8Zgc1HoLHUX1exN8XHEQzGc0Q6y4wZU506paLEh4pKoICf8%2F3sn49htxqw3Ih5Qx5wxKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79b88c0b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/v-index.js.c7edebe7.js

104.21.93.116

200 OK

14 kB

URL GET HTTP/3
veftaunysurvey.top/js/v-index.js.c7edebe7.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (40296), with no line terminators
Size
14 kB (13561 bytes)
Hash
007c05ac7cfae006ebe099061bf7edc7
c856495b7c48194a3aeb9527a0224ce4482da35f
4a3dfb4f39645830068d08fdebc83f015a28ffcec0aa7e9bd0ad819edafe3fcb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-index.js.c7edebe7.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-9d68"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHT1osUfia5srODbTpmGmNm0SEgvUQiCVLY7tcrGzPOv7hxdfZk7b9lNfQUfVZdMYjLxVV8v%2Bc4I33pg4geRrQe8%2FHXwCgE2Icy6w%2BC0JoNQYeErssaYDbUnEH8z1QLekr1L3PU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bce40b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

laugoust.com/zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest

139.45.197.250

200 OK

0 B

URL POST HTTP/2
laugoust.com/zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerLet's Encrypt
Subjectlaugoust.com
Fingerprint99:7C:6B:09:6A:A1:BC:70:53:D5:2F:97:56:F3:C0:A5:06:9F:80:C9
ValiditySun, 19 Mar 2023 05:11:02 GMT - Sat, 17 Jun 2023 05:11:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest HTTP/1.1
Host: laugoust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:38 GMT
content-length: 0
x-trace-id: c37d4089997ce66832e234339debd86d
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 12:29:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js

142.250.74.35

200 OK

166 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
ASCII text, with very long lines (660)
Size
166 kB (166449 bytes)
Hash
95a32a4d8f8be968bc15d6ab9b9491d1
fbfbcb40c8d8997096cd2ea3d8cfc3dee1981015
a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981

HTTP Headers

GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166449
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 23:49:29 GMT
expires: Tue, 21 May 2024 23:49:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 May 2023 20:58:33 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 564009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 12:29:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

veftaunysurvey.top/js/v-index.js.c7edebe7.js

104.21.93.116

200 OK

16 kB

URL GET HTTP/3
veftaunysurvey.top/js/v-index.js.c7edebe7.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (40296), with no line terminators
Size
16 kB (15647 bytes)
Hash
007c05ac7cfae006ebe099061bf7edc7
c856495b7c48194a3aeb9527a0224ce4482da35f
4a3dfb4f39645830068d08fdebc83f015a28ffcec0aa7e9bd0ad819edafe3fcb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-index.js.c7edebe7.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-9d68"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EYiIPG4IOELki4yGzZGBPRARgtKJxpUrorSTu99%2BfP9ojqX%2BHbFgf4gBQCR5GtydHU8oKsatw%2F1GmReyxGxJRNJLffd2Xn%2B476MdXDwSGWO71miCzLvPAIotpTmuV5In1sCLxyg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74eb080b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/icon-survey.svg

104.21.93.116

200 OK

3.6 kB

URL GET HTTP/3
veftaunysurvey.top/img/icon-survey.svg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1080)
Size
3.6 kB (3636 bytes)
Hash
9612f51aebfc959fbe20466738ad7a35
40018ba48bd4ed13c219ceb9efdeccac7902ff4f
a35df0cc8723374ad7b9b6a99e7b07b23a32783d0ae1897fbf8dbc6e6ffe11d6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /img/icon-survey.svg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: image/svg+xml
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: W/"646f514c-c19"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47j6JZfeGfFXfTzwsmYM6GYZeMn%2BBJK95wD9Fh7lUKjtnVopO4ZTm%2BnXDKivo5atI4%2FZhhkQ3bUJo6OVtLJBQN4KPwsUu8CMU%2BZFH8vFfVHCrku9XNXuPxKw7VfXt%2F9ooSQ2lj4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe776dc00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

139.45.195.253

200 OK

12 B

URL POST HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP
139.45.195.253:443
ASN
#9002 RETN Limited

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint6F:17:15:C2:7F:CC:16:6C:9D:C0:AD:C3:EE:DA:69:61:8C:77:0B:5B
ValiditySun, 18 Dec 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1476
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 29 May 2023 12:29:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://veftaunysurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

