winbigsurvey.com/ID-S22-SpinFlag/like_user_2.jpeg
172.67.211.65200 OK 1.2 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/like_user_2.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash f9299c2023539a8f27a6e1b12ed260e5
046baf9bcd1bbdf9d51ca63e3899ea2e7f5de0b2
ba0c57dd9fbd100462ac62c8c8b3156caf1283d250fb56ee8ce5b0f53e575ccd
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/like_user_2.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1216
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "cd7d77fc4dab25f900f23ab8780822c9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Aa6jOuRLfAy56TF3Gxicw6BhDET46jDSnX5m0F0MPNvtFaG%2BTXVMd%2B6zgYNF4g0mT%2FmNubga8DBijld4kcYemiNIY0MukNU0r5g7Nfd5rKYXSP%2FZc1ZqIJYRzdLyx8zHMxf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d07b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/ix-s.png
172.67.211.65200 OK 54 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/ix-s.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 165 x 207, 8-bit/color RGBA, non-interlaced\012- data
Hash e4223ddfb2b10da1f0d6dd9da537268b
c9c828a947cdaab72447d4d2260e274025c68354
3c540bf4496aeaac1388cb7ece901164b31f04dabf9407f8f2ec728f543cdef9
GET /ID-S22-SpinFlag/ix-s.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 54181
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "71d68ab307c25e15eb82c21077f22500"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ft12Ijf8uxOnRPclaXOIBvjLiJZwDxt8ocaSY%2BmbHUUnDPwD%2FP2by6hg2gWeHyNNX0d1BE9tywsPeFwkr6%2F3d0u0IC25STSiB6IvWPLL1QnZbGF9IH4YovlmWrIZku9A1Pw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d01b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/7.jpeg
172.67.211.65200 OK 1.1 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/7.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 546e8c9e22c52b3e47dd2fe58f139fc9
204463ece3f1e0e497463d0b30cd3c988dcd0a17
9c2388e5c4d51f01e19af1c46805ca29ce7a558aad05e3eb9e565a7dc5a1127d
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/7.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1138
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "7e2f08fe998deb0793e12420a3c36e93"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=szOKrMDsD53dI85egiA2Hsw2pgd0zWrom3mCxeZ583mAfK6dkaxNSWolwBRvR%2BrrK6E6Bq1Zr8k0D9gEdDdQb33fiUvRZZWpyMQ8o%2Flcg8O5eVkt3beuoCN%2BFwEHetKoV9ip"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d10b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/4.jpeg
172.67.211.65200 OK 1.1 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/4.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash 6f44457c62359dac93d8092d7af63672
97020a1c8bd06962b1181385963f6b72dea2c902
b5958fd2d9043b4544b807259e74bba084a26acae998d2bd522d4acc62e9f4e5
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/4.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1068
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "38cd8155788f35a87a49c7bc081bec01"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwHgxxTiZuwdztxdWcztPIzW6Ne4RRwDVAm4yTn%2FQJS%2Bu5TIulwY9kAFeDB8y2VXDp90S5jY9yomXDF2IPqdz0TezT3yvFz6kAWV9xxzP902X3hjtFD7fCap7IHxXtKVT%2B9N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d13b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/like_user_1.jpeg
172.67.211.65200 OK 1.3 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/like_user_1.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 2aa0d43e70d60d76ac4bdff139f8c7cb
d7e3433297ad90f5d99249aee29b645265c9f3eb
e7c85bfa7ba6d75dd0de72e51da2e185351ced82b32090ab35395766ef4849fa
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/like_user_1.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1293
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "9b2e5b29944560c02996cd0975502b7a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2FBwpuIWKoHo86r0TgKbW5mEY3z4gRasj24pNx5do%2BNIeEqqff7IFHqL6uNg1L%2FrR60VMs5zvNCTO8mbKZqMBykOvjSyajhjtq0Jq23t33yO%2FZyrloc8HRNCAsFhR7WabbI7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d08b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/ixo.png
172.67.211.65200 OK 151 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/ixo.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 202 x 423, 8-bit/color RGBA, non-interlaced\012- data
Size 151 kB (150594 bytes)
Hash 4da7bc685fa662ec184a4e5d4bebff4f
f9d80c7de613985671d9660db63676ba5513f4ad
0cd83c0b828156f5f240c4fde678e794e2909ec8d23c2b17d95e2e5697d403eb
GET /ID-S22-SpinFlag/ixo.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 150594
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "4f45cb0c4981743ee0b8f2cbd3f04473"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gcdPZfWZ3TijVZ%2BEZKOahevzrPU%2Fz6BoaWIRblGPdWNooN%2BRyDfAHCKYPDSTY%2Fw1daB4X4B4RfUqsDFNsNeiF7NIUWwXDw%2FcBqXqxdn4ixx1HY%2BPzd0ylIJz%2F82XtF4sVsGo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0bfcfcb51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/8.jpeg
172.67.211.65200 OK 1.2 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/8.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash b7f49f9e865aed63fc64a6d4c784df9e
b20038adf8b3312fae9f5f72a057d98c4f119ed8
54dc1727eabc97535b59704be621ca245f36376ee32acab675a40ff5ab1a389c
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/8.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1203
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "71970b9b9d26d1f567191eba02aa7536"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8tttPBYJYCrpQaNNFhD%2BQFCyFGNSd%2BAZlgYV%2BHe6KRyr6bgfiV9MiKzp5%2BwwKBg2eXruYWbxcUvxMm3BDegFwU3ePNXqwwbN58t6GlpuVtlgZpP9%2F7lGrGcO6dIOqbM3pyf4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d1fb51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/clip_footer_3.png
172.67.211.65200 OK 2.5 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/clip_footer_3.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 52 x 59, 8-bit colormap, non-interlaced\012- data
Hash e1b626392882cc25b4d891afaa68afd4
454d7abdbc2548d04feb95436ea0ab4126b4f00b
ef3b8785199a0a640150a9d9ceb9b7cff2b118ee377ce36317d4a3e716bd944f
GET /ID-S22-SpinFlag/clip_footer_3.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 2460
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "706c35ac9626fe7cad6cad2e3ed78cf3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2B4Pj6a4Vky28Dy8cFlWgI0%2FCn93aNy21DqYIEq3YFZsGH52WssLNc7Y9p0s4no3cX91ljbpFp0GFhQGqZfWIipE9xWsdxmxiEm8jCvqDf6v%2BHGcKk67iM5gUJWUpGSO%2Bihp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d20b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/Flag.jpg
172.67.211.65200 OK 1.0 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/Flag.jpg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 35x24, components 3\012- data
Hash e05a76a7a4ed6838637a3335dae9d08d
e784a667594a310211a9d47c8faed73ad67dac43
e5480b3508f5a1e9391b49d2741b1825a6c41b46edb6fd87966532aac0d80818
GET /ID-S22-SpinFlag/Flag.jpg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1023
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "bb4fef57c629f1a7bb166c1f3f526973"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8zRForIdODOs%2BpBcPOJ4j99zVH4c8Rl37zNHRQ0YT362EEXBJC%2BLKXq0gWsEllzwOqHA48YagMUDtR1J2YU8ekKDffbBklrlMHAZ4GBhWBUDTkqVxpqala%2FOsNqLNVqD9Ib8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0bfcf8b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/6.jpeg
172.67.211.65200 OK 1.1 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/6.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash e957fbde5c4146a2740a772ce622c1f0
f8fc768f34f4be98f8dc098b42e8559d38523b3b
337434d918a2662370261fec6d9ec095ceaa27aa3249ef323be97f8183528eef
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/6.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1092
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "048eb09c3bf696b178688e3edfe260dd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wzAZgh5t%2BxZ%2BABD1Zn7Ku4k1Lt2YTBTcFiKZ9o7pflL4HX0bUbkBt5PLoFoWqR2%2FE6hra0nujPBr0NJ7zhtn03QS1sHm4%2Bxuq%2B%2B%2FZjq5gqwjYkNeBXfj%2BA0D2qUzz0wnHW1q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d17b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/3.jpeg
172.67.211.65200 OK 1.2 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/3.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3\012- data
Hash d10dfa46723e01a51116353ee511f4db
04dc2eb7734da000af852dd34d8e061055d61566
1e2f3f221d8d89df1d4ca3973eb346cd4b83ebb13df118f7278bb7a6ad35d924
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/3.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1183
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "687734afccf18bca9955ea44543a8dbe"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h7ix4E%2B6RtNN9ijiST5a35lMhIKtPOCqRYBuEzO4R%2FN61P7UnfyxY9S5HsEHKnSO32Yr8My8ssTXzQ0q%2B7iAvUF0N%2B3pnOWjYKDzcHd%2B9gkECqj40uNqIF6KKrNR0qNpiO0W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d11b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/1.jpeg
172.67.211.65200 OK 1.3 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/1.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash e28a5798007788d032feee066fa01efc
af4c6ee2a4688f615cc3c2ca3bb1937c759e99d5
722d0fbdeea1aa70ebe7b7e4a731a7b778e35d0bab46ad45c711ace64166fdaa
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/1.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1258
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "00703d65a52cc8e49cb5b40e8061efdf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2KsbvH0X0NMFWAHcxzlosbVthG%2FZ5oqTQ%2BO7OU2cwUiIImGl1W%2Bzhm7dkEYRZ3uLUqJQC%2BNzA2BjZc2r4ebundF1CfmTrVkWUiPqLjkdh14izD0hHAf%2B%2FWd0eu7giFtHX7Wl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d1ab51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/ix-g.png
172.67.211.65200 OK 45 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/ix-g.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 165 x 202, 8-bit/color RGBA, non-interlaced\012- data
Hash a81c981271ea04a9ae516b8b97512937
5d055ec7a35b0311efc22d5be838c0dbe35b4dfd
239ed6a131c550919c7e59a2f1cc0057be22469cc6b9e05f7c191a5aebcb1a5c
GET /ID-S22-SpinFlag/ix-g.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 44592
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "27e734a468432cc1b55131fa2a32ef9e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkwrcHBe4TwnHJLSCo86hTk502wC0X6eKhxFKiwSAfBgpxdWRK3O5VDH%2B%2BaNjEabZ5DxZ4R1FKsUJol4%2Biv%2BnA54vNlnThlvVlrjiKhD1z6grDC4UrCGQdn1luMDOyZTIQhH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d02b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
172.67.211.65200 OK 5.1 kB URL User Request GET HTTP/2 winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
IP 172.67.211.65:443
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (329)
Hash 97ae7ce50da5bf97ed5bfc7d0a8a819d
2068b1b038c061b274dc2a994bfb22d0c39f2df3
e4fbd06923a49fd18cb9582ed57013acfa4d649406cb2581db6cd1813aeaf423
GET /ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 27 May 2023 07:28:06 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZ4jfuJMcPLO1DIulJq9TR3fF2NPCRODqqsLtjndKRqLffR9j23Zw9UVayUWOmjKX9I34S4lRQAobw57LxBWKrhcFV86HE5rcMkwYtvD125YoIP8rwg%2BBwIHqmQs%2F6V0isLT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cdc8a09b935b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
winbigsurvey.com/ID-S22-SpinFlag/pw_ix.png
172.67.211.65200 OK 109 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/pw_ix.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 501 x 501, 8-bit/color RGBA, non-interlaced\012- data
Size 109 kB (109151 bytes)
Hash 3ae8e9c19f72680e3b612c7dad852073
359fb5f4f5f498b9cc5f38920e90eb000904f669
0964d4a08d0e9f9b6877b9c07c2724d16c23569a1cc39857a83564af26875413
GET /ID-S22-SpinFlag/pw_ix.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 109151
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "703652490562f0fa9d2c4398454a6d2c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPNCxy%2FKhiOd4LxE4jDL8UNlkomOFoA6%2BGEe1ULxEQb00oDsAasUzx1WDIATjh%2FkDg42%2BKQIZWnzqnf8%2F6W%2BDnd9BYko1gUzYP79LLVKnpoopR56%2BtqxPSJBtmEPGY83%2F5d9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0bfcf9b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/footer_right.png
172.67.211.65200 OK 4.9 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/footer_right.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 168 x 66, 8-bit colormap, non-interlaced\012- data
Hash 0e786b7344ac0b63609290a3a415fc4f
c2e77827e895aaa13522f1c5c0ef79d4caef0bb2
f044237e4439b415a4947127f26fb14b4d32cf1d32ff51fd8f0ff4d21d2692e5
GET /ID-S22-SpinFlag/footer_right.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 4919
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "3b6543f8aff814ffed2e98bb3f6ddce3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XbV5kO7j5boTH%2FCcLlypdcOF9QJjnlwXwsG8zErZrKEQzHxnYu5UTsQXiMtgUzEx0Z5mwSqGLI410UzrSdunwrrovqshy%2BnkUw6Dur4O1hMe8fB92zj%2BpM%2Fl%2BaSNZiqDiJdz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d23b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/spin_prize2.png
172.67.211.65200 OK 2.8 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/spin_prize2.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 142 x 173, 8-bit colormap, non-interlaced\012- data
Hash f278c8d30fc51b72e0774b9ecb49214c
03b574db82b31ee5758eb5093fda8ea25d1b00d8
43f3e6d7e7b011430b39020bc5ff8fe6be2947100c597de44ca549ea96a0fd7c
GET /ID-S22-SpinFlag/spin_prize2.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 2814
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "974e1465fe4d9ef295b8e49f5cdfc392"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIE%2BMhR%2FbqUTqNB9o%2B%2FgwK05YGnyIPkjldmyweVL06G%2FeRDhGz%2BgzH04%2FD0q83LDzEb%2F31WqxAe9hA3stPsUraTEUXA4be2TSHU2YPpkNuAZDyAmoNSnBEw9I6EWrzUJ3isd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0f694bb51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/comment_action_2x.png
172.67.211.65200 OK 641 B URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/comment_action_2x.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 24 x 120, 8-bit colormap, non-interlaced\012- data
Hash e9b3872b3e63e19728176d45f0aa6986
b638f89d5d80c4cd65327da973c52f778e30bd55
a3f59e07404f1745bed88a314113a86da376526e7e1e555c99b3e249178c6ba5
GET /ID-S22-SpinFlag/comment_action_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/png
content-length: 641
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "9051b501a938dc2d8883f5fab13c401c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QhmikHyZXdiRsvBDK4clowTuoaiHXz2m18zsxpbQgtg8IGn8s8EnT08vWre4ygQdH69ZzXGLaARcpsZeHNaJDy1UzF7oR9YY%2BV3vlXSkHbFriM4lfyDVgEybSCTw9BDQ%2FpC%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0f694eb51d-OSL
alt-svc: h3=":443"; ma=86400
poavoabe.net/zone?&pub=0&zone_id=5542487&is_mobile=false&domain=winbigsurvey.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL POST HTTP/2 poavoabe.net/zone?&pub=0&zone_id=5542487&is_mobile=false&domain=winbigsurvey.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest
IP 139.45.197.251:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectpoavoabe.net
Fingerprint2A:C8:49:B0:84:45:93:3E:25:4A:D5:65:76:DA:1E:78:57:C0:8D:5E
ValiditySun, 12 Mar 2023 05:34:17 GMT - Sat, 10 Jun 2023 05:34:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=5542487&is_mobile=false&domain=winbigsurvey.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: poavoabe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/
Origin: https://winbigsurvey.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 27 May 2023 07:28:07 GMT
content-length: 0
x-trace-id: 53f9643a16e0e7c80ca6506fe0c46a0a
access-control-allow-origin: https://winbigsurvey.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
winbigsurvey.com/ID-S22-SpinFlag/action_icons_20px_2x.png
172.67.211.65200 OK 1.7 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/action_icons_20px_2x.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 40 x 360, 8-bit colormap, non-interlaced\012- data
Hash b699975b5fe73b087e711a33ff24ee1e
0e33cc5c32a5e7d18440751e3946076664caaf53
4e06866c22bb275c6c4f01265e1f3e9f00fe9face9739f6531371d688a8e7a7e
GET /ID-S22-SpinFlag/action_icons_20px_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:08 GMT
content-type: image/png
content-length: 1726
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "2987e834107b7e35c3c404b4ddd14296"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BCkMetPpbyT7jbf5Nu%2F3kUsFkrezSleqbjN33k9q65gvmdwhNSK1h9RjAqH57CbWN%2BEdgGiXSnSZP56YP1mr4uD3xa2JXnfDJdA%2B55O0z8bvLplWoVS26Mc4kcRJWJR4B4Jm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0f694cb51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/menu_2x.png
172.67.211.65200 OK 124 B URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/menu_2x.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 40 x 36, 8-bit gray+alpha, non-interlaced\012- data
Hash 8f68efd9388ccd80b43759b2ed542305
9f2cf96efe3bdec2ab64bc51856619cc02958fe6
455b82fa1e54fc88fe0699eabecb02155f1d6228e0ae3d7f72e1abe92dae8f3c
GET /ID-S22-SpinFlag/menu_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:08 GMT
content-type: image/png
content-length: 124
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "a55d3d499644740fc2ad414a4e2132c8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFUnc9vvhthCZpp2tKCE1jGXMn7ad4WmuWb7v34h4pvoLYX39QLs3mskRUGuJTb32BSOyV50SoHY6Z0xNGlCCDCwbnhlbawp%2Br5MGSofeLBXhRHrwLnHyVGMdNJ28MH9PqFR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0f6948b51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/notify_2x.png
172.67.211.65200 OK 229 B URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/notify_2x.png
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type PNG image data, 36 x 32, 8-bit gray+alpha, non-interlaced\012- data
Hash 988234626ae7a880ed9c6a92f6336c0f
173967c2b59baed4a06997d874aba32ab65da201
4566dd8f59a09f51415a7c8955f48f75298522fc6db554bc1a59ad79c3e3e314
GET /ID-S22-SpinFlag/notify_2x.png HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/style.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:08 GMT
content-type: image/png
content-length: 229
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "6b45dc6a31d3d4062c29615fe0b98a64"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O6nCMmNA7IaC6mRCSAn3EGuLaCu9y4jBUTLGm8kQAC86Rr1v0jqvWUP3TFq90Ga1r9weIi5ogf7z9Jh8kKR%2F%2FrCvJKsjUPoAohdEhHH%2FQKx%2FzwsX%2Fiu0fYSB8oSJ8ugiR39V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0f694ab51d-OSL
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/favicon.ico
172.67.211.65200 OK 3.0 kB URL GET HTTP/3 winbigsurvey.com/favicon.ico
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3124), with no line terminators
Hash b4b645417322a39b864e6769e991f494
c05f6f6c1d4303713acdf9d836bf5b55e07a97be
f79c9213bb54321682e050418fc25dceb9855dd8ff33d2106c3237ed213fa752
GET /favicon.ico HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:08 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ow4GUGHeoUcfW%2FfAy0GVLWb8NjQuYJVgVe%2FRzDoebkfOq0JgAn3%2B2N5bcVvvNaWWUvIrwM6Ji4uxDc1GkmYj9wOQs8UMYh3d8BYd%2B8bd6lLDmO%2BIwGRwQg1Pl0JfkiL0%2F6D0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 4363
server: cloudflare
cf-ray: 7cdc8a129d68b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/style.css
172.67.211.65200 OK 15 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/style.css
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
Hash 8c24a5cb4c55b9d6cd3029f5fd2c6fe7
e7371a614b9902e7a1256ab05cfb58d2a332c3e8
ac21c169cac551dc3ce8ee3c85f35d8c16fc76c3006618f39f428798904656f6
GET /ID-S22-SpinFlag/style.css HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"ffd7f948346ce664bf75cb6ac5a4442b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=45uMEXVimxhZfoBTOknnC46qgfmmi3vGeAQhK6pUWFX40XA6RL60yD%2BvJxDPTvWYgNZUYFcfTYmyw5YUdaRRwD1qf6ZfS9GmeB5vvAKJlNGUMI89fx87B8l1JdWKALxOgdhL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 7cdc8a0bfcf1b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
winbigsurvey.com/ID-S22-SpinFlag/main_script.js
172.67.211.65200 OK 2.9 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/main_script.js
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type ASCII text, with very long lines (3028), with no line terminators
Hash 11bce1cee448aa0775896f24c297ee67
cb3689dc1e90f017e20df6d5197cffd9c1ae3d1f
6e54004841b10e520496588042697ec7ae27e9dd6203431f95b4ad7b8eb827f4
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/main_script.js HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e7559ca6cbc0ac1c0737ee0164404566"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N3gDPc74rYtinr3O%2FglQKh9QakS2RbG1G0istdH%2F7Vkc7yUDsJCXs%2B%2B5tIq8GV4QiZtydN7yuPxbe%2B4rJgJHgIv%2F5IGh2h312TXsZxOXmILHyCA0Ag7yqe9zsEkuiehCZEyv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 7cdc8a0c1d24b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
poavoabe.net/pfe/current/micro.tag.min.js?z=5542487&sw=/sw-check-permissions-d059b.js
139.45.197.251200 OK 42 kB URL GET HTTP/2 poavoabe.net/pfe/current/micro.tag.min.js?z=5542487&sw=/sw-check-permissions-d059b.js
IP 139.45.197.251:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectpoavoabe.net
Fingerprint2A:C8:49:B0:84:45:93:3E:25:4A:D5:65:76:DA:1E:78:57:C0:8D:5E
ValiditySun, 12 Mar 2023 05:34:17 GMT - Sat, 10 Jun 2023 05:34:16 GMT
File type C source, ASCII text, with very long lines (41979), with no line terminators
Hash d44fd7b96fceca8f81b472766025d0d2
237541097413baf5cd3e703413f8bc9ea538a4db
b6c7c1e7fb1a437f100bdcb253df8b0468f130835fbb82c5687505a099997d16
GET /pfe/current/micro.tag.min.js?z=5542487&sw=/sw-check-permissions-d059b.js HTTP/1.1
Host: poavoabe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 27 May 2023 07:28:07 GMT
content-type: application/javascript
last-modified: Thu, 11 May 2023 14:20:13 GMT
etag: W/"645cf99d-a3fb"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
winbigsurvey.com/ID-S22-SpinFlag/2.jpeg
172.67.211.65200 OK 1.3 kB URL GET HTTP/3 winbigsurvey.com/ID-S22-SpinFlag/2.jpeg
IP 172.67.211.65:443
Requested by https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
Certificate IssuerLet's Encrypt
Subjectwinbigsurvey.com
Fingerprint36:E1:35:65:EB:A1:A6:6D:26:6F:D8:F5:34:6D:81:D1:E9:73:B3:69
ValidityThu, 11 May 2023 06:57:49 GMT - Wed, 09 Aug 2023 06:57:48 GMT
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3\012- data
Hash 9daf82b76b8477fa503d862af8cb74b1
541edfdc63ace3ab12f9b0cd3d79c862b1f548dc
f45eaab6cc5fad19d6aafef5daa7cf935f9139b3bcb2190eec5e1fd26a68c58d
Analyzer Verdict Alert fortinet Phishing
GET /ID-S22-SpinFlag/2.jpeg HTTP/1.1
Host: winbigsurvey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://winbigsurvey.com/ID-S22-SpinFlag/home?cep=fhTC5UvlJGJDGY-LhM0KIbIiS6z5icTvqZ8wQp74I3h3pWovCYrRn-HnOH3xHYCGoH1ZvvRoS_kG1Lq2KR41l2au3H6ZhzUyW5xL8U5fBniRlTWIVYbQgl4vaPISWVdqNiU4_gnbV844zf2wmF-N2zR4XTqUuiQQeeInkycd4lH5Sts96CiSvjWqJ8EyJMbgRiIKw8Y1CouQvk3APN_sBXErQpaXkZghfu3_v4ffC6Kt2e9le_HCJegHJFN3HoQAkBNACHs5mNwyJZShvlIbJSQBhWGwACeFSve28Lgk11I41HEQorYnHSEZ5CG7uf2J_hNnFBUVsf0xjA2hkiNhvCjJ_0fIixl8aawZy8s5YuPd2yT4HqqU--o3FpCnkKh_FkxXL5D-fE9_xZINQFlHusmSEpW09ZufFv80ktPqv64&lptoken=16e1857e172e427f760c
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 27 May 2023 07:28:07 GMT
content-type: image/jpeg
content-length: 1254
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "da7a04bb388f062efbaef384b07b0b17"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2FVxZeTmXuhYFivs7r4QQFu0H7%2BHI7nln%2FUpejfOk8BChKbI4dO2m5uTNk3FXdX%2BBaHas8uX7AEAL8SEv%2BuPsWMPd3Y7DpmEYAp1ZS7jeLUlaBVWE4AzBPjq6JHZtHv4jXXC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 7cdc8a0c0d0cb51d-OSL
alt-svc: h3=":443"; ma=86400