Report - p12.sweepstakessurvey.org/sweep.html

Report Overview

Submitted URL
p12.sweepstakessurvey.org/sweep.html
IP
104.26.15.215
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-09 01:51:02
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
datatechonert.com	46154	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	467 B	493 B	139.45.195.253
mc.yandex.ru	2672	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.6 kB	80 kB	87.250.250.119
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	337 B	1.4 kB	35.241.9.150
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
cdntechone.com	64371	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	6.1 kB	188.114.97.1
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	44 kB	34.120.237.76
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.5 kB	151.101.194.133
p12.sweepstakessurvey.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	235 kB	104.26.15.215
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.3 kB	93.184.220.29
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.36.76.226
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.155.171.116

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	p12.sweepstakessurvey.org/sweep.html	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/v-utils.js.d156afc7.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/v-react-dom.production.min.js.088acd9e.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/v-_equalByTag.js.34ccca25.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/v-_baseIsEqualDeep.js.eabb141c.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/v-URLSearchParams.js.f8f87c95.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/survey.11.8b95534f.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/rtc.e1fb7744.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/sweep.bbce1b64.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/config/comments/en-sweep.json	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/v-index.js.209a329e.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/each-land-config.97d1826a.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/sweep.html	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/_global-config-sd.975f2fa5.js	Phishing
2022-12-09	medium	p12.sweepstakessurvey.org/js/v-redux-toolkit.esm.js.d71e3cf0.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-08	medium	datatechonert.com	Sinkholed

JavaScript (21)

	URL	Size	First Seen	Last Seen
	p12.sweepstakessurvey.org/sweep.html	237 B	2023-03-08	2023-03-12
Pretty URL p12.sweepstakessurvey.org/sweep.html IP 104.26.15.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:19:24 Last Seen2023-03-12 21:16:07 Times Seen1 Hash 19b8722efab4e2bec7b1aaab4b5d9ab0 92dba16dc1812ec42b43aa97cc31c97138dea642 b972d04cd1cd17737b5ae248abe902f2defab803e7465a3eec21c92c05e6218a Loading...

	p12.sweepstakessurvey.org/js/v-FormData.js.14ea4c03.js	191 B	2023-03-08	2023-03-09
Pretty URL p12.sweepstakessurvey.org/js/v-FormData.js.14ea4c03.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:23:55 Last Seen2023-03-09 06:14:55 Times Seen1 Hash 6b19ebb6a4bce4239db79bc85e9574cf fe46ee499f3af5f4b536fc1b783d2f92bee4c340 4ddc38e2439d3c1f72e8187c7b3960e2493235bf5bc85a132440c1480e134cbe Loading...

	p12.sweepstakessurvey.org/js/_global-config-sd.975f2fa5.js	475 B	2023-03-08	2023-03-10
Pretty URL p12.sweepstakessurvey.org/js/_global-config-sd.975f2fa5.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:35:32 Last Seen2023-03-10 00:39:15 Times Seen1 Hash 7d5cbf9b01347ca3a8fc28dfeeb5bcea 7a68b5d6697638a1189d0fbfc37bc9443ae485ac ae14f229f8b27b113d28237d8ae5de9168e3a4b6c0728c45ac9317ff80554df2 Loading...

	p12.sweepstakessurvey.org/js/rtc.e1fb7744.js	11 kB	2023-03-08	2023-03-12
Pretty URL p12.sweepstakessurvey.org/js/rtc.e1fb7744.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:01 Last Seen2023-03-12 21:16:07 Times Seen1 Hash 38f629c75b69a6d96eed768b9e38d7bd 00e96ebe297fe4eb7829bd5d260a515b58107671 58d3dfb386be8f3387c6eaf42bee668c4ea8d30aba5f2f8fe73d4e1c044658e4 Loading...

	p12.sweepstakessurvey.org/js/v-redux-toolkit.esm.js.d71e3cf0.js	10 kB	2023-03-08	2023-03-08
Pretty URL p12.sweepstakessurvey.org/js/v-redux-toolkit.esm.js.d71e3cf0.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:23:55 Last Seen2023-03-08 23:55:41 Times Seen1 Hash df5165b74ebf8eff983ec9d178c67253 54beeed7754f2bf75a3bacbbe2d46e1b1308e542 b69a84f0d231c864cc497ddda31dd5f2b21fa725cb45a66284b1c45aa48697cb Loading...

	p12.sweepstakessurvey.org/js/each-land-config.97d1826a.js	66 kB	2023-03-08	2023-03-08
Pretty URL p12.sweepstakessurvey.org/js/each-land-config.97d1826a.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:23:57 Last Seen2023-03-08 23:53:54 Times Seen1 Hash 1c59b1b75a8d4aba33babcf6900389ed 97ed2bab9ed72c11c4356b9e1623aa8746bb2773 4f3f610aa02a1bc98dee31eef117379ae91a7c1daf45d6fd88c47755ebce2d46 Loading...

	p12.sweepstakessurvey.org/js/v-react-dom.production.min.js.088acd9e.js	129 kB	2023-03-08	2023-03-11
Pretty URL p12.sweepstakessurvey.org/js/v-react-dom.production.min.js.088acd9e.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:01 Last Seen2023-03-11 23:51:42 Times Seen1 Hash 826a64dbc84b1f9d320be4b02ca9e26e b10a77c38e84c72f16a4068b66678bc6f5684334 60e94e3bee35068bf4631017a8c949a37b9f77ef4b09460d5d8f0c6822838a4b Loading...

	p12.sweepstakessurvey.org/sweep.html	41 B	2023-03-07	2023-12-22
Pretty URL p12.sweepstakessurvey.org/sweep.html IP 104.26.15.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:05 Last Seen2023-12-22 09:41:33 Times Seen2 Hash 01504f3c68447a2aa5812832546c30c8 1a2ed7673ad287643823432efed1bf698450ef5d 9e7863252dc4a2c1871dc34c7ab34f13dc738d6f38acbf9827ce17ddee3b336b Loading...

	p12.sweepstakessurvey.org/js/v-URLSearchParams.js.f8f87c95.js	220 B	2023-03-08	2023-03-11
Pretty URL p12.sweepstakessurvey.org/js/v-URLSearchParams.js.f8f87c95.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:01 Last Seen2023-03-11 23:51:42 Times Seen1 Hash c877bc208ef8a1074fb0c55911971b58 ff5a64710b48f6161e84f7ac83e86b5f0b9e73a9 6c61c6ea5ca4710290aa7284ee3a4b56d3475a5d635e8194f328c5834ef34bcd Loading...

	p12.sweepstakessurvey.org/js/v-_baseIsEqualDeep.js.eabb141c.js	720 B	2023-03-08	2023-03-08
Pretty URL p12.sweepstakessurvey.org/js/v-_baseIsEqualDeep.js.eabb141c.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:23:55 Last Seen2023-03-08 23:55:41 Times Seen1 Hash 863633aaab8ae4b45f79978839aa9e64 58eb07530787b4baf193cd820bd9c3f3717b02a6 6c338d32bec5f16a7f99264a96e9b5f0630d003639bc7342178ac2113484c5a1 Loading...