POST /img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: ID=92f23135ebcd488484b1ab3362334f4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:50 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=92f23135ebcd488484b1ab3362334f4b; expires=Tue, 28 May 2024 12:29:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

veftaunysurvey.top/css/survey.2bfeef83.css

104.21.93.116

200 OK

67 kB

URL GET HTTP/3
veftaunysurvey.top/css/survey.2bfeef83.css
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (66579 bytes)
Hash
ba8ddbfa60d2feec516710cd5de1746d
9ddfc2f60deda512e71fa888c546c4300e3a530e
04ea2783c47b74e28c9583983c12e1ea4ac25e5ab50f0270829687607a03a782

HTTP Headers

GET /css/survey.2bfeef83.css HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=66591
etag: W/"646f514d-1041f"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6YiZk7dd3CmO%2BZ8ocGeVIgsBfZK%2BMRIQQOc2M1GBU5qL5BWZbMe1tjAZDmu34zPMMH5doiZzrVEVTmmbIUC6FqtVwXxlp%2BGo3KhM5SvwkEg0%2B24E8fV%2Fav%2Fa7oHs6E%2B8gaiZbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ccfd0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/config/data/sd-1203000.js?v=10

104.21.93.116

200 OK

2.7 kB

URL GET HTTP/3
veftaunysurvey.top/js/config/data/sd-1203000.js?v=10
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (2839), with no line terminators
Size
2.7 kB (2722 bytes)
Hash
501882c63654cc39a921890ab999f9e8
0d1f94ce2336fcb0f5aa05e50ce579007d1d3eaf
70dfcfb1c3c467b41bb0e0bf33302cd6ce971a2d4e6227c7f9ca4be5b90072b1

HTTP Headers

GET /js/config/data/sd-1203000.js?v=10 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-aa2"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fT7xeJs222TaZwqe8ITdCWu56Yq9SgzPaEAL5oQlkAYBNRmj%2BIygutaT5%2F1eO6wX4JJM9skFDRaGL9vnlyrUav3tYZiXe5LX5czJ2%2FrQpmFTbvSCelW0UqPpOjjRkaY2aCPuzoI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe77be140b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000

104.21.93.116

200 OK

1.3 kB

URL GET HTTP/3
veftaunysurvey.top/sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (1381), with no line terminators
Size
1.3 kB (1321 bytes)
Hash
c21b76d8c5cc98d28e2ded4d7182cfb3
615a50d523a68a9b87e50715c88671e6b70e2868
ce15252772a764d35cbda3d5faeeb3c3e190ed7c4a1c56f75b0997666ad44322

HTTP Headers

GET /sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1; finance_ID=06cb91e699a331c15bd6585259625525
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/javascript
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0rpQp93o4rO%2FR0zlviwuwAscpX2MgL01yZalsrl3VNNIpaV19hnNvBM7Y30SJp3cXhfjNiUIUXWTRny1%2BEH4hf47v2wDhDxWtg0UU7mrJsSfTFPl%2FFkc8CUM7PnC9VLaJjzexQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7cebe90b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
ab3476c49b7d3cb3aceb37e27028ec86
88b493b476fcf262aa2753960ea7270d9dbf3e3f
645559c3cf65de19c4dbd5bc923272b2c2121af2b188e993945bfe52de86877f

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Cookie: ID=92f23135ebcd488484b1ab3362334f4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=92f23135ebcd488484b1ab3362334f4b; expires=Tue, 28 May 2024 12:29:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

veftaunysurvey.top/js/_is-browser-supported.c49ec082.js

104.21.93.116

200 OK

1.0 kB

URL GET HTTP/3
veftaunysurvey.top/js/_is-browser-supported.c49ec082.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (1102), with no line terminators
Size
1.0 kB (1015 bytes)
Hash
347149a5f2db6ba9662854836bd194ba
dad9564747ff98e7449226386615f6846b11920e
c84c175bb7a22aee56cd585dfeec157387639c062a12b726f8f4dd3f0c36cc7a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/_is-browser-supported.c49ec082.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-3f7"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVhYdsRhqIF3DZHozdg7GhW8DZpmyBiTHYT9nAAaI6LO%2Bq3SAU217nFeG6B7esW57TiB%2Bf93sw776V1YjfBX9K3yyH2%2FShrxZb96HaFBnJSOuJP%2FhKEttuiIeaQlmqX%2FN5jrQu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76acdf0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000

104.21.93.116

200 OK

42 kB

URL GET HTTP/3
veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
C source, ASCII text, with very long lines (41946), with no line terminators
Size
42 kB (41946 bytes)
Hash
9c1a21a7325f334b8f1115b7c6476950
6cbe8da2596f380db8bb7a40fb42c7958f357c6e
9243782de0a2103b4cb642615ede16afdb1cafcb6aab5eba687a796e44f0a84d

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/javascript
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-a3da"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=srX0%2FsyIIdbh8Z1pnRAbqjFN%2FFFMufCvGcGm83dvnCqr4mCDPKQDK2vOcqVRgtn%2FpIGVwJWit%2BVoCZy3a2cUScrv2oijnqJRKCWPPh7MP%2F49K8Lxm5Vok%2FeWql8a6HG%2BM%2FH2%2B0U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe78af390b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/_each-land-config.406ff2d6.js

104.21.93.116

200 OK

53 kB

URL GET HTTP/3
veftaunysurvey.top/js/_each-land-config.406ff2d6.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (53427), with no line terminators
Size
53 kB (53427 bytes)
Hash
4ca2ea7c541b071ade5b5cd426c9696c
b78c05d44929f4e49c6de4688a07273f204391c1
8fcfebe2f6fea5c63d83b2ad133b9fe43c02566e40c4c2a669123a148d3556fd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/_each-land-config.406ff2d6.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-d0b3"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=alppXxLnOw7IV1quz4a5UsVl0Ce1kEIsc9sF431KLPJ9qsf3kUpQEdV747aThba500lf%2B8wlFB8VwBJ8r0COa6ebGocRmfgw%2BydKp2mTgaE6Xjc1XLg76MGy%2FXWJogjqea%2BTzzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bceb0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/img/comments/person-8.jpg

104.21.93.116

200 OK

5.7 kB

URL GET HTTP/3
veftaunysurvey.top/img/comments/person-8.jpg
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, software=Google], baseline, precision 8, 100x100, components 3\012- data
Size
5.7 kB (5748 bytes)
Hash
6b10e71656e51e27520e854712b44f1c
f78b92dded977e9f275aba726453138155420bcf
64588485da7d470991fdba6c20a6d05c7ad39f92cca72769a95cbe3d873e8edc

HTTP Headers

GET /img/comments/person-8.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 5748
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-1674"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B31Z8BDSh6IO%2Bbn7gir2xT2ZaCVBCE1u8hKkW9j8JPlfXSsQOfe8opjzRrnsBfg6KOcj3Q2vV5%2FnLghK%2FqO22Q8NuxvGEMmyblYPgoaEvym4Rf8GhQT83BHgLj3AhUG5OVJ1vgc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986c0b51-OSL
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js

104.21.93.116

200 OK

1.2 kB

URL GET HTTP/3
veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (1216), with no line terminators
Size
1.2 kB (1194 bytes)
Hash
a6d0cd1e59a9153917d7b1f955df03ba
8062cabc3e39bfa8c0a7d12109ac3bb174cbdf9d
e4e8ac53c3f131032d88c852c1c2f6cf04dcd0b64c2368830d746648200fbea9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/_global-config-sd.6c57bf6e.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-4aa"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa1X%2FI3E8dHZE%2BYtN3cZf8McVAkGDwZypmQZwSMTKIsboIjNc4svowG%2B4nB4C5I1c1DfULrPY3yoa5N%2Bx5W2fO57Zs2w%2Bk6LfO5HbjBH2Z8gjuzGOQEdpdSh83LOJ%2BOoTrP58Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ace00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/config/data/sd-2025.js

104.21.93.116

200 OK

9.2 kB

URL GET HTTP/3
veftaunysurvey.top/js/config/data/sd-2025.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (9549), with no line terminators
Size
9.2 kB (9233 bytes)
Hash
edcdb9407b2987df48166bfe2de6c40c
10d47a89a281d6fcfecd1f0d282af995d5bbcb8d
76279535713eaa977252ab71a88308fa2c09412cc6d22435c00b910565f2ab12

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/config/data/sd-2025.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2411"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5850
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4auSnfQWnCH8jUkkPHwXfD84FemEdHhf%2BLEGIOJZPuW2x9hTtEE%2FHHNom7xHD%2BXhsEe2YImCIwlPMIwdDHi%2FpyPVWEckqb7kVbqtt7QTmXimkQW2zupXjFjqbqiBI0asSDDVDGw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe77fe600b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

offpichuan.com/track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=64749ab121e612000186cb85

139.45.197.237

200 OK

173 B

URL GET HTTP/2
offpichuan.com/track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=64749ab121e612000186cb85
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerLet's Encrypt
Subjectoffpichuan.com
FingerprintDF:FD:C9:DF:54:1F:F8:D0:EB:70:9D:22:14:AB:31:A4:CA:18:1D:AE
ValidityThu, 30 Mar 2023 21:17:15 GMT - Wed, 28 Jun 2023 21:17:14 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
173 B (173 bytes)
Hash
3d5357099133ee586f178a5def1ce2f9
0674f10469e17538b2038e5aff3d352d30ac4472
6e4297bc88556cd93b90d2cae877898d65411e80d9d0f50211a037a7671e8536

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=64749ab121e612000186cb85 HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/json
content-length: 173
x-trace-id: ee7aeb313dee010ff4e30ef48c36b540
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

veftaunysurvey.top/favicon.ico

104.21.93.116

200 OK

1.2 kB

URL GET HTTP/3
veftaunysurvey.top/favicon.ico
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
668ba1a9fa1890ba16cb8adc28d3dad8
5e35223b2541265114eaf61b9da2556c812fea17
7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1; finance_ID=06cb91e699a331c15bd6585259625525
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/x-icon
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 742
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FirhXtpd8egRng9kS8JG6hEANDh6gi0MRCTOyBO5KgOQk%2Bb65PFn5oj4J2tjFonK5PTyHgu1LH1V81fBQqilirnHRJF2ps2MLAwy%2BLptG7H4CPg5DnOtillBdaP9VNH6w1RNs%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7b9a900b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/_rtc.1844c1d6.js

104.21.93.116

200 OK

11 kB

URL GET HTTP/3
veftaunysurvey.top/js/_rtc.1844c1d6.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (11189), with no line terminators
Size
11 kB (11189 bytes)
Hash
883b0649630864a2149008489d4ef7ec
7e59a27da52c8200f7c8d3718c5e88f9c6d40ecd
36b3238c01774500a75f9a44b860a700e713e89f103db5a915cd114f19dd9659

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/_rtc.1844c1d6.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2bb5"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lhb%2BuiXGq9JnUR%2Bd9XG9QRIrQNdfWGXXXx7kTJOwVCTPHwvGiUuBYsNHSsxyYhStQwRH5cyOXuz7UpBHdk66JwKhXPL86hddMoZiercjBbPDda4nvFwEgOy2mqSTMGDP0mQAVlc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ace10b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/v-redux-toolkit.esm.js.61e25c00.js

104.21.93.116

200 OK

11 kB

URL GET HTTP/3
veftaunysurvey.top/js/v-redux-toolkit.esm.js.61e25c00.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (11317), with no line terminators
Size
11 kB (11317 bytes)
Hash
ef0d81c5f3a115afbaf585c02c59dc3d
4502f6e492b723cd1dfd3535e74a978d0fbadc49
b632a3ba12a7ea94430f44ee7ada51e5e3295d1a1ee32f45993ae6a4cd9dd050

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-redux-toolkit.esm.js.61e25c00.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-2c35"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WmySxBzMNjs0I1YlxXlanP2Rk2nqOIs3x9iIDaR0NsDJm36RcEd8Zcd4OIQoMn%2FXHvSNO0sSmEBaWUsHat0w9PHvX%2BLLvjyFTPKf8Gaq%2FwemKO43AGw9WZeww%2BOI%2F6jIirFgRts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bce30b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dortmark.net/sync?userId=06cb91e699a331c15bd6585259625525&partition=finance&duration=5184000s

139.45.197.248

200 OK

45 B

URL GET HTTP/2
dortmark.net/sync?userId=06cb91e699a331c15bd6585259625525&partition=finance&duration=5184000s
IP
139.45.197.248:443
ASN
#9002 RETN Limited

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerLet's Encrypt
Subjectdortmark.net
Fingerprint2D:58:01:B8:69:29:6C:35:45:78:06:E6:15:E1:E3:B9:8B:47:F6:52
ValidityTue, 11 Apr 2023 11:46:30 GMT - Mon, 10 Jul 2023 11:46:29 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
deb5f9450e77c86910accb9a02c142c5
d8907ead671902ac3716e62f0ad648c34052b469
3fc697e5a2592db51a80d768f86d85673f90254b3b900146354420ac8a49ea4e

HTTP Headers

GET /sync?userId=06cb91e699a331c15bd6585259625525&partition=finance&duration=5184000s HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/json; charset=utf-8
content-length: 45
x-trace-id: fc3902b23caeaac767f2265295cf9b75
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: finance_ID=06cb91e699a331c15bd6585259625525; expires=Fri, 28 Jul 2023 12:29:38 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2

104.21.93.116

200 OK

4.7 kB

URL User Request GET HTTP/3
veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4929), with no line terminators
Size
4.7 kB (4701 bytes)
Hash
50a8dcbca8255d3df7dcec0f45fdd4e9
645bd022ce8cfb02eda7e5427b43ee94bd5f2eae
6c28fdadea0bbdce61cfbbbca3c1fb970b7cb575e04df73e729454928a387f18

HTTP Headers

GET /finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/html
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1fzFF8Bt1KjM9A%2FcMR%2F%2FWF1VP4i%2BvnGCnwYLRIhiDa%2FqThGNTyD3c6HIXdT8Fhsz6snTwSK1YWwiXIHJ99%2FCYWtq8BUEQUbLsjMd5VLhtDM0gJoYd3ELhjXxPHKaZAx%2B5dafgU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe75fc1e0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/_core-survey.47874637.js

104.21.93.116

200 OK

221 kB

URL GET HTTP/3
veftaunysurvey.top/js/_core-survey.47874637.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type

Size
221 kB (220770 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/_core-survey.47874637.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-35e62"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7pKFYSU5pu%2FY8xbt0n5JNI4vGPZPl8GfswnRdia1nL5L1MeZ2Jf5Vn676NHS4KCs7P0ubcrQ5PH1FUvoBoYjoR6rni5yG4MWoEt7C2MvocagN9Li60tuAk26MpcOb46xMhZULAw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bcfb0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/v-index.mjs.6da8765a.js

104.21.93.116

200 OK

35 kB

URL GET HTTP/3
veftaunysurvey.top/js/v-index.mjs.6da8765a.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (35051), with no line terminators
Size
35 kB (35051 bytes)
Hash
3330fa0f6a155bb09bfe7298fa2244c9
8997fbd35187ee5421fd4e640a11cf83c1ff6122
ef9812805366724890185fc2fc15aea43c94cbdca29769886c8a318f5eed3eaa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-index.mjs.6da8765a.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-88eb"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7CSU81eNgWlrvC8xgHpzRMCBzuVVV%2B2jlXLZ5Fw8EYf17H6upCdtk%2BDfVzTfCek6yjYc8WowS4Ro7jcNZMKRXmAkZ79niZd5qJSy5KfQye32hEb4J%2BM60JZBZ9EEgPp4tYJ4Qxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bcf00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdntechone.com/stattag.js

172.67.149.153

200 OK

18 kB

URL GET HTTP/2
cdntechone.com/stattag.js
IP
172.67.149.153:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint22:B1:48:87:A8:EF:B2:9B:65:EB:D6:C6:FD:8D:EF:A7:A7:DE:52:29
ValidityThu, 26 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT

File type
ASCII text, with very long lines (17871)
Size
18 kB (18521 bytes)
Hash
0fdff67feab23cc69ecfb6800fc54cb7
eb84c650e6d27e290795207b1f37dd7b67f2aa06
456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:53 GMT
etag: W/"646736c9-4859"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1716
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6L4Yv0ofa4SIufDfbCmb1mOt374geNZe8qP%2F20yscMfa6DcTlwrIWatDSG728UZhcjNnyhm82A%2FNflVKrs7I1LYvV%2BRAGt3WFFYB89g24Sd6EI70Yh97PScUZLhdaryUjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ceebe7d1fc30b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

veftaunysurvey.top/js/survey.1104d4e1.js

104.21.93.116

200 OK

5.4 kB

URL GET HTTP/3
veftaunysurvey.top/js/survey.1104d4e1.js
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
ASCII text, with very long lines (5583), with no line terminators
Size
5.4 kB (5437 bytes)
Hash
fa762f8e0852a23363190e6b1ccd90c2
01fbafce85f16162ae58dc0ebc3831bbcf56c6a7
e03a91cb7b9ed67fe78552582d43a9cf4f3ec765b4ecbd540687bdbc6d3bcee6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/survey.1104d4e1.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-153d"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOGjSty%2B8jco93TOrWaMY24LFrRw8MAatTudooQS5wmxjDmn8q8LQ026%2FVG0D1RI7vcdTcEFKezEsBSmts2gbLMAriHi94er26YVb%2FXxF2IHk1uD%2BLKMcun3cSgcVSFD5W0olpI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ccfc0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

veftaunysurvey.top/js/config/dict/cookie-consent-1.json?v=10

104.21.93.116

200 OK

6.8 kB

URL GET HTTP/3
veftaunysurvey.top/js/config/dict/cookie-consent-1.json?v=10
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators
Size
6.8 kB (6757 bytes)
Hash
4b2ff958e811a50d2f641818590b443d
6abae297812bb55fad869e953e7fdf7469cbe1ae
9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/json
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sa9vJqok76XdxBjr8LoDc5uc397ZCsZzkFKSjIx3BNrs1%2Bw7P%2FM0WJAJJ8JMVTh%2FR2zAolSXa%2BDp9Jt85CQMYTr%2F0KeRjQbnE94fHKIgYEQqhEjqAlTy8OSfOa4f4uhx7JZn9tw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe77ee540b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

offpichuan.com/rotate?zz=4292526;4326653;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=92f23135ebcd488484b1ab3362334f4b

139.45.197.237

200 OK

7.3 kB

URL GET HTTP/2
offpichuan.com/rotate?zz=4292526;4326653;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=92f23135ebcd488484b1ab3362334f4b
IP
139.45.197.237:443
ASN
#9002 RETN Limited

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerLet's Encrypt
Subjectoffpichuan.com
FingerprintDF:FD:C9:DF:54:1F:F8:D0:EB:70:9D:22:14:AB:31:A4:CA:18:1D:AE
ValidityThu, 30 Mar 2023 21:17:15 GMT - Wed, 28 Jun 2023 21:17:14 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (7313), with no line terminators
Size
7.3 kB (7261 bytes)
Hash
6f0ed023ce9a1437ecb18739e34e84c5
1d676376ffe6f400fb110f0bdadf00c67d6c3468
47e8263decc4fe24a803b197ac36515a70550baa05b7ece4e7d3d63015c9a0d9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /rotate?zz=4292526;4326653;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=92f23135ebcd488484b1ab3362334f4b HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:39 GMT
content-type: application/javascript
x-trace-id: c3d8e33d36cbfb16f871d666d6b13ee9
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
vary: Origin
access-control-allow-origin: https://veftaunysurvey.top
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=92f23135ebcd488484b1ab3362334f4b; expires=Tue, 28 May 2024 12:29:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

veftaunysurvey.top/js/config/comments/en.json

104.21.93.116

200 OK

4.5 kB

URL GET HTTP/3
veftaunysurvey.top/js/config/comments/en.json
IP
104.21.93.116:443
ASN
#13335 CLOUDFLARENET

Requested by
https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate
IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT

File type
Unicode text, UTF-8 text, with very long lines (5176), with no line terminators
Size
4.5 kB (4525 bytes)
Hash
0f8a677240ca082b8875f3c8d3bf5c42
19641ee3e340098b44d1d248e7c1a99dd0daafdf
2f5cff997105c8b995ec55f36e2656e14e1676f23244471f6115bc1d04c821c1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/config/comments/en.json HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/json
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-11ad"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pK0%2FiMYARB02uYpUYwyaEjp8EYBz632be7BCVaMVQXDUiQ1QZwsqP2HJXb5USUsxjL1sLsXuwKxvkjTmIGhKFpYnFnlpT8PKoTMptAdFr6ydGt%2F2HpG4rbP8WJ60uBGU5vznuTI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe78cf4c0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML