rassid.site/tr=22491
31.170.164.241 707 B IP 31.170.164.241:0
ASN #47583 Hostinger International Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Phishing
GET /tr=22491 HTTP/1.1
Host: rassid.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-type: text/html
content-length: 707
date: Mon, 29 May 2023 12:29:34 GMT
server: LiteSpeed
location: http://ar1gov.site/recharge/?tr=22491
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ar1gov.site/recharge/?tr=22491
198.54.120.153 707 B URL ar1gov.site/recharge/?tr=22491
IP 198.54.120.153:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET /recharge/?tr=22491 HTTP/1.1
Host: ar1gov.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Mon, 29 May 2023 12:29:34 GMT
server: LiteSpeed
location: https://ar1gov.site/recharge/?tr=22491
x-turbo-charged-by: LiteSpeed
ocsp.sectigo.com/
104.18.15.101 472 B IP 104.18.15.101:0
Hash e21131aee8c8c1c8f827a853fc0a0d01
eda5ff5aa1043bb5719de3ae96da675967713b2e
715b917403b6740ca19a730b32e99ad79df1193ef60333ee3b55a585b86ee59d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 29 May 2023 12:29:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 26 May 2023 11:41:06 GMT
Expires: Fri, 02 Jun 2023 11:41:05 GMT
Etag: "eda5ff5aa1043bb5719de3ae96da675967713b2e"
Cache-Control: max-age=342089,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ceebe657b6bb4ee-OSL
ar1gov.site/recharge/?tr=22491
198.54.120.153 487 B URL ar1gov.site/recharge/?tr=22491
IP 198.54.120.153:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash c536856f6f2771a9c2596a87b17741cf
054253962b178c3ca437dcf7395e582d8ab078e5
f0b7d660a7e9b5ec526b7526eafec89eb409970c0736a41370cc2c0a23ebbb83
Analyzer Verdict Alert fortinet Malware
GET /recharge/?tr=22491 HTTP/1.1
Host: ar1gov.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-powered-by: PHP/8.0.28
content-type: text/html; charset=UTF-8
content-length: 487
content-encoding: br
vary: Accept-Encoding
date: Mon, 29 May 2023 12:29:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
smrturl.co/2570b3d
172.67.182.139 1.0 kB IP 172.67.182.139:0
File type HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash c6a8cba7b214941d8da0037655c55eec
2e53b3bd1f47a22d8cea7cc5d3f7613cb719c96b
4661577bb79cd4bd54c03724e6097ec18453430b9a6e91c24539ce6593c3f323
GET /2570b3d HTTP/1.1
Host: smrturl.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ar1gov.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 29 May 2023 12:29:36 GMT
content-type: text/html; charset=UTF-8
location: https://d3ikgzh4osba2b.cloudfront.net/public/dynamo/smartLinkClick.php?offer_id=53244300&offer_position=1&visitor_id=Vdbe0a40c56771&m=0&user_id=2476&it=3544734&key=5ef4a&s2=smart-2570b3d&hash=abfa813e1925164410b6c4affca8dcd5
x-powered-by: PHP/7.4.11
set-cookie: CPABUILD_API=df2d32b5adfe1a964536; expires=Wed, 06-Sep-2023 12:29:36 GMT; Max-Age=8640000; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C9GBF2XfJRzbGXS5fuqo6loIBE6ZI7Cbai6EXfIB7g4XncdDk4MlD%2BqOiK9hx65Ta1OoeLAHqiBddPBv1QHv4gbL8aKtQt%2F%2FQz1bPT49L6kNzc95sQjPSap16ITZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe6bfab7b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.15.101 472 B IP 104.18.15.101:0
Hash 1a4037adfb0748bbd8542bafcdaa45b6
2cafae93c435d75dacdec80c9545a9822c948627
92b19a86408a498ecc7f46caead61344cfff24f25eda3337ab330d4bafa756cf
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 29 May 2023 12:29:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 27 May 2023 03:07:18 GMT
Expires: Sat, 03 Jun 2023 03:07:17 GMT
Etag: "2cafae93c435d75dacdec80c9545a9822c948627"
Cache-Control: max-age=397733,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ceebe72ef03b4ee-OSL
run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb86c447a5492&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F
35.204.59.16 0 B URL run.storkmobi.com/click?pid=1309&offer_id=73824&sub1=Cdb86c447a5492&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F
IP 35.204.59.16:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=1309&offer_id=73824&sub1=Cdb86c447a5492&sub5=2476&sub6=https%3A%2F%2Far1gov.site%2F&sub7=https%3A%2F%2Far1gov.site%2F HTTP/1.1
Host: run.storkmobi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Mon, 29 May 2023 12:29:37 GMT
content-length: 0
location: https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=64749ab121e612000186cb85; expires=Tue, 28 May 2024 12:29:37 GMT; secure; SameSite=None
afoffers={"73824":1685363377}; expires=Tue, 28 May 2024 12:29:37 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
veftaunysurvey.top/img/icon-survey.svg
104.21.93.116200 OK 1.3 kB URL GET HTTP/3 veftaunysurvey.top/img/icon-survey.svg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1080)
Hash 9612f51aebfc959fbe20466738ad7a35
40018ba48bd4ed13c219ceb9efdeccac7902ff4f
a35df0cc8723374ad7b9b6a99e7b07b23a32783d0ae1897fbf8dbc6e6ffe11d6
Analyzer Verdict Alert fortinet Phishing
GET /img/icon-survey.svg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: image/svg+xml
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: W/"646f514c-c19"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9OKG5GVwyH%2FQywoIFCMOgOUiPX3%2B80nhS6Iq4JXkRmbU%2BeEMlikNg%2F5axbQ4fxXVqC0pVPzKK11AEJDfYjx45IEGBcZd2GrWSvAz%2F4Gubxc0%2FnJYkCb1M%2BI1Wa3Tf9GOIwEZX9Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb2b0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js
104.21.93.116200 OK 42 kB URL GET HTTP/3 veftaunysurvey.top/js/v-react-dom.production.min.js.6effe279.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 925bb81eaa725b80e8dce9ade125a94b
29e32bc68e79dad785e94113e1402d700c3dd133
2ea31962a5f2df9665ffcd095d704efb79003916cc395ea967807ee7edef56e7
Analyzer Verdict Alert fortinet Phishing
GET /js/v-react-dom.production.min.js.6effe279.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-1f8eb"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2B%2BySkfdvwoqMY0JoIX8TQyJFhODKP16e8pjYHalNGH3wfCsdScSIzvs6AMbd8dEixGURF6bPJ4q54bjCwN7Fl2v0DcknX5l6QTVt6gtPecBgDBdLCk2O1UiPMp0s2cy97PMkW0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb1b0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/css/_core-survey.26c0898c.css
104.21.93.116200 OK 4.4 kB URL GET HTTP/3 veftaunysurvey.top/css/_core-survey.26c0898c.css
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (3187), with no line terminators
Hash 2e6143d07cb0a0273cd0fded0cd7b430
4853285adf3a468cc8a42b1c6f17d8353cfef896
f2690b871425a66071365ba5be475a5089e8074dbdab7df95a71bbee62e2f5fb
GET /css/_core-survey.26c0898c.css HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=3194
etag: W/"646f514d-c7a"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70ypjAPvz18q7YO2hNZNwWNeN%2BDh2S35P69M8HijRf34QZ4pwdlc5LdvnXUrXAMJv%2F8rQS2nPXIEMtmRXQLOYoJuhRw7ddrUhwNz7diBeYwDsPLHn6VvhaqxDXBatgGpWPkpm%2Bo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb280b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 11ddcad6f0fc074c4f1b86c66ced6d86
cdd65841fec92aca297dfc5c17dee8c8b525fd1f
64cf10b6657bc2be18416ea274885a23d1dfaab08a13f87f113e19c9aeaf4fd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 12:29:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=explicit&hl=en
142.250.74.164200 OK 556 B URL GET HTTP/2 www.google.com/recaptcha/api.js?render=explicit&hl=en
IP 142.250.74.164:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint48:E3:15:66:FC:EA:15:BF:D2:34:C1:DD:60:D4:23:A3:63:57:89:8D
ValidityMon, 08 May 2023 08:25:18 GMT - Mon, 31 Jul 2023 08:25:17 GMT
File type ASCII text, with very long lines (852), with no line terminators
Hash 6eb227f49545693ff09e7e868952f4af
dc2cfcf4a5d33b127c8c5d18dbe577c1e690dfa9
0a22aef6916a4504fc4c1b3f83cf9ad8dec879e875888b7598ee8edde393d86d
GET /recaptcha/api.js?render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Mon, 29 May 2023 12:29:38 GMT
date: Mon, 29 May 2023 12:29:38 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js
104.21.93.116200 OK 6.7 kB URL GET HTTP/3 veftaunysurvey.top/js/v-immer.esm.mjs.d9bdbc14.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (10496), with no line terminators
Hash fb46146a17eb0c4a887b7df1f66f7fa7
4be05a7ad649b3b907cecb1e92262ef8eb849946
d326fd3d05fc533b5f383d2695e3c013e267d1de919a64c798b49c7f8f36b55c
Analyzer Verdict Alert fortinet Phishing
GET /js/v-immer.esm.mjs.d9bdbc14.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2900"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buKFB18o90MmbnKDqAP%2FSNi%2BvArB5TCXz%2F2xrXU6ITUSpiUnDzLa2eUKmf72Ivq0J5hAUuPrjshm%2Bah97a8MfAKbgPoLr2940dkKHGLrPGrxRd6z2NzHbCsETBPqP7EFcwkTn64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74fb170b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/unnamed.jpg
104.21.93.116200 OK 1.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/unnamed.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 449aaf5a54e3fe3aa4f0f5875bede090
b2b897362626700277b7f8baca8b1f292d08b7e5
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59
GET /img/comments/unnamed.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 1378
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-562"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KclUt5eRMDHpJgWCDRPhcVX5y6G%2FoJd0TDVAHPfxv%2FaN0IFU9vAkaYJBrj0pTpt1m88CzVLz7pa3ogxuV05qt9SwgyitQR8lxKdNg%2BtRaUs%2BZ0FXshGV4dIL5kUbcPxLv5ndZkM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998590b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-14.jpg
104.21.93.116200 OK 5.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-14.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 6012ff0d59aa6a34aaca1ea8f2fa88fc
ef59662c9b666106486039e9f1deb40fb4a8ff77
2c020310e91430067c7128425f14ac0ff1710aea5e67c144a8fceac46311182d
GET /img/comments/person-14.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 5392
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-1510"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JDnBPa6hypQuoG7ms1ga%2FxuDp4bCfyXu024gmYNa9kbcSS1gOnBh2rJULx9bVFI2WJJDZzPe%2FqgCPfDlI%2FPxbr04nl8HiyFKdqE2xBIGBgCY4kDIyYGs3%2BmBPVWTbzdrFWmq5c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79985f0b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-2.png
104.21.93.116200 OK 6.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-2.png
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 3e6eaea87b2891590972dd11373b09a3
f038c6e6306ca708defa2b601bf9477f0cf78a3d
15aadd2e7f4f83e79f35e760da382fb8b5045d2cf506f531bdc15b7b27f699a5
GET /img/comments/person-2.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/png
content-length: 6428
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-191c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeCzYlVNqKOSzaJIblXxUJ8KGc1g5H4h%2BjVT3qD1i6lXS4EKaYBEkukFgMDJ3uMe48nTH70xeWXrJpU5i3CIc7fIV1mdaOwvlOdjEyIvNpPPkxZN7JKLifIpXyG3GMe7BqZxRd0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998600b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-1.png
104.21.93.116200 OK 6.6 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-1.png
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 8f9a954bf05965bb41cf97a7ddb7a375
de9db936bbea75043e08a55d1f371678fca2270c
a787bd40650924a7bbc61d6ea0bbcaddae4b3129fd8028b68c3629210e41e26d
GET /img/comments/person-1.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/png
content-length: 6577
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-19b1"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXQUtBI%2FFY0x5Jsa7eGoGqTLKPaHcnECOQRi%2BlZQJf6saILJmfmfQnQ3KTgHHbd6c%2Fc%2B8iM3oG%2FWRsMP1CF9XRyfCa6ORf%2FSdQu6l99ftgbMIT81CkO6Y8cmp29viotqmn%2Fua44%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79985b0b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-5.jpg
104.21.93.116200 OK 4.3 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-5.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 21fd6ef6d69b527c02e92a8c23d28d52
5980b75edc23f7fa2f57fa257cb67c9efb86fa58
f37490dbef620959d7124e3de027c5b5c43a57dc90737163947a6725444051eb
GET /img/comments/person-5.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 4333
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-10ed"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0eAver6nnklG%2ByvMw88ZAh8U7OvIVl5NiF3fXlH3vQhhHVH81%2B2z0uHOq3cReZXygiYEYloUhKnV6hwGPlWt%2B4ImbAXgkbFyI6OfVNOjEjSkVWlhlmYjDG93kRkspFyYtCjHag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998660b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85
104.21.93.116 7.7 kB URL veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85
IP 104.21.93.116:0
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4701), with no line terminators
Hash 556f9e5cfda44699a147fc757258737d
35da9c26ca403bc1b42fa1cb3c3267dcb48c00ca
b72d8e8a3804c4097994d8330989ba3235c3706570960a38fb36b9640af9e089
GET /finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/html
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4U3gQtt4uY6c1w4kEMoanmwuAxoEW9gJrdCcjhhkaSmBRM210jZoHyCYZYardQpicn8vyBp1WxhenHNMsU%2B6yoz5UtwEoDyGU%2FPCCn8v%2FyIF7v7kKjb9ld7J3Qs6cBArpyzz6E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe73dcebb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
veftaunysurvey.top/img/comments/person-4.jpeg
104.21.93.116200 OK 2.7 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-4.jpeg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 6cf64555e2de0ff8b5391081b648b89a
a32008bacf7f8cd3859eb86c6c8d36eeb15dbdf0
d4f513bf3a5691b900739cf79285d18ef09ef4b81eca648261b15a693d21818d
Analyzer Verdict Alert fortinet Phishing
GET /img/comments/person-4.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 2709
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-a95"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dv9bkE48DabY5B6DMnvzfcEEoCht1I4jLFyMMpyKZmyUtbvrsBcKIjXju3n5qmhFNQJgeO96hq8QfSMDevu9c8j19nXIkJ5oilnPly0OwfGnjQUlYMJ3q6Mstqat%2BEY%2FowKpp4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998620b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/s-storageService.js.24e15119.js
104.21.93.116200 OK 1.4 kB URL GET HTTP/3 veftaunysurvey.top/js/s-storageService.js.24e15119.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (2572), with no line terminators
Hash 4816f938e9d10c0caa7cd06c6a9b4795
ad3bd074f4b8b7550d6f9563e5097683a2dc76c2
36c9a2201b667c84dbecb7415e6fc6b9697ce920edaf258db96831ff284177b0
Analyzer Verdict Alert fortinet Phishing
GET /js/s-storageService.js.24e15119.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-a0c"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WM9hjCGxltfqBSn56R58nBQwk5dvcWP57NWUBwtB0Go9%2Flrg1pnc5RkHWS5ikObA7zYZhMSM16yheVANXpKqucwbMCkwFZrTQzY7cV7PPyG2yM3DcJrkzBoMTQ1ZoE8Em5Fdceo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ace20b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-10.jpg
104.21.93.116200 OK 6.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-10.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, software=Google], baseline, precision 8, 100x100, components 3\012- data
Hash 044ab37551bfe632f53b8f15d991f36e
77fdc6210608e5e36e1d36ac7fd867104cb20d9e
36adcb32026c016feaff678063911fcc9e7985e9f0c56bb1daa776f98964ef91
GET /img/comments/person-10.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 6178
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1822"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NQdOjSFzxI4QBrZQg%2BP28AgTfg22y3QUx5solqPasOLX64ZwasyXckw9FXbRvVoqHroBCHA6qWGqIWMIXxQKTJSoIqeLDEPI%2BqOTWC3yrYzwTw9BHCaptL%2F04RK%2B6AdepDDHi0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7998710b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-9.jpg
104.21.93.116200 OK 5.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-9.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 529370f9fd3b0f4da6c81ca91a931155
1a4c3e0e7af1ce30dc2ca18d48b5fc3f1b40aad3
cdf1b8dcdce4e9b76157ce90e086ebafb100063eaeb091e97087d97f5d0fb50b
GET /img/comments/person-9.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 5190
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1446"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpcgPHx9R%2BeO6SHkXyDTLWGyKZLXf%2FqVPBD8oyiZ3UzXs4H7GMfo8XEyWWWqik%2F%2BK3FUg8BIIQj6Ddo%2FJfRcivVGMAekbKIDgDb5NuDXuVunMwCMD%2F8wT0dPyvWi795dybfQBJ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986f0b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-3.png
104.21.93.116200 OK 7.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-3.png
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Hash 2f62e53b6333bc904be22a37a1fd0ace
6e972fefcbe0193d9b28817c47c1ceab2a0235d1
9128194f1b1bf44435a3e80f994157b94a40a3365cd8f0794dcadb41a24c3b41
GET /img/comments/person-3.png HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/png
content-length: 7368
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-1cc8"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dnSDsY8hdNkJ13zibYd%2FIdHv4K9fOE4XDijLxpdcyQKLgSndC%2BsCO1vIUI3B%2B6IVdJg28S7g8YRl4D%2BRsFqsUXSGzpC9ZBDrExwPLVKbXJ6bRfbrMYJSFRIojV65CD6szZpZ18%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986e0b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-6.jpg
104.21.93.116200 OK 4.4 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-6.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash be9ff88491a5bc0745579a3813eb2cbe
870f88a7fae9fdd928af33f47c5ffdddc6a4082b
698d413ddf6b2ec37acf0e982237d239bd912cb097e243cb355855ac2b8548d3
GET /img/comments/person-6.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 4392
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-1128"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNq%2FoIJNyunOb76uGIh0yr3oM3bDSxwUApEdzsFpoKc07oi0dVZQAEY4Jb7tEKLrhqBDxfj2bp%2FW%2Bzs7y5MBmZNWDAR4XHLyfeCw4Dl9C4OqEGUFH0jzpQiYWrGfoWL3M4F79Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986a0b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-12.jpeg
104.21.93.116200 OK 3.5 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-12.jpeg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash c937339f4ba54ff7dc150b9865c29084
44206828ca23cbed303193bde1dfe47bdc532972
8e872daac17de58d352c9f4082e6e35af76a8b2138c142a8cf0fbacea195c73e
Analyzer Verdict Alert fortinet Phishing
GET /img/comments/person-12.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 3519
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-dbf"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WHBUtJQWREIWsqAKH6cUCwS4kgwqicl8e%2FXLe%2BLV0mFXzjBT9nLjCWawhUD2BNvZ9uSv7nL5VActZBR7aikFCw5e7qmNn0Lc6DG1fXPHECwGlJBmk9mn7vG34kKSQTaQm9%2FdFMo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79b8870b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-11.jpeg
104.21.93.116200 OK 4.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-11.jpeg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 3924bdc784dc4947f52b779aa4d5a0aa
1e3f3fdd99490addd60014aa7327fe27c6bd5589
b3f882f57f9a213d85eb1c5c6a8a1451bd16dfcd9e4bd00e0a74584422dbd950
Analyzer Verdict Alert fortinet Phishing
GET /img/comments/person-11.jpeg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 4175
last-modified: Thu, 25 May 2023 12:15:09 GMT
vary: Accept-Encoding
etag: "646f514d-104f"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=angvNeWAv7a6FSuwWoWb7eLrfhNkEd5PBfIvBvFqdqA3UGnggoW%2Fi4JY78o1mBS5p%2Fv9QUBmeECeVl7GmKLGNjdB1KMglcsqiLBs6QpScGejwj%2FxPK7lDXXEq4mAiiTUKbvH8QM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79b8890b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-13.jpg
104.21.93.116200 OK 3.2 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-13.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash a3364ed9e772ae6f696b814072001bf8
b8f34c657c31bf1e4d42b5d864b2519493d80e92
88f30b8552d0ab928d895390b337a0049405f3b1e8446631e606ba787e1205e1
GET /img/comments/person-13.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 3172
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-c64"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lu4ZqLJsFJHnPsQH6gTCNH5uExRP9SyvMjv6TcMhPvULkbo5N8ub6uKVp%2BkiSttQtz8Zgc1HoLHUX1exN8XHEQzGc0Q6y4wZU506paLEh4pKoICf8%2F3sn49htxqw3Ih5Qx5wxKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79b88c0b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/v-index.js.c7edebe7.js
104.21.93.116200 OK 14 kB URL GET HTTP/3 veftaunysurvey.top/js/v-index.js.c7edebe7.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (40296), with no line terminators
Hash 007c05ac7cfae006ebe099061bf7edc7
c856495b7c48194a3aeb9527a0224ce4482da35f
4a3dfb4f39645830068d08fdebc83f015a28ffcec0aa7e9bd0ad819edafe3fcb
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.js.c7edebe7.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-9d68"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHT1osUfia5srODbTpmGmNm0SEgvUQiCVLY7tcrGzPOv7hxdfZk7b9lNfQUfVZdMYjLxVV8v%2Bc4I33pg4geRrQe8%2FHXwCgE2Icy6w%2BC0JoNQYeErssaYDbUnEH8z1QLekr1L3PU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bce40b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
laugoust.com/zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest
139.45.197.250200 OK 0 B URL POST HTTP/2 laugoust.com/zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest
IP 139.45.197.250:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectlaugoust.com
Fingerprint99:7C:6B:09:6A:A1:BC:70:53:D5:2F:97:56:F3:C0:A5:06:9F:80:C9
ValiditySun, 19 Mar 2023 05:11:02 GMT - Sat, 17 Jun 2023 05:11:01 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=4842423&is_mobile=false&domain=veftaunysurvey.top&var=4493500&ymid=1309_2476&var_3=null&var_4=null&dsig=&action=prerequest HTTP/1.1
Host: laugoust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:38 GMT
content-length: 0
x-trace-id: c37d4089997ce66832e234339debd86d
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 12:29:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
142.250.74.35200 OK 166 kB URL GET HTTP/2 www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT
File type ASCII text, with very long lines (660)
Size 166 kB (166449 bytes)
Hash 95a32a4d8f8be968bc15d6ab9b9491d1
fbfbcb40c8d8997096cd2ea3d8cfc3dee1981015
a41096fbcf982d79bf075bf2378c9c0c2e8ada5bdc94bd7cc794454135ccf981
GET /recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166449
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 May 2023 23:49:29 GMT
expires: Tue, 21 May 2024 23:49:29 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 22 May 2023 20:58:33 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 564009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash e75b43e8a7beaf5ded692008749eb5b0
5f96a142b29fc6ca88b33a9cb5c2c5b4b95b8635
a100d74db29961c793a7254e52dd854c8f85761876369b45073d911be95bab3a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 29 May 2023 12:29:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
veftaunysurvey.top/js/v-index.js.c7edebe7.js
104.21.93.116200 OK 16 kB URL GET HTTP/3 veftaunysurvey.top/js/v-index.js.c7edebe7.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (40296), with no line terminators
Hash 007c05ac7cfae006ebe099061bf7edc7
c856495b7c48194a3aeb9527a0224ce4482da35f
4a3dfb4f39645830068d08fdebc83f015a28ffcec0aa7e9bd0ad819edafe3fcb
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.js.c7edebe7.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-9d68"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EYiIPG4IOELki4yGzZGBPRARgtKJxpUrorSTu99%2BfP9ojqX%2BHbFgf4gBQCR5GtydHU8oKsatw%2F1GmReyxGxJRNJLffd2Xn%2B476MdXDwSGWO71miCzLvPAIotpTmuV5In1sCLxyg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe74eb080b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/icon-survey.svg
104.21.93.116200 OK 3.6 kB URL GET HTTP/3 veftaunysurvey.top/img/icon-survey.svg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1080)
Hash 9612f51aebfc959fbe20466738ad7a35
40018ba48bd4ed13c219ceb9efdeccac7902ff4f
a35df0cc8723374ad7b9b6a99e7b07b23a32783d0ae1897fbf8dbc6e6ffe11d6
Analyzer Verdict Alert fortinet Phishing
GET /img/icon-survey.svg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: image/svg+xml
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: W/"646f514c-c19"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47j6JZfeGfFXfTzwsmYM6GYZeMn%2BBJK95wD9Fh7lUKjtnVopO4ZTm%2BnXDKivo5atI4%2FZhhkQ3bUJo6OVtLJBQN4KPwsUu8CMU%2BZFH8vFfVHCrku9XNXuPxKw7VfXt%2F9ooSQ2lj4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe776dc00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
139.45.195.253200 OK 12 B URL POST HTTP/1.1 datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP 139.45.195.253:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerSectigo Limited
Subjectdatatechonert.com
Fingerprint6F:17:15:C2:7F:CC:16:6C:9D:C0:AD:C3:EE:DA:69:61:8C:77:0B:5B
ValiditySun, 18 Dec 2022 00:00:00 GMT - Sun, 24 Dec 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1476
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 29 May 2023 12:29:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://veftaunysurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60
139.45.195.8 43 B URL my.rtmark.net/img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=sync&partner=37faba736e092fd0fbd4bb09c7ac1e23053143b486f9f8503431b4ff9f42fc60 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: ID=92f23135ebcd488484b1ab3362334f4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:50 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=92f23135ebcd488484b1ab3362334f4b; expires=Tue, 28 May 2024 12:29:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
veftaunysurvey.top/css/survey.2bfeef83.css
104.21.93.116200 OK 67 kB URL GET HTTP/3 veftaunysurvey.top/css/survey.2bfeef83.css
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash ba8ddbfa60d2feec516710cd5de1746d
9ddfc2f60deda512e71fa888c546c4300e3a530e
04ea2783c47b74e28c9583983c12e1ea4ac25e5ab50f0270829687607a03a782
GET /css/survey.2bfeef83.css HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=66591
etag: W/"646f514d-1041f"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6YiZk7dd3CmO%2BZ8ocGeVIgsBfZK%2BMRIQQOc2M1GBU5qL5BWZbMe1tjAZDmu34zPMMH5doiZzrVEVTmmbIUC6FqtVwXxlp%2BGo3KhM5SvwkEg0%2B24E8fV%2Fav%2Fa7oHs6E%2B8gaiZbs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ccfd0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/config/data/sd-1203000.js?v=10
104.21.93.116200 OK 2.7 kB URL GET HTTP/3 veftaunysurvey.top/js/config/data/sd-1203000.js?v=10
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (2839), with no line terminators
Hash 501882c63654cc39a921890ab999f9e8
0d1f94ce2336fcb0f5aa05e50ce579007d1d3eaf
70dfcfb1c3c467b41bb0e0bf33302cd6ce971a2d4e6227c7f9ca4be5b90072b1
GET /js/config/data/sd-1203000.js?v=10 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-aa2"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fT7xeJs222TaZwqe8ITdCWu56Yq9SgzPaEAL5oQlkAYBNRmj%2BIygutaT5%2F1eO6wX4JJM9skFDRaGL9vnlyrUav3tYZiXe5LX5czJ2%2FrQpmFTbvSCelW0UqPpOjjRkaY2aCPuzoI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe77be140b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000
104.21.93.116200 OK 1.3 kB URL GET HTTP/3 veftaunysurvey.top/sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (1381), with no line terminators
Hash c21b76d8c5cc98d28e2ded4d7182cfb3
615a50d523a68a9b87e50715c88671e6b70e2868
ce15252772a764d35cbda3d5faeeb3c3e190ed7c4a1c56f75b0997666ad44322
GET /sw/sw4842423.js?var=4493500&var_3=null&var_4=null&ymid=1309_2476&ab2_ttl=5184000000 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1; finance_ID=06cb91e699a331c15bd6585259625525
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/javascript
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-529"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0rpQp93o4rO%2FR0zlviwuwAscpX2MgL01yZalsrl3VNNIpaV19hnNvBM7Y30SJp3cXhfjNiUIUXWTRny1%2BEH4hf47v2wDhDxWtg0UU7mrJsSfTFPl%2FFkc8CUM7PnC9VLaJjzexQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7cebe90b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash ab3476c49b7d3cb3aceb37e27028ec86
88b493b476fcf262aa2753960ea7270d9dbf3e3f
645559c3cf65de19c4dbd5bc923272b2c2121af2b188e993945bfe52de86877f
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Cookie: ID=92f23135ebcd488484b1ab3362334f4b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=92f23135ebcd488484b1ab3362334f4b; expires=Tue, 28 May 2024 12:29:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
veftaunysurvey.top/js/_is-browser-supported.c49ec082.js
104.21.93.116200 OK 1.0 kB URL GET HTTP/3 veftaunysurvey.top/js/_is-browser-supported.c49ec082.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (1102), with no line terminators
Hash 347149a5f2db6ba9662854836bd194ba
dad9564747ff98e7449226386615f6846b11920e
c84c175bb7a22aee56cd585dfeec157387639c062a12b726f8f4dd3f0c36cc7a
Analyzer Verdict Alert fortinet Phishing
GET /js/_is-browser-supported.c49ec082.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-3f7"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVhYdsRhqIF3DZHozdg7GhW8DZpmyBiTHYT9nAAaI6LO%2Bq3SAU217nFeG6B7esW57TiB%2Bf93sw776V1YjfBX9K3yyH2%2FShrxZb96HaFBnJSOuJP%2FhKEttuiIeaQlmqX%2FN5jrQu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76acdf0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000
104.21.93.116200 OK 42 kB URL GET HTTP/3 veftaunysurvey.top/pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type C source, ASCII text, with very long lines (41946), with no line terminators
Hash 9c1a21a7325f334b8f1115b7c6476950
6cbe8da2596f380db8bb7a40fb42c7958f357c6e
9243782de0a2103b4cb642615ede16afdb1cafcb6aab5eba687a796e44f0a84d
GET /pfe/current/micro.tag.min.js?z=4842423&sw=/sw/sw4842423.js&var=4493500&var_3=null&var_4=null&ymid=1309_2476&cdn=1&domain=laugoust.com&ab2_ttl=5184000000 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/javascript
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-a3da"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=srX0%2FsyIIdbh8Z1pnRAbqjFN%2FFFMufCvGcGm83dvnCqr4mCDPKQDK2vOcqVRgtn%2FpIGVwJWit%2BVoCZy3a2cUScrv2oijnqJRKCWPPh7MP%2F49K8Lxm5Vok%2FeWql8a6HG%2BM%2FH2%2B0U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe78af390b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/_each-land-config.406ff2d6.js
104.21.93.116200 OK 53 kB URL GET HTTP/3 veftaunysurvey.top/js/_each-land-config.406ff2d6.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (53427), with no line terminators
Hash 4ca2ea7c541b071ade5b5cd426c9696c
b78c05d44929f4e49c6de4688a07273f204391c1
8fcfebe2f6fea5c63d83b2ad133b9fe43c02566e40c4c2a669123a148d3556fd
Analyzer Verdict Alert fortinet Phishing
GET /js/_each-land-config.406ff2d6.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-d0b3"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=alppXxLnOw7IV1quz4a5UsVl0Ce1kEIsc9sF431KLPJ9qsf3kUpQEdV747aThba500lf%2B8wlFB8VwBJ8r0COa6ebGocRmfgw%2BydKp2mTgaE6Xjc1XLg76MGy%2FXWJogjqea%2BTzzk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bceb0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/img/comments/person-8.jpg
104.21.93.116200 OK 5.7 kB URL GET HTTP/3 veftaunysurvey.top/img/comments/person-8.jpg
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, software=Google], baseline, precision 8, 100x100, components 3\012- data
Hash 6b10e71656e51e27520e854712b44f1c
f78b92dded977e9f275aba726453138155420bcf
64588485da7d470991fdba6c20a6d05c7ad39f92cca72769a95cbe3d873e8edc
GET /img/comments/person-8.jpg HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/jpeg
content-length: 5748
last-modified: Thu, 25 May 2023 12:15:08 GMT
vary: Accept-Encoding
etag: "646f514c-1674"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 2413
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B31Z8BDSh6IO%2Bbn7gir2xT2ZaCVBCE1u8hKkW9j8JPlfXSsQOfe8opjzRrnsBfg6KOcj3Q2vV5%2FnLghK%2FqO22Q8NuxvGEMmyblYPgoaEvym4Rf8GhQT83BHgLj3AhUG5OVJ1vgc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe79986c0b51-OSL
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js
104.21.93.116200 OK 1.2 kB URL GET HTTP/3 veftaunysurvey.top/js/_global-config-sd.6c57bf6e.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (1216), with no line terminators
Hash a6d0cd1e59a9153917d7b1f955df03ba
8062cabc3e39bfa8c0a7d12109ac3bb174cbdf9d
e4e8ac53c3f131032d88c852c1c2f6cf04dcd0b64c2368830d746648200fbea9
Analyzer Verdict Alert fortinet Phishing
GET /js/_global-config-sd.6c57bf6e.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-4aa"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wa1X%2FI3E8dHZE%2BYtN3cZf8McVAkGDwZypmQZwSMTKIsboIjNc4svowG%2B4nB4C5I1c1DfULrPY3yoa5N%2Bx5W2fO57Zs2w%2Bk6LfO5HbjBH2Z8gjuzGOQEdpdSh83LOJ%2BOoTrP58Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ace00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/config/data/sd-2025.js
104.21.93.116200 OK 9.2 kB URL GET HTTP/3 veftaunysurvey.top/js/config/data/sd-2025.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (9549), with no line terminators
Hash edcdb9407b2987df48166bfe2de6c40c
10d47a89a281d6fcfecd1f0d282af995d5bbcb8d
76279535713eaa977252ab71a88308fa2c09412cc6d22435c00b910565f2ab12
Analyzer Verdict Alert fortinet Phishing
GET /js/config/data/sd-2025.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2411"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5850
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4auSnfQWnCH8jUkkPHwXfD84FemEdHhf%2BLEGIOJZPuW2x9hTtEE%2FHHNom7xHD%2BXhsEe2YImCIwlPMIwdDHi%2FpyPVWEckqb7kVbqtt7QTmXimkQW2zupXjFjqbqiBI0asSDDVDGw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe77fe600b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
offpichuan.com/track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=64749ab121e612000186cb85
139.45.197.237200 OK 173 B URL GET HTTP/2 offpichuan.com/track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=64749ab121e612000186cb85
IP 139.45.197.237:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectoffpichuan.com
FingerprintDF:FD:C9:DF:54:1F:F8:D0:EB:70:9D:22:14:AB:31:A4:CA:18:1D:AE
ValidityThu, 30 Mar 2023 21:17:15 GMT - Wed, 28 Jun 2023 21:17:14 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 3d5357099133ee586f178a5def1ce2f9
0674f10469e17538b2038e5aff3d352d30ac4472
6e4297bc88556cd93b90d2cae877898d65411e80d9d0f50211a037a7671e8536
Analyzer Verdict Alert quad9 Sinkholed
GET /track?offer_id=2897&z=4493500&request_var=1309_2476&variable2=64749ab121e612000186cb85 HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/json
content-length: 173
x-trace-id: ee7aeb313dee010ff4e30ef48c36b540
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
veftaunysurvey.top/favicon.ico
104.21.93.116200 OK 1.2 kB URL GET HTTP/3 veftaunysurvey.top/favicon.ico
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 668ba1a9fa1890ba16cb8adc28d3dad8
5e35223b2541265114eaf61b9da2556c812fea17
7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
GET /favicon.ico HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1; finance_ID=06cb91e699a331c15bd6585259625525
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: image/x-icon
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 742
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FirhXtpd8egRng9kS8JG6hEANDh6gi0MRCTOyBO5KgOQk%2Bb65PFn5oj4J2tjFonK5PTyHgu1LH1V81fBQqilirnHRJF2ps2MLAwy%2BLptG7H4CPg5DnOtillBdaP9VNH6w1RNs%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe7b9a900b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/_rtc.1844c1d6.js
104.21.93.116200 OK 11 kB URL GET HTTP/3 veftaunysurvey.top/js/_rtc.1844c1d6.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (11189), with no line terminators
Hash 883b0649630864a2149008489d4ef7ec
7e59a27da52c8200f7c8d3718c5e88f9c6d40ecd
36b3238c01774500a75f9a44b860a700e713e89f103db5a915cd114f19dd9659
Analyzer Verdict Alert fortinet Phishing
GET /js/_rtc.1844c1d6.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"646f514d-2bb5"
last-modified: Thu, 25 May 2023 12:15:09 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 4618
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lhb%2BuiXGq9JnUR%2Bd9XG9QRIrQNdfWGXXXx7kTJOwVCTPHwvGiUuBYsNHSsxyYhStQwRH5cyOXuz7UpBHdk66JwKhXPL86hddMoZiercjBbPDda4nvFwEgOy2mqSTMGDP0mQAVlc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ace10b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/v-redux-toolkit.esm.js.61e25c00.js
104.21.93.116200 OK 11 kB URL GET HTTP/3 veftaunysurvey.top/js/v-redux-toolkit.esm.js.61e25c00.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (11317), with no line terminators
Hash ef0d81c5f3a115afbaf585c02c59dc3d
4502f6e492b723cd1dfd3535e74a978d0fbadc49
b632a3ba12a7ea94430f44ee7ada51e5e3295d1a1ee32f45993ae6a4cd9dd050
Analyzer Verdict Alert fortinet Phishing
GET /js/v-redux-toolkit.esm.js.61e25c00.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-2c35"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WmySxBzMNjs0I1YlxXlanP2Rk2nqOIs3x9iIDaR0NsDJm36RcEd8Zcd4OIQoMn%2FXHvSNO0sSmEBaWUsHat0w9PHvX%2BLLvjyFTPKf8Gaq%2FwemKO43AGw9WZeww%2BOI%2F6jIirFgRts%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bce30b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dortmark.net/sync?userId=06cb91e699a331c15bd6585259625525&partition=finance&duration=5184000s
139.45.197.248200 OK 45 B URL GET HTTP/2 dortmark.net/sync?userId=06cb91e699a331c15bd6585259625525&partition=finance&duration=5184000s
IP 139.45.197.248:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectdortmark.net
Fingerprint2D:58:01:B8:69:29:6C:35:45:78:06:E6:15:E1:E3:B9:8B:47:F6:52
ValidityTue, 11 Apr 2023 11:46:30 GMT - Mon, 10 Jul 2023 11:46:29 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash deb5f9450e77c86910accb9a02c142c5
d8907ead671902ac3716e62f0ad648c34052b469
3fc697e5a2592db51a80d768f86d85673f90254b3b900146354420ac8a49ea4e
GET /sync?userId=06cb91e699a331c15bd6585259625525&partition=finance&duration=5184000s HTTP/1.1
Host: dortmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/json; charset=utf-8
content-length: 45
x-trace-id: fc3902b23caeaac767f2265295cf9b75
access-control-allow-origin: https://veftaunysurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: finance_ID=06cb91e699a331c15bd6585259625525; expires=Fri, 28 Jul 2023 12:29:38 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
104.21.93.116200 OK 4.7 kB URL User Request GET HTTP/3 veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
IP 104.21.93.116:443
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4929), with no line terminators
Hash 50a8dcbca8255d3df7dcec0f45fdd4e9
645bd022ce8cfb02eda7e5427b43ee94bd5f2eae
6c28fdadea0bbdce61cfbbbca3c1fb970b7cb575e04df73e729454928a387f18
GET /finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: text/html
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1fzFF8Bt1KjM9A%2FcMR%2F%2FWF1VP4i%2BvnGCnwYLRIhiDa%2FqThGNTyD3c6HIXdT8Fhsz6snTwSK1YWwiXIHJ99%2FCYWtq8BUEQUbLsjMd5VLhtDM0gJoYd3ELhjXxPHKaZAx%2B5dafgU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe75fc1e0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/_core-survey.47874637.js
104.21.93.116200 OK 221 kB URL GET HTTP/3 veftaunysurvey.top/js/_core-survey.47874637.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
Size 221 kB (220770 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /js/_core-survey.47874637.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-35e62"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7pKFYSU5pu%2FY8xbt0n5JNI4vGPZPl8GfswnRdia1nL5L1MeZ2Jf5Vn676NHS4KCs7P0ubcrQ5PH1FUvoBoYjoR6rni5yG4MWoEt7C2MvocagN9Li60tuAk26MpcOb46xMhZULAw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bcfb0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/v-index.mjs.6da8765a.js
104.21.93.116200 OK 35 kB URL GET HTTP/3 veftaunysurvey.top/js/v-index.mjs.6da8765a.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (35051), with no line terminators
Hash 3330fa0f6a155bb09bfe7298fa2244c9
8997fbd35187ee5421fd4e640a11cf83c1ff6122
ef9812805366724890185fc2fc15aea43c94cbdca29769886c8a318f5eed3eaa
Analyzer Verdict Alert fortinet Phishing
GET /js/v-index.mjs.6da8765a.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-88eb"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7CSU81eNgWlrvC8xgHpzRMCBzuVVV%2B2jlXLZ5Fw8EYf17H6upCdtk%2BDfVzTfCek6yjYc8WowS4Ro7jcNZMKRXmAkZ79niZd5qJSy5KfQye32hEb4J%2BM60JZBZ9EEgPp4tYJ4Qxw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76bcf00b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdntechone.com/stattag.js
172.67.149.153200 OK 18 kB URL GET HTTP/2 cdntechone.com/stattag.js
IP 172.67.149.153:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint22:B1:48:87:A8:EF:B2:9B:65:EB:D6:C6:FD:8D:EF:A7:A7:DE:52:29
ValidityThu, 26 Jan 2023 00:00:00 GMT - Thu, 25 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (17871)
Hash 0fdff67feab23cc69ecfb6800fc54cb7
eb84c650e6d27e290795207b1f37dd7b67f2aa06
456e420aecd5ac679cc2bcb33daf7c063f54894fd076e99e05c06629234d3378
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/javascript
last-modified: Fri, 19 May 2023 08:43:53 GMT
etag: W/"646736c9-4859"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1716
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6L4Yv0ofa4SIufDfbCmb1mOt374geNZe8qP%2F20yscMfa6DcTlwrIWatDSG728UZhcjNnyhm82A%2FNflVKrs7I1LYvV%2BRAGt3WFFYB89g24Sd6EI70Yh97PScUZLhdaryUjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ceebe7d1fc30b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
veftaunysurvey.top/js/survey.1104d4e1.js
104.21.93.116200 OK 5.4 kB URL GET HTTP/3 veftaunysurvey.top/js/survey.1104d4e1.js
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type ASCII text, with very long lines (5583), with no line terminators
Hash fa762f8e0852a23363190e6b1ccd90c2
01fbafce85f16162ae58dc0ebc3831bbcf56c6a7
e03a91cb7b9ed67fe78552582d43a9cf4f3ec765b4ecbd540687bdbc6d3bcee6
Analyzer Verdict Alert fortinet Phishing
GET /js/survey.1104d4e1.js HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"647495aa-153d"
last-modified: Mon, 29 May 2023 12:08:10 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XOGjSty%2B8jco93TOrWaMY24LFrRw8MAatTudooQS5wmxjDmn8q8LQ026%2FVG0D1RI7vcdTcEFKezEsBSmts2gbLMAriHi94er26YVb%2FXxF2IHk1uD%2BLKMcun3cSgcVSFD5W0olpI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe76ccfc0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
veftaunysurvey.top/js/config/dict/cookie-consent-1.json?v=10
104.21.93.116200 OK 6.8 kB URL GET HTTP/3 veftaunysurvey.top/js/config/dict/cookie-consent-1.json?v=10
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators
Hash 4b2ff958e811a50d2f641818590b443d
6abae297812bb55fad869e953e7fdf7469cbe1ae
9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
Analyzer Verdict Alert fortinet Phishing
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:37 GMT
content-type: application/json
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sa9vJqok76XdxBjr8LoDc5uc397ZCsZzkFKSjIx3BNrs1%2Bw7P%2FM0WJAJJ8JMVTh%2FR2zAolSXa%2BDp9Jt85CQMYTr%2F0KeRjQbnE94fHKIgYEQqhEjqAlTy8OSfOa4f4uhx7JZn9tw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe77ee540b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
offpichuan.com/rotate?zz=4292526;4326653;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=92f23135ebcd488484b1ab3362334f4b
139.45.197.237200 OK 7.3 kB URL GET HTTP/2 offpichuan.com/rotate?zz=4292526;4326653;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=92f23135ebcd488484b1ab3362334f4b
IP 139.45.197.237:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerLet's Encrypt
Subjectoffpichuan.com
FingerprintDF:FD:C9:DF:54:1F:F8:D0:EB:70:9D:22:14:AB:31:A4:CA:18:1D:AE
ValidityThu, 30 Mar 2023 21:17:15 GMT - Wed, 28 Jun 2023 21:17:14 GMT
File type troff or preprocessor input, ASCII text, with very long lines (7313), with no line terminators
Hash 6f0ed023ce9a1437ecb18739e34e84c5
1d676376ffe6f400fb110f0bdadf00c67d6c3468
47e8263decc4fe24a803b197ac36515a70550baa05b7ece4e7d3d63015c9a0d9
Analyzer Verdict Alert quad9 Sinkholed
GET /rotate?zz=4292526;4326653;5128285;4949467;5381241;5381316;5381339;5381332;5381307;5381330&var=4493500&ymid=1309_2476&uid=92f23135ebcd488484b1ab3362334f4b HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://veftaunysurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 12:29:39 GMT
content-type: application/javascript
x-trace-id: c3d8e33d36cbfb16f871d666d6b13ee9
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
vary: Origin
access-control-allow-origin: https://veftaunysurvey.top
access-control-expose-headers: Link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
set-cookie: OAID=92f23135ebcd488484b1ab3362334f4b; expires=Tue, 28 May 2024 12:29:39 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
veftaunysurvey.top/js/config/comments/en.json
104.21.93.116200 OK 4.5 kB URL GET HTTP/3 veftaunysurvey.top/js/config/comments/en.json
IP 104.21.93.116:443
Requested by https://veftaunysurvey.top/finance-survey.html?z=4493500&offer_id=2897&var=1309_2476&ymid=64749ab121e612000186cb85&utm_campaign=1309_2476&utm_medium=4493500&utm_content=zd_public_v2
Certificate IssuerGoogle Trust Services LLC
Subjectveftaunysurvey.top
FingerprintCD:00:B7:98:7E:B7:F9:C5:C4:3B:77:0C:BE:B1:5B:B4:D3:52:0E:FE
ValidityWed, 24 May 2023 08:34:34 GMT - Tue, 22 Aug 2023 08:34:33 GMT
File type Unicode text, UTF-8 text, with very long lines (5176), with no line terminators
Hash 0f8a677240ca082b8875f3c8d3bf5c42
19641ee3e340098b44d1d248e7c1a99dd0daafdf
2f5cff997105c8b995ec55f36e2656e14e1676f23244471f6115bc1d04c821c1
Analyzer Verdict Alert fortinet Phishing
GET /js/config/comments/en.json HTTP/1.1
Host: veftaunysurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: loaded-page=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 29 May 2023 12:29:38 GMT
content-type: application/json
last-modified: Mon, 29 May 2023 12:08:10 GMT
vary: Accept-Encoding
etag: W/"647495aa-11ad"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pK0%2FiMYARB02uYpUYwyaEjp8EYBz632be7BCVaMVQXDUiQ1QZwsqP2HJXb5USUsxjL1sLsXuwKxvkjTmIGhKFpYnFnlpT8PKoTMptAdFr6ydGt%2F2HpG4rbP8WJ60uBGU5vznuTI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ceebe78cf4c0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400