	p12.sweepstakessurvey.org/js/config/data/sd-501.js?v=10	4.8 kB	2023-03-08	2023-04-26
Pretty URL p12.sweepstakessurvey.org/js/config/data/sd-501.js?v=10 IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:09:45 Last Seen2023-04-26 22:10:11 Times Seen53 Hash 6431aa83b841c664f8dea9137ce9eca5 569b235437700401a56a5da9a1f8bb95fe55270d 3f01b13c23edab870b39a5cf7294a65e43a7322dc75fac26d5f49e80b4896441 Loading...

	mc.yandex.ru/metrika/tag.js	216 kB	2023-03-08	2023-03-08
Pretty URL mc.yandex.ru/metrika/tag.js IP 87.250.250.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:22:14 Last Seen2023-03-08 23:49:51 Times Seen1 Hash 823fcacf7d85874ea105777323a39d4e aae88bba673251a3f1e723e1223fa7587449b21b 3db6cd613765ac837ce5d46c1673c2751261b3f1642c724c8f1beeb724ef46ec Loading...

	p12.sweepstakessurvey.org/js/sweep.bbce1b64.js	211 B	2023-03-08	2023-03-11
Pretty URL p12.sweepstakessurvey.org/js/sweep.bbce1b64.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:31 Last Seen2023-03-11 23:45:50 Times Seen1 Hash ed6f24fa63dfe51eda75e71e4fac55ca ca63c6d443d2dbda1003d21b1bc9bbbd79854a3c 186afcfb978537b375b6ea270736089a7a33a36090269056a6c4a92a8601f77f Loading...

	p12.sweepstakessurvey.org/js/survey.11.8b95534f.js	212 kB	2023-03-08	2023-03-08
Pretty URL p12.sweepstakessurvey.org/js/survey.11.8b95534f.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:09:01 Last Seen2023-03-08 23:09:01 Times Seen1 Hash f174cc27749a10028a05333c76004397 27311d555cf9a17c77bcef977dc0f494b39a7809 c899cdd3f40be3d1820d16c82544417c2f3fd00ade1f33fad3e37e8790d2e502 Loading...

	p12.sweepstakessurvey.org/js/v-_equalByTag.js.34ccca25.js	935 B	2023-03-08	2023-03-08
Pretty URL p12.sweepstakessurvey.org/js/v-_equalByTag.js.34ccca25.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:37:48 Last Seen2023-03-08 23:55:41 Times Seen1 Hash 7d95f090b11c9eb86cd57112f19eb3d2 8da46fd54c48919092af0a725d05b47b6c5af5c7 318ac50f3755f4dc5e3a8b34522a4b05b621618f7bc194ea08dc211a120741d3 Loading...

	p12.sweepstakessurvey.org/sweep.html	1.1 kB	2023-03-08	2023-03-08
Pretty URL p12.sweepstakessurvey.org/sweep.html IP 104.26.15.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:10:19 Last Seen2023-03-08 23:43:37 Times Seen1 Hash fab49c61a4f4b147639222cae2ee714d 5c2e76bdd140456004b6c35b6aa29d89f794c296 d01392307211fc15d2804974c691d6f4c663dedde865c803272334fbe3cb24b7 Loading...

	p12.sweepstakessurvey.org/sweep.html	1.6 kB	2023-03-08	2023-03-12
Pretty URL p12.sweepstakessurvey.org/sweep.html IP 104.26.15.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:01 Last Seen2023-03-12 21:16:07 Times Seen1 Hash 851269b38d672878833b86f29b77e428 734ebcbb1595795a72080867ca9cbf5356cd12bd 88b2380ea2c87629a78ac71ee8df1d92293dbd4f92f5b7a91231f457171da991 Loading...

	p12.sweepstakessurvey.org/js/v-index.js.209a329e.js	38 kB	2023-03-08	2023-03-08
Pretty URL p12.sweepstakessurvey.org/js/v-index.js.209a329e.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:23:55 Last Seen2023-03-08 23:55:41 Times Seen1 Hash b573974e0cc916f51ef7cf193df039a8 da491963bac6d51969b6ce09483d068af1532d4a 7b6d9ed30307a9408e91fefc3cfda14d88ba24666be224e9a768ec75542e83d4 Loading...

	p12.sweepstakessurvey.org/js/v-utils.js.d156afc7.js	8.6 kB	2023-03-08	2023-03-09
Pretty URL p12.sweepstakessurvey.org/js/v-utils.js.d156afc7.js IP 172.67.75.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:23:57 Last Seen2023-03-09 06:06:17 Times Seen1 Hash 72dbca6866bb3265a99c06eff5142f3d 91135dd4a2720be52d1af95beb82c847139e8c35 83c2c6150b64a1928410f7b0dc7eabfc4795f5c419fca1de134de146d43bcf1b Loading...

	cdntechone.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL cdntechone.com/stattag.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:01 Last Seen2023-03-12 10:47:00 Times Seen1 Hash 06f6499fd0fa0ed3ab7e4e5220824cf4 7d46143675b281760790105a32018a6ebd62884d 2b9e2b7f5c251c5b5490e5e8adbda9acdf687b74eb8d5a8d8f2ee1a0104bae3f Loading...

		Size	First Seen	Last Seen
	#1 Write - 3a824154b16ed7dab899bf000b80eeee	4 B	2023-03-07	2024-02-13
Pretty Observations First Seen2023-03-07 01:02:03 Last Seen2024-02-13 04:29:14 Times Seen34 Hash 3a824154b16ed7dab899bf000b80eeee e575dccc71140754dd85beda5965b6a358150309 b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0 Loading...

HTTP Transactions (69)

URL IP Response Size

p12.sweepstakessurvey.org/sweep.html

104.26.15.215

301 Moved Permanently

0 B

URL HTTP/1.1
p12.sweepstakessurvey.org/sweep.html
IP
104.26.15.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sweep.html HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 01:50:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 02:50:51 GMT
Location: https://p12.sweepstakessurvey.org/sweep.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2ByFxxGkBlDndo8JW5RJSwS0gtu0t9ikWoTpMMlFi0r9Js80MIS9Gkicz%2BYa5%2Bsoz26qXEb0fmI%2FmWSlxTlXxlbVKukm%2BMD1RvI69MnwfVqKZ3Yvdm%2BCcXXs4sHwx6by0Ivmb0D0AEm67hU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776a17a44fcfb509-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3040
Expires: Fri, 09 Dec 2022 02:41:31 GMT
Date: Fri, 09 Dec 2022 01:50:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12596
Expires: Fri, 09 Dec 2022 05:20:47 GMT
Date: Fri, 09 Dec 2022 01:50:51 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 01:08:16 GMT
content-type: application/json
age: 2555
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12261
Expires: Fri, 09 Dec 2022 05:15:12 GMT
Date: Fri, 09 Dec 2022 01:50:51 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: NxZA9Rp3HflhZQS6r98zZIDapIfo3/dDJYzrC12aI5h7JdAoohezwwFbzbBcNaurrqMXZDvrKcM=
x-amz-request-id: MS7QRSQT4RTV08KS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 01:48:08 GMT
age: 163
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 01:50:51 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
c5aafe0783224a85ab3fc3a3ed72feea
64d82f7c5e210ac619fd1ed359b9aeddc28fb7f1
733c56af987a219be6c59a59b6d009b156a06b3ff67a84334c1b6b2d1fedc54a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 01:50:51 GMT
Etag: "63909146-117"
Server: ECS (amb/6BB5)
Content-Length: 279

p12.sweepstakessurvey.org/js/v-utils.js.d156afc7.js

172.67.75.79

200 OK

3.8 kB

URL HTTP/2
p12.sweepstakessurvey.org/js/v-utils.js.d156afc7.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (8634), with no line terminators
Size
3.8 kB (3785 bytes)
Hash
f26ed79c457c01d7b5f75c5576d1457a
1189e8f3c5a0d86f1ef1215068f989fecc221fc8
05dd4f8bd91d5ef1d213cb6f70bd9b7ef0967c37a5d8e46c9f7d9dae4bfe34d5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-utils.js.d156afc7.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-21ba"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGU%2BL8u7Cw8tVXRUY9vOHmeR6Xw83wcY5w6n9oQR6za44lLR7CLmmbUd6oOFqBdiy7bfj%2FtiTwP4Ert3vfJizUZYkcnAPR4pYORkPevM8V2jo8DLJ1s7hC4ggEB6C0n43hfSv9Yy%2BdIQiaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83c97b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2908
Cache-Control: max-age=115468
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 01:50:52 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 09:55:20 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
acea7cb44141792f5d84b0c9ab8c57e4
69f1e46739200324bd891063d17c7a7083f313b7
4c0d144b20ab8cf7fec972a66e08ed2b993121e9c4b6c88bbf0f3e7388f2b058

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C0D144B20AB8CF7FEC972A66E08ED2B993121E9C4B6C88BBF0F3E7388F2B058"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11796
Expires: Fri, 09 Dec 2022 05:07:28 GMT
Date: Fri, 09 Dec 2022 01:50:52 GMT
Connection: keep-alive

p12.sweepstakessurvey.org/js/v-react-dom.production.min.js.088acd9e.js

172.67.75.79

200 OK

42 kB

URL HTTP/2
p12.sweepstakessurvey.org/js/v-react-dom.production.min.js.088acd9e.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
42 kB (42153 bytes)
Hash
ed33280e072ecbe2eae7996e476307c1
d729b01d996d89eec89a9bbaa795a5bd92ff0196
232087d4849d7a42b7d022f8d9b8f8846c837814cc036cc51c951e86ba09b848

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-react-dom.production.min.js.088acd9e.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
etag: W/"63920b50-1f8c5"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mNE%2FfJSuVfDmg9K9vbTcOtfrH37jTwXyHmBUQEuXvKogg6Oxv6QDRWj5LoctFaWVODLGJ%2BC92jT9lP96vbLVf0GEy9zx71IDGRJPSeFSYS3YcjepEJRhWAOozraPC%2BAoFdXNxznDPR2c72Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83ca2b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
e4a72671d5c3ae752457fcdc8557f16a
25c065ec082e3d583d3da74f504151a0087aa680
3e24934ded9de5f17ff3306ead3a6c5088ea6f4aec5a8fbb9b1afb9df971fbc3

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3E24934DED9DE5F17FF3306EAD3A6C5088EA6F4AEC5A8FBB9B1AFB9DF971FBC3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2033
Expires: Fri, 09 Dec 2022 02:24:45 GMT
Date: Fri, 09 Dec 2022 01:50:52 GMT
Connection: keep-alive

p12.sweepstakessurvey.org/img/comments/unnamed.jpg

172.67.75.79

200 OK

1.4 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/unnamed.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Size
1.4 kB (1378 bytes)
Hash
449aaf5a54e3fe3aa4f0f5875bede090
b2b897362626700277b7f8baca8b1f292d08b7e5
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59

HTTP Headers

GET /img/comments/unnamed.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 1378
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-562"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d3GsqK0FS2I2AhDO9kDDE9LqHshoVY61gIkBJS%2BzVqnhyYau53JsNXujWLC53zX5bvzgI8CeFlCnEJ0PksV2yT%2FGWq%2F1KEYYQXCtpuI8VPmaA9dFyfwFhT1ojtlDfJgZhuRPnQMiINfiRPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abee4ab515-OSL
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
e4a72671d5c3ae752457fcdc8557f16a
25c065ec082e3d583d3da74f504151a0087aa680
3e24934ded9de5f17ff3306ead3a6c5088ea6f4aec5a8fbb9b1afb9df971fbc3

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "3E24934DED9DE5F17FF3306EAD3A6C5088EA6F4AEC5A8FBB9B1AFB9DF971FBC3"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3398
Expires: Fri, 09 Dec 2022 02:47:30 GMT
Date: Fri, 09 Dec 2022 01:50:52 GMT
Connection: keep-alive

p12.sweepstakessurvey.org/img/comments/person-sweep-6.jpg

172.67.75.79

200 OK

10 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-6.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:31:13], baseline, precision 8, 50x50, components 3\012- data
Size
10 kB (10400 bytes)
Hash
eecc2c7e1efc1d69f01f47b677666cf2
c4e909b86e22612ca4c5e599c7fc7204573b1baa
92aaaee44b9c6f7f69cd778106927274a9c6f0fec665555be6b020d220207fb6

HTTP Headers

GET /img/comments/person-sweep-6.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 10400
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-28a0"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXp1G5Vm33%2F56NCnCFiJ18d%2ByagLz2%2F%2F2z%2F%2BIK3r%2Fb7ukJnWzfuUTj8%2B4NCxDJIVsytuTODBift96EoTW8mZt9SfF9SOxYgwDk74Q3d%2F1bDcUTL5dOHbocl7dpgR8BhLlheT7zAViOghrpU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abee52b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-10.jpg

172.67.75.79

200 OK

11 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-10.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:33:44], baseline, precision 8, 50x50, components 3\012- data
Size
11 kB (10828 bytes)
Hash
2f7d5d907d9e6d0250afbdbeb7f3cb0c
136703751a36b76b1fe599930ec855f90fde9f23
271e2dabe37ae76b27d28edfeaf49c9a4135f62dd24a3c0ff3387ea9354841f1

HTTP Headers

GET /img/comments/person-sweep-10.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 10828
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-2a4c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XGhBnaCUb0jxBLnwpL1l5qC5aFOlC1JpKqU7MLIchu3H27RwGNb36UOb060KlQQ96S9p4QJTbiMrconZlDYyqYvm3DvwiyMVoPWZ5FKA6p4YTapyczLVS93bP1tBw3yQOKcG%2BVuKBjczSQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abfe56b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/config/dict/cookie-consent-1.json?v=10

172.67.75.79

200 OK

3.6 kB

URL HTTP/2
p12.sweepstakessurvey.org/js/config/dict/cookie-consent-1.json?v=10
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- HTML document, Unicode text, UTF-8 text
Size
3.6 kB (3609 bytes)
Hash
a008d26491c0067fc7cc841e333ce56a
5aa15df71a45eaf66b5b212c0b4ef28ef1d20d5f
9844e43e48b5b4d21a0d45892d7cb42c02f8d929a182f8c621b065eb69c042e9

HTTP Headers

GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/json
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
etag: W/"63920b50-1760"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iHH%2BZ5GNNpJN6mG%2BoC96hvSlr4LPki0hHWTvFAP6vDaJ3OQTqnPYQy5ldv5XgV3nuxPTurKTZdbys2Xekl2rkAyEbpZGsR4WrPT2YlVxwinNw%2Ft7KcIitHLGDtDKywSaUjLaXE8e%2Fp5ACLs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17ab4e0ab515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/v-_equalByTag.js.34ccca25.js

172.67.75.79

200 OK

12 kB

URL HTTP/2
p12.sweepstakessurvey.org/js/v-_equalByTag.js.34ccca25.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (935), with no line terminators
Size
12 kB (12362 bytes)
Hash
d02444bee0b46b641803ba8dd3dab648
732cc685c1e3d36a596f2885866c6aab6179f669
f423a6e694ebb55799b0536730b2589c448780c2c9a1c84ff0ea31bb91ffe67f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-_equalByTag.js.34ccca25.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-3a7"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fd9ZYxhhmjE0OKnOCKDSumQfkGTEGtoHYXo%2BsVswNg8fcJwL24RFeemVh4wZOVeIspIKzNyRCvINtPne1LDEV5zfeViYQe3UfNe256fah%2FDnXmPmHzWRSz3vZBxm%2Fi1C1gtsHVMwFdzZSKY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83ca0b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-14.jpg

172.67.75.79

200 OK

1.1 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-14.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.1 kB (1146 bytes)
Hash
4248fa5ac54e7b0dfa5a791bd1dbd161
aa880bfbdca2ec69d93fd29606a64bdce6ee830c
174659ceb240363f2d31a6fd392f108ad714a592b0dc3192d1051c42237bf8b8

HTTP Headers

GET /img/comments/person-sweep-14.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 1146
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-47a"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K7x%2FVcKJhhvNbeU0qyXu40WWct4OSkenJb1eKUxiqUK%2FqU3ntTZlLU1DacCGrsR1547yoc%2FMWgOFX9gYMUIuNyZGsqXCd6zjhnMhWULJQ%2FcYF%2BuhmwqFNjfz9ghDgRnDaYGQRyj0q4y8ZYk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abfe5cb515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-5.jpg

172.67.75.79

200 OK

3.3 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-5.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x50, components 3\012- data
Size
3.3 kB (3268 bytes)
Hash
92c40a962aa579868b64b8b7f1b6575c
f676f1ce463a7b0b7b2c05587a9b52285e55e679
64e47fb0b1dc439d03463c15a7977d88988a4d3f7d563e3d772cc9ca8d41e414

HTTP Headers

GET /img/comments/person-sweep-5.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 3268
cf-bgj: h2pri
etag: "63920b4f-cc4"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ic7Di1uxQu9vU2oYFe1yHoOb12d4%2FovJKzmwiY%2B78WES3hzNzF2soC0PHhR%2BskV5d%2FIkTv3TK1%2BBj%2FqegNqQEbqTm0bqwgd7ViWdpE33Qh%2BLljv7znW27MZZBG86nyWsSdrFG0oMKKIAJqQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abee51b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-3.jpg

172.67.75.79

200 OK

1.1 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-3.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.1 kB (1063 bytes)
Hash
72ab252d8ff828965ad984b8ab16991f
e45ea3665e80feb2e6309b04e1ec2e8d41bb279b
c5d70c3abf95aecc84bcc1b1f9fc25848e690852071169bf57522fd671550291

HTTP Headers

GET /img/comments/person-sweep-3.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 1063
cf-bgj: h2pri
etag: "63920b4f-427"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3jmpzIbctRe75pz8aYktFEFWcBmQaSJf3uK5NagUIBWZbk0NhqdWHKFwZjJGwNkT3Sa4oi4Wh5bofPBgE9PsKEKDSV0lB7T5qOOAa7gN3dj6WXhliCKue2kZNs%2BlAcXXEmLLIKwnYfY14d4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abee4eb515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-7.jpg

172.67.75.79

200 OK

11 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-7.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:30:25], baseline, precision 8, 50x50, components 3\012- data
Size
11 kB (10884 bytes)
Hash
583a669aef17441f222db5be083f3750
f869d6bf98c43f0a0a935305096fe637df202687
5afe11e79d5ce7715f2dd2a291c3841d7abc1a62ac89002214f9562f6f58865b

HTTP Headers

GET /img/comments/person-sweep-7.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 10884
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-2a84"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmmrmrCVUL4bjxx7MxdEA9PtH8RPnvC55m2TQGystotjgjrYEk565abAKmyCQDNrCRIJmAJ9J30NNjV6jz7yrsjieTHMFo%2F%2BV2d7sV7cm08qIQBOLKr8zZ%2FXwxNhJpFOv5XoqUIbbh6XM2k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abee53b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-4.jpg

172.67.75.79

200 OK

3.7 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-4.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x50, components 3\012- data
Size
3.7 kB (3694 bytes)
Hash
02eebe83bc6786ef27b852477d4c4998
205314ba911137b6f6be4eefd946a2c62229e591
a0038f9d5f6fe1ce8fe1bf1cc7256f05e16c11d27041739c55918b823744753c

HTTP Headers

GET /img/comments/person-sweep-4.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 3694
cf-bgj: h2pri
etag: "63920b4f-e6e"
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCfZOBXnmQMnlI%2BP%2FBkISoElIHumLkcpKhJozYzhb%2FEPvhKxop8qM0GdTxe0R4VVtkKjFFUwtKou2Ab0e51Q9neHiFB9y%2Ba349VU0XaxhfFCpWcIDnU6IzuovzD5EKEbTwUIeLPo87j29%2BU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abee50b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-8.jpg

172.67.75.79

200 OK

1.2 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-8.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1182 bytes)
Hash
f60b9c2d018d7a29d014742ae8e36839
1b59e7eec38eb9f620256742f83ae7938ac0bb07
ed7ea3a5c85d0ba010c783b9599441ba28fb4333cf1ef534f6ec07b5d81e7fd8

HTTP Headers

GET /img/comments/person-sweep-8.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 1182
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-49e"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYxzbAIX7xaA3E9ht3QHDz1pWn6cjZ0z0Mpz9CPuKBPfoZAwuNRni%2F2VUGSn5DufD88gPDPOKPt1RwSjL%2Fc53HrIgFNnIWQv%2BbisueWzosJQ6z9WjBFb5PHUOxRVuf4gFhbhreBYF%2Fy%2Bi4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abfe54b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-12.jpg

172.67.75.79

200 OK

11 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-12.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:34:12], baseline, precision 8, 50x50, components 3\012- data
Size
11 kB (11188 bytes)
Hash
85b4e587433a60e7d3e98b1ef93a71f8
c4c8600ce8a5be2640aacbac866bf8b1f8192f26
65e9048c6b09381baa8056de19ad758b2a302dbbc3fb1cdb509e414ed73c69b8

HTTP Headers

GET /img/comments/person-sweep-12.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 11188
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-2bb4"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjgKefKhNNldat6LixWsPfeHD8YtCwQG%2FvuyuaEN3GYeHfW5bkrmnBMRGOXN5j%2Fht4pnejio%2BA2N8X75XvKohx8GAeCPHQ2wOpgAddLoo2AKLLAeePgWA%2Fx1lNq3Du35AWrXumskCbXeoYE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abfe59b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/v-_baseIsEqualDeep.js.eabb141c.js

172.67.75.79

200 OK

3.7 kB

URL HTTP/2
p12.sweepstakessurvey.org/js/v-_baseIsEqualDeep.js.eabb141c.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (720), with no line terminators
Size
3.7 kB (3734 bytes)
Hash
1f65295d532163f6c63c2a184bf01e02
827ff52eaf3cdfe6aace1118f7038455c6dec869
9ae1f21cb035b7246d9604e0a7eb321ae62368e77625473dfe73a701c65192b9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-_baseIsEqualDeep.js.eabb141c.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-2d0"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRQt4H7vzEkZNuBAzeHlhb3S6cNzSCL6cIjCScuyaep626Y7ZI9e38kui5nR3C%2BWx%2BBukQ8sDt%2Fgd0zLms6KttGjO%2Fy55t%2BGxkqA%2FNIWPJtZyxixuHOXZz0OGVEchV6nijNOODzpRkpWyNA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83ca1b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-16.jpg

172.67.75.79

200 OK

1.2 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-16.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1208 bytes)
Hash
9574e9e3f629fc4cc0f470f678a232ca
89412a05077b4eaa423f7790bd5fb4ee3efc84eb
15f660e8aec56d65e9da4efcd552984e5a623c25b8484c3efbdfa7567bdab17d

HTTP Headers

GET /img/comments/person-sweep-16.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 1208
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-4b8"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=102UttlzWyTJUxTta1mSMUEHkXpfQ7OwMmF1soHNU6aqYhQL59dwvqQyu1RxGGByOQpTKqfUIdj2%2BgbJ888Ggk%2F08%2F3T1RVs478TXE3aoNzA1GjJk%2BnwRN42JPC1Ecb4JuSFtbjUOC730sU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17ac0e61b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-11.jpg

172.67.75.79

200 OK

11 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-11.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:07:21 09:32:58], baseline, precision 8, 50x50, components 3\012- data
Size
11 kB (10636 bytes)
Hash
e33f2bea60761c8f1c4cf8648839692a
14a8b54006c419c85842d96a8a4aeb837f5a0a5e
9d020381e094ab0ae1556c751f9c4af6498cf12989cd9c3605ca91b856cb5951

HTTP Headers

GET /img/comments/person-sweep-11.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 10636
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-298c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nqQL3ehpJf6tbgXWn5jzIyQHaD28RLlzBj%2FeXjrnJ0LzXJE6X3CaJUw267d7ejll1%2BxamU5zGOpnYcTbTQwA32OM5YDgOD8mZiOiK8o1DJdKFGvRgFd2l3yDsKw0r81Z3jVsWAvM%2FcIbFQo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abfe57b515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-15.jpg

172.67.75.79

200 OK

1.1 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-15.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.1 kB (1067 bytes)
Hash
ca57a3f68e171ebeb7798679d5fb79ca
688e6a4ffeeae81c9e970e03081de1fe26afac9a
f739552ded4074fa25475c5a5ed9c49dc0a769e791e9916b5d8bcbc044f8818a

HTTP Headers

GET /img/comments/person-sweep-15.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 1067
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-42b"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X8qCvF7AlF6%2Fr1NHH77t1D0SM7sqRNeBNCe%2FFGqe5%2BLwEIHl%2BDCOuiUnmZ6qjaC%2FWRu8dsUVvb2eu2rlrODO%2FYgH2QDcFWiN%2BMS13eVfWG4o8gqhGveP16WWBOgFNoZSprv%2ButbUSCDA1JU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17ac0e5eb515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/comments/person-sweep-1.jpg

172.67.75.79

200 OK

3.9 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/comments/person-sweep-1.jpg
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, datetime=2017:06:15 10:57:43], baseline, precision 8, 50x52, components 3\012- data
Size
3.9 kB (3900 bytes)
Hash
72c067fe856886245e7c47c7ff84e041
5210cb05f897db334c61f8971ccec9a7396ea8a7
9a106ad9f340c7bafdd365ea1ad24b9336c304b1e72653eb58e84b5604471030

HTTP Headers

GET /img/comments/person-sweep-1.jpg HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/jpeg
content-length: 3900
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-f3c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOlTKAkqBs7MuFjZn%2FxBajmqnUkb2ytPpvQaEMHROpPRFk%2FpNd%2FJ7vNnMUd6d8n9Nf5SehVfSbxpciFu9YvM9AAYMoTwqV%2FIv1bO3%2BpnEnevXn2NyvO6EW8lsWPE043vJPOgO6PhGq1Rv3I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17abee4bb515-OSL
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/img/sweep/tokens10k.png

172.67.75.79

200 OK

67 kB

URL HTTP/2
p12.sweepstakessurvey.org/img/sweep/tokens10k.png
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 480 x 500, 8-bit colormap, non-interlaced\012- data
Size
67 kB (66622 bytes)
Hash
7226e7c7102de83aea128e7417e87779
1777a0c66bd17c26c4da8462efa8975342581a4d
2cb3f101f3327f07baf3bcd509372a6058d871da12ae0661771a5c7c339fff36

HTTP Headers

GET /img/sweep/tokens10k.png HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: image/png
content-length: 66622
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: "63920b4f-1043e"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjiqyPA031VnO199WtGBOj6r5djXheU71to4JEgaA0ukOQCGRBYT%2B0A2V7inVHnGhOADJWBXtBbMO2Jd5x3luaCaQbUNlkkCxUdXfHVTlZNO%2B5I9CMD6R5qMrQSK8LgnJE6aRvOXFKC%2B4tc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17ac0e64b515-OSL
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.155.171.116

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.155.171.116:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NH5je52hbx49Q6sEu1pQMQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: t3G+A4bMiupMoVeFRFrAO+mTvz0=

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
f93fe0c44e63867b7f8553c1ca73460e
e664d98cd9803e5f179af596d8a2f50d79fc92b0
dbb9ed743e3bf5d61dd66e676c81d5e2a43c8287d61ef34d90b6c7790ca6106e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 01:50:53 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 06 Dec 2022 01:33:16 GMT
Expires: Tue, 13 Dec 2022 01:33:15 GMT
Etag: "e664d98cd9803e5f179af596d8a2f50d79fc92b0"
Cache-Control: max-age=343941,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 776a17ad3febb50c-OSL

datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

139.45.195.253

200 OK

12 B

URL HTTP/1.1
datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
IP
139.45.195.253:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 904
Origin: https://p12.sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 09 Dec 2022 01:50:53 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://p12.sweepstakessurvey.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ocsp.globalsign.com/gseccovsslca2018

151.101.194.133

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
151.101.194.133:0
ASN
#54113 FASTLY

File type
data
Size
939 B (939 bytes)
Hash
7871636598949d6675770d533d77ee44
7ab72c265b5e4572ee53d378734d8296e28d8978
e643587ab52b4e4631f47209d3a27e2530ccff3e0638f1751919ed4b30b1bc7c

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Mon, 12 Dec 2022 23:59:17 GMT
ETag: "7ab72c265b5e4572ee53d378734d8296e28d8978"
Last-Modified: Thu, 08 Dec 2022 23:59:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 09 Dec 2022 01:50:53 GMT
Age: 2738
X-Served-By: cache-qpg1244-QPG, cache-bma1679-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 133
X-Timer: S1670550653.151119,VS0,VE0

mc.yandex.ru/metrika/tag.js

87.250.250.119

200 OK

74 kB

URL HTTP/2
mc.yandex.ru/metrika/tag.js
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (598)
Size
74 kB (73711 bytes)
Hash
fb08b4dcffe04b350ba8e7ab80a999a1
dae801d33784397b3ff8fec4b8e7682c4baecea9
62bc4d320a556ec3c63dca1ce47d9e55a2bc15c4eef472f15e5adfb5fd451ad6

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 73711
date: Fri, 09 Dec 2022 01:50:53 GMT
access-control-allow-origin: *
etag: "6391b12a-11fef"
expires: Fri, 09 Dec 2022 02:50:53 GMT
last-modified: Thu, 08 Dec 2022 12:40:58 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/advert.gif

87.250.250.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 01:50:53 GMT
access-control-allow-origin: *
etag: "6391b12a-2b"
expires: Fri, 09 Dec 2022 02:50:53 GMT
accept-ranges: bytes
last-modified: Thu, 08 Dec 2022 12:40:58 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A234%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A176525006%3Arqn%3A1%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C49%2C0%2C%2C0%2C%2C100%2C2%2C%2C%2C%2C288%3Aco%3A0%3Ans%3A1670550651574%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29

87.250.250.119

200 OK

400 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A234%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A176525006%3Arqn%3A1%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C49%2C0%2C%2C0%2C%2C100%2C2%2C%2C%2C%2C288%3Aco%3A0%3Ans%3A1670550651574%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Size
400 B (400 bytes)
Hash
cf67787e4ca8b7c44994ce321c89895b
0470f4bccef0e0764f5606dfcdccb13ac5b99089
8538e9eb70f784fe893f047317a12c885b03cc973a82caf83de68013daa0a84d

HTTP Headers

GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A234%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A176525006%3Arqn%3A1%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C49%2C0%2C%2C0%2C%2C100%2C2%2C%2C%2C%2C288%3Aco%3A0%3Ans%3A1670550651574%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://p12.sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 400
date: Fri, 09 Dec 2022 01:50:53 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://p12.sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 01:50:53 GMT
last-modified: Fri, 09-Dec-2022 01:50:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonSurveyStart&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A953213171%3Arqn%3A2%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1084%2C1084%2C0%2C%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(2)aw(1)fip(1)ti(2)

87.250.250.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonSurveyStart&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A953213171%3Arqn%3A2%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1084%2C1084%2C0%2C%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(2)aw(1)fip(1)ti(2)
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonSurveyStart&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A953213171%3Arqn%3A2%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1084%2C1084%2C0%2C%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(2)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
Origin: https://p12.sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 01:50:53 GMT
access-control-allow-origin: https://p12.sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 01:50:53 GMT
last-modified: Fri, 09-Dec-2022 01:50:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonUnique&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A794417915%3Arqn%3A4%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2)

87.250.250.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonUnique&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A794417915%3Arqn%3A4%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2)
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonUnique&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A794417915%3Arqn%3A4%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(4)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://p12.sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 01:50:53 GMT
access-control-allow-origin: https://p12.sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 01:50:53 GMT
last-modified: Fri, 09-Dec-2022 01:50:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A234%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A176525006%3Arqn%3A1%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C49%2C0%2C%2C0%2C%2C100%2C2%2C%2C%2C%2C288%3Aco%3A0%3Ans%3A1670550651574%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)

87.250.250.119

302 Found

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A234%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A176525006%3Arqn%3A1%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C49%2C0%2C%2C0%2C%2C100%2C2%2C%2C%2C%2C288%3Aco%3A0%3Ans%3A1670550651574%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A234%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A176525006%3Arqn%3A1%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C49%2C0%2C%2C0%2C%2C100%2C2%2C%2C%2C%2C288%3Aco%3A0%3Ans%3A1670550651574%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://p12.sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A234%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A176525006%3Arqn%3A1%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C49%2C0%2C%2C0%2C%2C100%2C2%2C%2C%2C%2C288%3Aco%3A0%3Ans%3A1670550651574%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Fri, 09 Dec 2022 01:50:53 GMT
access-control-allow-origin: https://p12.sweepstakessurvey.org
set-cookie: yabs-sid=1585616041670550653; Path=/; SameSite=None; Secure
i=+k2xxFg/vdy6DQQ2Tk41WsfNFzDqkODmamOvuHs3+ukbclv7ZbjOEVJiLtOADaoIHUgyabUs5CGRE7KJM5Z+nrRiS/c=; Expires=Mon, 06-Dec-2032 01:50:23 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=2554779341670550653; Expires=Sat, 09-Dec-2023 01:50:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2554779341670550653; Expires=Sat, 09-Dec-2023 01:50:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1702086653.yc.1670550653#1702086653.yrts.1670550653#1702086653.yrtsi.1670550653; Expires=Sat, 09-Dec-2023 01:50:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 01:50:53 GMT
last-modified: Fri, 09-Dec-2022 01:50:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonStepChange&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A801816497%3Arqn%3A5%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2)

87.250.250.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonStepChange&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A801816497%3Arqn%3A5%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2)
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonStepChange&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A801816497%3Arqn%3A5%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(5)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://p12.sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 01:50:53 GMT
access-control-allow-origin: https://p12.sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 01:50:53 GMT
last-modified: Fri, 09-Dec-2022 01:50:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cdntechone.com/stattag.js

188.114.97.1

200 OK

5.3 kB

URL HTTP/2
cdntechone.com/stattag.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12932), with no line terminators
Size
5.3 kB (5259 bytes)
Hash
60bb42a0dcbe5f79b323ffe7d799fab0
791d6e02b6dc835c9d6977173080e7fb26f1356c
2b9b2aa575221d3dea186580b23a8926f63bb3a41246a03e77d4fbd77d1157fd

HTTP Headers

GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:35 GMT
etag: W/"637e3737-3284"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5238
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9QH4lrxsEFQD6msQYBy8I5EzOdDCQJ39dDHBWRfI9o%2BlmGv48jiXjLjKqWzGZd5tylvXaoZVQeN3DE%2F1F4aNb5NO0161nQpvDCvwW2yWCL3beKhe6epOPLcrOTDaLuhwhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776a17abea3d0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A886166831%3Arqn%3A7%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2)

87.250.250.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A886166831%3Arqn%3A7%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2)
IP
87.250.250.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/66423859/1?page-url=goal%3A%2F%2Fp12.sweepstakessurvey.org%2FonTrafficQualityCheck&page-ref=https%3A%2F%2Fp12.sweepstakessurvey.org%2Fsweep.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1670550653_91a3ae6af4750faa347bc8da70d994cebf5c6013e56bfff2b0435302c1fa33f9&browser-info=ar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A941%3Acn%3A1%3Adp%3A0%3Als%3A95410338272%3Ahid%3A590365994%3Az%3A0%3Ai%3A20221209015052%3Aet%3A1670550653%3Ac%3A1%3Arn%3A886166831%3Arqn%3A7%3Au%3A1670550653984471774%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670550651574%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670550653%3At%3ADear%20user&t=gdpr(14)mc(g-6)clc(0-0-0)rqnt(7)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Origin: https://p12.sweepstakessurvey.org
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 01:50:53 GMT
access-control-allow-origin: https://p12.sweepstakessurvey.org
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 01:50:53 GMT
last-modified: Fri, 09-Dec-2022 01:50:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4268
Expires: Fri, 09 Dec 2022 03:02:02 GMT
Date: Fri, 09 Dec 2022 01:50:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4268
Expires: Fri, 09 Dec 2022 03:02:02 GMT
Date: Fri, 09 Dec 2022 01:50:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4268
Expires: Fri, 09 Dec 2022 03:02:02 GMT
Date: Fri, 09 Dec 2022 01:50:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4268
Expires: Fri, 09 Dec 2022 03:02:02 GMT
Date: Fri, 09 Dec 2022 01:50:54 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf0d40ad-816d-4ea8-aef7-00a5af1b8c9b.png

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf0d40ad-816d-4ea8-aef7-00a5af1b8c9b.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4840 bytes)
Hash
34a9b9b25e57f612db5560cd05e44cce
433e295328d6c821a1df907c232bff4195e2860b
139dc677e5725c98a5d90d19b206a34a4c9f43ad87cf1d322881381e992bd5b5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf0d40ad-816d-4ea8-aef7-00a5af1b8c9b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 26914070-22ad-49fd-bacb-7842dcb203b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LZPGd-oAMF5OA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925907-5c62555a65327ff934ae232e;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gkClPXMpz53Lmf56qAHXyd3IcOjTGjcBonaTpq2_4v7XRxPFv8q8QA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:49:12 GMT
age: 14502
etag: "433e295328d6c821a1df907c232bff4195e2860b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5530 bytes)
Hash
a22fc7807fb3337f0af5e546c7ad366a
0d5969394b370a5c77c53ed58f55e5f8a45da3ab
98b4f4fd27dc036697fb0328083bce6e691b7493428f3a54991087d9d1165d97

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5530
x-amzn-requestid: adecbb8c-cec3-46a0-b32c-0026b8421fe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4d8Fg6IAMF61g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903abf-4bcb385f27cb438c36a2cd5e;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHRqiTOztNQMPykKUfiEUFYVlLF4E4y9GVCT2g48MAvOyG-KZQkb8Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:58:06 GMT
age: 64368
etag: "0d5969394b370a5c77c53ed58f55e5f8a45da3ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7DwFYUoAI9x-ruRySpsSAXQZnxrXxUACrXp568TGZ2JSppZ1UC0uWg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:09:44 GMT
age: 67270
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe7732c6-dc98-445c-86c6-d413942250ea.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10205 bytes)
Hash
45e0c1638ad919bde19731f7987ab064
1e492807c665e6e6b24ec6ce19035fdfc6f23b92
f0d3738ec8406958470c8fd152a02a123d7654c30f974c1df5c4977a380c2d62

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe7732c6-dc98-445c-86c6-d413942250ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10205
x-amzn-requestid: c5704c7a-60c4-402b-8018-5885a8dae971
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F9BIAMF3ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-3e9573d900714e3250f43e17;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mLTL7L808-OguYGrl3FUvwmFmPQjBPRj7PVfgEheFHWg4g4skoBvOg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 18:05:28 GMT
age: 27926
etag: "1e492807c665e6e6b24ec6ce19035fdfc6f23b92"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11027 bytes)
Hash
8d1605154a552a8c3165c1358ea2e185
2e677da1f57c112d984180ead80481e8797ff2e8
12b075ad3e786dc68ab3fab1e4ce9d6f7810bdebc7bdafd993e19bc5bc7c0abc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11027
x-amzn-requestid: e0d56100-13aa-44e5-ae80-bedfeece87db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwV19EUOIAMFjcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900359-5a5402381d61db921a00404d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:07:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7ET6kgGgWAKa4_CFCgSwnN8m7FnplxP7zOp8lEyodxn5lmlIIHD4vQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 03:38:24 GMT
age: 79950
etag: "2e677da1f57c112d984180ead80481e8797ff2e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/config/data/sd-501.js?v=10

172.67.75.79

200 OK

6.7 kB

URL HTTP/2
p12.sweepstakessurvey.org/js/config/data/sd-501.js?v=10
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4820), with no line terminators
Size
6.7 kB (6712 bytes)
Hash
d40d64138fb232900edc335a18ec60a3
7aaa37b624018fc432330896a690e3fe6b473297
3084226ad48c53f2fa52cd32e8fba149d496819d41dd4f1fc5fb5314a569e7b9

HTTP Headers

GET /js/config/data/sd-501.js?v=10 HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
etag: W/"63920b50-12d4"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MTUA2kgNZ6AbYpL%2ByJfZL2ewc94Tdq0a0J67E7%2F%2Fd1BtLgZJ9E6pNmJpXdFDW47h0fXetjF%2BmkcSYTLZTA%2FfB8TMd57r4S6Ma6M%2FTAl7Jb1tVoomXW14NFU9Et6ooquXoNnfSruKkyvZ1UU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a9bd59b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/v-URLSearchParams.js.f8f87c95.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/v-URLSearchParams.js.f8f87c95.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-URLSearchParams.js.f8f87c95.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-dc"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RN9oUC%2FRBy7FZObjyHyxCAXB3BcQIPme%2FNsy%2FJ7sl%2BEqVbZUXrrBfwhwRApIAAmN469YIr2zhKdEPNrzbD%2BVuVncMxCz7bFL8LggCl5tsCGbCiJ141fLdkfxVg1gZxuWnWdEB0rG%2BBJ9Dw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83c9ab515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/survey.11.8b95534f.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/survey.11.8b95534f.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/survey.11.8b95534f.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-33bd6"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUcJoLd5ZRnRT2pAPeZQzzJwFcz%2F%2FgV%2F%2Bds456hPlSTtjmsPwHoUOn2feFvVpcz8VmP7ThNobaeKYvFGj2mYaahCAtcloCgbBNaNoFssi26Tr1wUyQQIXJwrMDFshFDe6cgx6dWf6a7%2BAKk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a84ca5b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/rtc.e1fb7744.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/rtc.e1fb7744.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/rtc.e1fb7744.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-29d4"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkd4lD2ji%2BnVUlY1JOHmvo4PME%2BABRw71EmVToq5xc%2FjMXGQ7O20iJNNFobmKX8Ccmfw2jdF%2Bvb4ZB6RS7rbkLt8fxcNlo4%2B4WDs8GtfjvmVYpcqyG8ZjtDGGF67U70wee5%2Bpz4COtj7e8U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a82c95b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/sweep.bbce1b64.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/sweep.bbce1b64.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/sweep.bbce1b64.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
etag: W/"63920b50-d3"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vve71Xyeat%2Bptf814O9fOfn0631myxJHbcoRk0Ew8nGaSHpaKKNkZoDJ4E4rO90z611QwuB4zX3eSw9%2FvfhpBW%2FNG3lcZ7ND6nKmKvJ%2BlSgxtiGR7KLiLghGk3RgySKB2awpDJKdoPVnhwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a84ca6b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/favicon.ico

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/favicon.ico
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:53 GMT
content-type: image/x-icon
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-47e"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QWsc6OP5cIXeyDDyN1kdjS2vimi6oVA2XJKrp5pEwKcg18f8FSkJ0m901WC5fwt4dLmu%2BxF21iYWiYSlJLN9Plwl%2BMegkHXqWFLicvURDPcJ%2F6Sa%2BNLMRn%2B2BZScpwMG1xNqrQzilGNGgPE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17ad8ee2b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/config/comments/en-sweep.json

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/config/comments/en-sweep.json
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/config/comments/en-sweep.json HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/json
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
etag: W/"63920b50-12f9"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aFMkurNnys79xnorJmSPcfD8O215ag6bZBzWOQ6bxY33NFzkJVwiohuCiaiHsx80n%2BIsj3AoF88CSvd6jrRCflcUByb6KcLh9COZhA32snP6jmyd3CmSwLltHJAHres0XvIYwaSr3DkHpgo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17ab3e09b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/v-index.js.209a329e.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/v-index.js.209a329e.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-index.js.209a329e.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-92d3"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8v6pXm5h601bYGTQp1mO7cHJe%2F8o3vvuH%2F1ExR1%2F89JfxWSaEt44Q2UwiM6ZSX%2FeC2bucTzAkdflW2eB6PtL3mFnJ4h5kIaUgSyf3BJ%2FnLApfrMNNUU1UumWNYueyZo6uANGdJMq4a%2F5zk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83c96b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/css/sweep.30d46ce2.css

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/css/sweep.30d46ce2.css
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/sweep.30d46ce2.css HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-f38c"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5%2FWXmV%2BRvTrresuTUPzR%2FdBzpMU6Ykq3oY7WqXtHtQEon3RH0SFsOictZFb%2FthHW65WN7C%2FaJGSzzNmZI%2Fg57H075u8ExbogJu8%2FP%2FRXay%2BM6RpSxMSFE8kGAI547U%2F24XtSITWyc4YqM8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83c9db515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/each-land-config.97d1826a.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/each-land-config.97d1826a.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/each-land-config.97d1826a.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-1033a"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXwsCjjPs4AUbwowd4p4jFEFxcLN8CWpXiLT3EYbfXWmLsvMzA%2F1pUOGp%2BzEAS%2BSSxJ6pAN4hs52OMVgkO2pop2JVae6Mq4SmiB6ysET1CfRPUu5e%2B2lUlLHXbfzXv%2BFlCvM2mYrL7TFfto%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83c9bb515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/sweep.html

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/sweep.html
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sweep.html HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: text/html
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kf9znu%2Bc8OfPlc9BeaVOtheYsmicHk7TRhE9cpEQ%2BRZwBmZxNchy5mEUDGfgHVcswFnp4cCa6RXPHr6%2FwS5k%2FhFWlgutJFT5LbyTEU%2BbCVnX2l%2B7SDpNYUyVnAHFpQtPi9MQOjdcjnhKBlo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a71c2ab515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/_global-config-sd.975f2fa5.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/_global-config-sd.975f2fa5.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/_global-config-sd.975f2fa5.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
etag: W/"63920b50-1db"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kQDSmlYaTcZaTVDL1sNEGC10TAwgb4bRCQI%2BdJq1xcml%2FJD6SoZEmORuTtNk6dXdlo1vVnOO6soiapd%2Fzm6I6MTuwCa2YuKrgRH7HrBMMM9nXNGHLxDJ8ltP%2FYpyIePli0zjYINZN8aStsE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a82c94b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/css/survey.cd8123e3.css

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/css/survey.cd8123e3.css
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/survey.cd8123e3.css HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-4a5a"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JgROVLLP3rEVc3%2Bj%2F3d6bNxLW7v0%2FsSV08jW8MoXn1biJGc9oEA837ZoOMV%2FZWeX0BJoCrKRiVT68Uu0bQSr79StilTMLarSHY82Wv5hRz3OUbqaLZh7xhSDxf286ehgge9o9AA65zT71bE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83c9cb515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/css/sweep_3.6202d0ce.css

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/css/sweep_3.6202d0ce.css
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/sweep_3.6202d0ce.css HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 16:05:35 GMT
vary: Accept-Encoding
etag: W/"63920b4f-1468"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MI4wK1fK27boImIhZK%2BpwujTyqnWZjLWfsIs0w%2B9yHH9G5ItHPg4Dezhj8mzEi24ANfmdW5wMJHxBs1BdLeZ5e7%2F6DWTRfji9JKqTNIr90HteUc%2BtUm7wcDaCWCLxjgI61Y3LM7lIbGem3o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a83c9fb515-OSL
content-encoding: br
X-Firefox-Spdy: h2

p12.sweepstakessurvey.org/js/v-redux-toolkit.esm.js.d71e3cf0.js

172.67.75.79

200 OK

0 B

URL HTTP/2
p12.sweepstakessurvey.org/js/v-redux-toolkit.esm.js.d71e3cf0.js
IP
172.67.75.79:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/v-redux-toolkit.esm.js.d71e3cf0.js HTTP/1.1
Host: p12.sweepstakessurvey.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 01:50:52 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 16:05:36 GMT
vary: Accept-Encoding
etag: W/"63920b50-289c"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpylepM5jOwauPwjzx8CA0VS71YAE8nK3URUatGfmBbo262PP0mKcTeaW0wUE5s0gai4CBODyqgyuVNeDRhRxcURWKfujIPd386QlnXdKU0xLfSr1s7DTZE%2BihTe3go4%2BFjmvRF4KaoJNhE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776a17a84ca3b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations