lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
52.19.101.114200 OK 2.3 kB URL User Request GET HTTP/1.1 lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
IP 52.19.101.114:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1052)
Hash 74767ce9fa35ee52c5af2ddee618bf45
7f6a7a3e369f3940ff097b189cb9b019ab03151b
cb2840b7416056a5f9c9e347a3f30a9b641799872fbd1f4ffb4d96a437e45fb1
GET /c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__ HTTP/1.1
Host: lsel.pollsandpromotions.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 May 2023 17:01:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: unique_id=646f946f000ae58c; Path=/; Expires=Mon, 24 Jul 2023 17:01:35 GMT
unique_id2=646f946f000aec27; Path=/; Expires=Wed, 23 Aug 2023 17:01:35 GMT
impression=; Path=/; Expires=Thu, 25 May 2023 17:01:35 GMT
Content-Encoding: gzip
cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js?1683207405
104.17.24.14200 OK 23 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js?1683207405
IP 104.17.24.14:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (63851)
Hash 6ceffd5b35d350764ce6cb72313190f5
1a8bcae2241d253c1a41050b20c840d29878f3ae
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
GET /ajax/libs/gsap/3.9.1/gsap.min.js?1683207405 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 17:01:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 22890
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61c68a7c-596a"
last-modified: Sat, 25 Dec 2021 03:05:32 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2069635
expires: Tue, 14 May 2024 17:01:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nx2A7I0mhEOydRhkaD0Xdy71DCW%2BH2p0rMy1EJ0IkQWADqFcn%2BoLztjbVvxkL1GuUUKJifmV7kgG8MhXlJTAfGnWLD%2F9ypJAfJTIelClOrgXKdJiQzDjHQ5S1yYu0OqK2zCUUB74"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7ccf575d88acb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226 1.4 kB URL ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 61b4d40c7f4b9b80afc95fa33a622ca3
6f01c46dd7cbb32b7f37fdf0b2b3e77a5b35902b
5c143547f1bbed3233ddb29d8ede42d301bf5d0ce120b8eefb8419f48d70d888
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 May 2023 17:01:36 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 29 May 2023 14:34:35 GMT
ETag: "6f01c46dd7cbb32b7f37fdf0b2b3e77a5b35902b"
Last-Modified: Thu, 25 May 2023 14:34:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2747
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ccf575e9c04b503-OSL
api.imotech.video/ad/events.js?pixel_id=902760083831232256
104.166.188.188200 OK 6.1 kB URL GET HTTP/2 api.imotech.video/ad/events.js?pixel_id=902760083831232256
IP 104.166.188.188:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerGlobalSign nv-sa
Subject*.imotech.video
FingerprintA0:67:1C:F6:41:66:7E:FA:52:CC:92:38:EA:B5:88:77:7A:A4:6B:D0
ValidityTue, 05 Jul 2022 02:31:37 GMT - Sun, 06 Aug 2023 02:31:36 GMT
File type Unicode text, UTF-8 text, with very long lines (17299), with no line terminators
Hash 65e92d1f5cd6a66edd798d8e31a0f5a4
ee20b1d89622bcf1787c29b0480e6547996acadf
b047e3cd894e371bc43a81292ba872d0f81fd03a8a9e66aa7e063c7e96f76098
GET /ad/events.js?pixel_id=902760083831232256 HTTP/1.1
Host: api.imotech.video
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: openresty/1.13.6.1
date: Thu, 25 May 2023 17:01:36 GMT
content-type: application/json,application/javascript;charset=utf-8
content-length: 6084
access-control-allow-origin: *
content-encoding: gzip
cache-control: private, max-age=900
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/landings/279321/1683207405/js/main.js?1683207405
23.36.76.194200 OK 1.7 kB URL GET HTTP/1.1 cdn-adef.akamaized.net/landings/279321/1683207405/js/main.js?1683207405
IP 23.36.76.194:443
ASN #20940 Akamai International B.V.
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT
Hash eb86cde28d0545695ec8823f6617fd6c
37b6641f75ab1b1b1e2bd375b56c40ccbc90f9ec
125d8a743888e128f1cc2cfec48f256aed9c7bb9ea64edb15cbcc04eb245ee19
GET /landings/279321/1683207405/js/main.js?1683207405 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 8BwthT3/GfodSZEN3c11t/9wMsRIcanZQu1n/0xYy5v1XENtZjSlMQgsi/PggWDf1o8EHEkLSKM=
x-amz-request-id: A5AR6QH1E8E9B1E3
Last-Modified: Thu, 04 May 2023 13:36:47 GMT
ETag: "eb86cde28d0545695ec8823f6617fd6c"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 25 May 2023 17:01:36 GMT
Content-Length: 1741
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/279321/1683207405/css/basics.css?1683207405
23.36.76.194200 OK 2.6 kB URL GET HTTP/1.1 cdn-adef.akamaized.net/landings/279321/1683207405/css/basics.css?1683207405
IP 23.36.76.194:443
ASN #20940 Akamai International B.V.
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (402), with CRLF line terminators
Hash feea073aa0772036f71c27d106669d52
7d8e3e3fcb6d4861a697776e8251ecdda82010b9
b27f84b7f975f53fd584c19c8265031705fdca39c62aa16e1ab88ab3a4f76f35
GET /landings/279321/1683207405/css/basics.css?1683207405 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 1IUphsCaGlhrBgWKHI+dcisa316eGCBK8gFzzr9W3olG8DKeOp8Jnczzwk64dlbdYXWnIqcfvio=
x-amz-request-id: A5AH68T37EZJC1ZM
Last-Modified: Thu, 04 May 2023 13:36:47 GMT
ETag: "feea073aa0772036f71c27d106669d52"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 25 May 2023 17:01:36 GMT
Content-Length: 2626
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/279321/1683207405/js/collector.js?1683207405
23.36.76.194200 OK 1.1 kB URL GET HTTP/1.1 cdn-adef.akamaized.net/landings/279321/1683207405/js/collector.js?1683207405
IP 23.36.76.194:443
ASN #20940 Akamai International B.V.
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 530a1ee9078c63b05445580074efe74f
17888910ee0abdd5b9d59bfc8b97cb58bb923802
aa6be0b532f192e97e4b097b9c0f62dbc6e4563b8abc249517483ca814285afe
GET /landings/279321/1683207405/js/collector.js?1683207405 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 5pIfiLUj2KeZ+uZCdgCAgzW8U9oDniLUGDLGxwsJRtQRPUtCe06aaII9fyHjooGfx4QwtMfu0Zg=
x-amz-request-id: A5AMP8SBNWXTD4VW
Last-Modified: Thu, 04 May 2023 13:36:47 GMT
ETag: "530a1ee9078c63b05445580074efe74f"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 25 May 2023 17:01:36 GMT
Content-Length: 1134
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdnjs.claudflare.io/ajax/libs/jquery/3.6.0/d/jquery.min.js?1683207405
206.189.196.86200 OK 92 kB URL GET HTTP/1.1 cdnjs.claudflare.io/ajax/libs/jquery/3.6.0/d/jquery.min.js?1683207405
IP 206.189.196.86:443
ASN #14061 DIGITALOCEAN-ASN
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerLet's Encrypt
Subjectcdnjs.claudflare.io
FingerprintBF:D4:AB:9A:D0:EB:75:E1:A0:33:BA:D0:58:58:99:64:E0:75:B9:0C
ValidityThu, 06 Apr 2023 22:54:27 GMT - Wed, 05 Jul 2023 22:54:26 GMT
File type ASCII text, with very long lines (65447)
Hash 1b8f799313e9c99c29b8e772090c6584
1295d7b92d351b3a17b061367641313b62b0266d
193381be618f4d1e7c8081a4ee68c3b406ebfc2dee86a704b012c0c88ae6e877
Analyzer Verdict Alert quad9 Sinkholed
GET /ajax/libs/jquery/3.6.0/d/jquery.min.js?1683207405 HTTP/1.1
Host: cdnjs.claudflare.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.22.0 (Ubuntu)
Date: Thu, 25 May 2023 17:01:36 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 92013
Connection: keep-alive
Cache-Control: public, max-age=43200
Expires: Fri, 26 May 2023 05:01:36 GMT
api.imotech.video/ad/pixelfile.html
104.166.188.188200 OK 1.9 kB URL GET HTTP/2 api.imotech.video/ad/pixelfile.html
IP 104.166.188.188:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerGlobalSign nv-sa
Subject*.imotech.video
FingerprintA0:67:1C:F6:41:66:7E:FA:52:CC:92:38:EA:B5:88:77:7A:A4:6B:D0
ValidityTue, 05 Jul 2022 02:31:37 GMT - Sun, 06 Aug 2023 02:31:36 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 276e9f07c55ed5404d2b4118da99c454
f3556fab4dbc2f9dc0ed954685e733466a44cae2
906f6effab44b23ce90ce63d03fea117c7a9346983bd27972b37f4085d561869
GET /ad/pixelfile.html HTTP/1.1
Host: api.imotech.video
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: openresty/1.13.6.1
date: Thu, 25 May 2023 17:01:37 GMT
content-type: application/json,text/html;charset=utf-8
content-length: 1888
X-Firefox-Spdy: h2
tt.stfilecamp.com/jsfiles/site-protect2.0.js
205.185.216.42200 OK 3.1 kB URL GET HTTP/2 tt.stfilecamp.com/jsfiles/site-protect2.0.js
IP 205.185.216.42:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerLet's Encrypt
Subjectstfilecamp.com
FingerprintD9:D1:1B:D4:61:43:A2:E8:66:78:49:BD:B6:F7:72:58:0A:61:2E:19
ValidityTue, 02 May 2023 07:05:53 GMT - Mon, 31 Jul 2023 07:05:52 GMT
Hash fc96ab06b0f9fcea6731405215ae5daf
8af9f27d895eb69754919a2fc0d74760fecd3860
9243e166cbcd628fd992eba59544ebf99328fd4db7c0c08c2fb28a7af14d759e
GET /jsfiles/site-protect2.0.js HTTP/1.1
Host: tt.stfilecamp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 17:01:37 GMT
cache-control: max-age=2343
content-length: 3137
content-type: text/javascript
last-modified: Mon, 27 Feb 2023 13:49:23 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "fc96ab06b0f9fcea6731405215ae5daf"
x-amz-request-id: tx0000000000000b872766e-00646f8f88-652bc218-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1685034097.dop202.sk1.t,1685034097.cds222.sk1.hn,1685034097.cds231.sk1.c
X-Firefox-Spdy: h2
cdn.stfilecamp.com/stormtrk.js
205.185.216.10200 OK 6.8 kB URL GET HTTP/2 cdn.stfilecamp.com/stormtrk.js
IP 205.185.216.10:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerLet's Encrypt
Subjectstfilecamp.com
Fingerprint8E:29:42:AB:6B:6C:A3:84:A2:28:12:0F:47:43:FB:7A:88:81:70:0A
ValiditySat, 29 Apr 2023 15:08:05 GMT - Fri, 28 Jul 2023 15:08:04 GMT
Hash 39e5f8ad757fe438c784e8d883e47ab0
6b2905489485100c83605f43186c5843031e1f3b
e421906cc3be04e5f6795074c0a91e5a194f218b3f8c57adfed0f4d315dd445a
Analyzer Verdict Alert fortinet Phishing
GET /stormtrk.js HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 17:01:37 GMT
cache-control: max-age=2945
content-length: 6807
content-type: text/javascript
last-modified: Sat, 24 Dec 2022 08:48:24 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "39e5f8ad757fe438c784e8d883e47ab0"
x-amz-request-id: tx00000000000002e0b3584-00646f91e2-35e189a3-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1685034097.dop223.sk1.t,1685034097.cds238.sk1.hn,1685034097.cds014.sk1.c
X-Firefox-Spdy: h2
api.imotech.video/bigoad/trackingview?it=1685034097005&title=Cash%20App%20%24750%20gift%20card&referer=&resolution=1024*1280&lang=en-US&url=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__&host=lsel.pollsandpromotions.site&cookie_id=BA1.1.4413348574.1685034097&session_id=BA1.1.3348572966.1685034097&pixel_id=902760083831232256&ts=1685034097013&extra=%7B%22action%22%3A%22init%22%2C%22wst%22%3A450%2C%22drt%22%3A1587%2C%22lgt%22%3A1602%7D
104.166.188.188200 OK 104 B URL POST HTTP/2 api.imotech.video/bigoad/trackingview?it=1685034097005&title=Cash%20App%20%24750%20gift%20card&referer=&resolution=1024*1280&lang=en-US&url=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__&host=lsel.pollsandpromotions.site&cookie_id=BA1.1.4413348574.1685034097&session_id=BA1.1.3348572966.1685034097&pixel_id=902760083831232256&ts=1685034097013&extra=%7B%22action%22%3A%22init%22%2C%22wst%22%3A450%2C%22drt%22%3A1587%2C%22lgt%22%3A1602%7D
IP 104.166.188.188:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerGlobalSign nv-sa
Subject*.imotech.video
FingerprintA0:67:1C:F6:41:66:7E:FA:52:CC:92:38:EA:B5:88:77:7A:A4:6B:D0
ValidityTue, 05 Jul 2022 02:31:37 GMT - Sun, 06 Aug 2023 02:31:36 GMT
File type ASCII text, with no line terminators
Hash c81d7453ec21fec3c621e6d967f64565
b883dcdb6baf2d2188127597a0b6eebaaa226fe8
5cd7e9a282519a9b04d29bf8cbc50fb676b93e6818bd3f9626717d2dd4202f5a
POST /bigoad/trackingview?it=1685034097005&title=Cash%20App%20%24750%20gift%20card&referer=&resolution=1024*1280&lang=en-US&url=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__&host=lsel.pollsandpromotions.site&cookie_id=BA1.1.4413348574.1685034097&session_id=BA1.1.3348572966.1685034097&pixel_id=902760083831232256&ts=1685034097013&extra=%7B%22action%22%3A%22init%22%2C%22wst%22%3A450%2C%22drt%22%3A1587%2C%22lgt%22%3A1602%7D HTTP/1.1
Host: api.imotech.video
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lsel.pollsandpromotions.site
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: openresty/1.13.6.1
date: Thu, 25 May 2023 17:01:37 GMT
content-type: application/json
content-length: 104
bigotraceresponse: 00-b28086ee304acfab530d53881dbbb951-0-00
X-Firefox-Spdy: h2
api.imotech.video/bigoad/trackingview?it=1685034097005&title=Cash%20App%20%24750%20gift%20card&referer=&resolution=1024*1280&lang=en-US&url=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__&host=lsel.pollsandpromotions.site&cookie_id=BA1.1.4413348574.1685034097&session_id=BA1.1.3348572966.1685034097&pixel_id=902760083831232256&ts=1685034097015&extra=%7B%22action%22%3A%22page_view%22%2C%22wst%22%3A450%2C%22drt%22%3A1587%2C%22lgt%22%3A1602%7D
104.166.188.188200 OK 104 B URL POST HTTP/2 api.imotech.video/bigoad/trackingview?it=1685034097005&title=Cash%20App%20%24750%20gift%20card&referer=&resolution=1024*1280&lang=en-US&url=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__&host=lsel.pollsandpromotions.site&cookie_id=BA1.1.4413348574.1685034097&session_id=BA1.1.3348572966.1685034097&pixel_id=902760083831232256&ts=1685034097015&extra=%7B%22action%22%3A%22page_view%22%2C%22wst%22%3A450%2C%22drt%22%3A1587%2C%22lgt%22%3A1602%7D
IP 104.166.188.188:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerGlobalSign nv-sa
Subject*.imotech.video
FingerprintA0:67:1C:F6:41:66:7E:FA:52:CC:92:38:EA:B5:88:77:7A:A4:6B:D0
ValidityTue, 05 Jul 2022 02:31:37 GMT - Sun, 06 Aug 2023 02:31:36 GMT
File type ASCII text, with no line terminators
Hash 0b38cb9ece7b04ac6b4d93514e425ee2
4ff3962e2d9900aed99ebe3f17629656a4320b4f
e32b14ac8d4c84f185f84e774d72373df4d32926ecaf776af7f14a8a38dfc331
POST /bigoad/trackingview?it=1685034097005&title=Cash%20App%20%24750%20gift%20card&referer=&resolution=1024*1280&lang=en-US&url=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__&host=lsel.pollsandpromotions.site&cookie_id=BA1.1.4413348574.1685034097&session_id=BA1.1.3348572966.1685034097&pixel_id=902760083831232256&ts=1685034097015&extra=%7B%22action%22%3A%22page_view%22%2C%22wst%22%3A450%2C%22drt%22%3A1587%2C%22lgt%22%3A1602%7D HTTP/1.1
Host: api.imotech.video
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lsel.pollsandpromotions.site
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: openresty/1.13.6.1
date: Thu, 25 May 2023 17:01:37 GMT
content-type: application/json
content-length: 104
bigotraceresponse: 00-61d78140c37d5c69b62f579665bd5e8e-0-00
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/landings/279321/1683207405/images/visa-logo.png
23.36.76.194200 OK 8.5 kB URL GET HTTP/1.1 cdn-adef.akamaized.net/landings/279321/1683207405/images/visa-logo.png
IP 23.36.76.194:443
ASN #20940 Akamai International B.V.
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT
File type PNG image data, 300 x 68, 4-bit colormap, non-interlaced\012- data
Hash a0157852d2a3d6e9aefbd7c23419e566
27d57dbdf88d42be5defcea6a1675d4932d13664
3b6b61919a663134edcdfe300b4de7e821ffa07cc72c15611988fb86fbba935c
GET /landings/279321/1683207405/images/visa-logo.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: B4Kfo5EC2mbXMSA+EcS8iPgialyKHD9vclJ+L9Y7spHJo1iAnCqC3qseWUnnAILpXZgdDDaZb6U=
x-amz-request-id: HPQ1FCCN2989665N
Last-Modified: Thu, 04 May 2023 13:36:47 GMT
ETag: "a0157852d2a3d6e9aefbd7c23419e566"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 8491
Date: Thu, 25 May 2023 17:01:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/279321/1683207405/images/prize.png
23.36.76.194200 OK 121 kB URL GET HTTP/1.1 cdn-adef.akamaized.net/landings/279321/1683207405/images/prize.png
IP 23.36.76.194:443
ASN #20940 Akamai International B.V.
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT
File type PNG image data, 599 x 364, 8-bit/color RGBA, non-interlaced\012- data
Size 121 kB (121134 bytes)
Hash 9baf931fb00cffaf06a4f35d2278c84f
9080ebaa1e91376a8612cadd92ea4853a363b1da
57a7519e652fc50a895fd9e0b98c449188af8d27d7fde2a5294d7e1c80aec4ac
GET /landings/279321/1683207405/images/prize.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: yrBeRkLfhrr6pLkofKx5D4cfU6ORBf4LwI17g1RZBj75M3u+nuCIWXGJ+xNKGk3KOaEGsLkPtDo=
x-amz-request-id: 0BBB2RHZN86WBEWE
Last-Modified: Thu, 04 May 2023 13:36:47 GMT
ETag: "9baf931fb00cffaf06a4f35d2278c84f"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 121134
Date: Thu, 25 May 2023 17:01:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
route.frest.pro/is_redirect
172.67.211.109200 OK 17 B URL POST HTTP/2 route.frest.pro/is_redirect
IP 172.67.211.109:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerGoogle Trust Services LLC
Subjectfrest.pro
FingerprintBF:79:17:15:EB:F6:8D:E0:44:93:02:1B:18:9B:0E:C8:06:68:24:E1
ValidityFri, 14 Apr 2023 08:42:39 GMT - Thu, 13 Jul 2023 08:42:38 GMT
File type JSON data\012- , ASCII text
Hash 6dec798efb56f56f33660938f6249ff6
e889219883cef38754dc1e5df7ca5277b3b314c8
b493cdb3b30ea63f6a924f814dfccfcfe305dac02106f9994ce2bcb2e8ed28c4
POST /is_redirect HTTP/1.1
Host: route.frest.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 10
Origin: http://lsel.pollsandpromotions.site
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 17:01:37 GMT
content-type: application/json
content-length: 17
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, X-Requested-With
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bfX3neNkmpW5WHZtyp8WauLR4bJNFL6pelUnlHLadMSwrzjXKkwJq%2FYu7uB0nZjQFyOASevf0s6%2FsQRxKRoNiSwFgiN1uQ456srC3ICgn21v9A%2F%2F2%2B9KSqJd32d77R%2BNwWk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccf57643c2eb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/landings/279321/1683207405/images/visa-logo-sq.png
23.36.76.194200 OK 16 kB URL GET HTTP/1.1 cdn-adef.akamaized.net/landings/279321/1683207405/images/visa-logo-sq.png
IP 23.36.76.194:443
ASN #20940 Akamai International B.V.
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT
File type PNG image data, 174 x 172, 8-bit/color RGBA, non-interlaced\012- data
Hash ddb1a54620ba3a4424cb262e457ddbd9
0b0278f1dab8754cba8f1ab74e333f7a69e6f999
1fcf40f6f008f09af6b9d5e62a611d9b7c9920b37c5cbfb99621ffcc97243c95
GET /landings/279321/1683207405/images/visa-logo-sq.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: q7J9zh9lJAlyAPP8tioYVC9ys0ahg52RfiVoE9OhMHVsQi/OeuJiBJwFpa4bRAL7KbdCotc8NhM=
x-amz-request-id: A5ANMMFPRXNB7MR4
Last-Modified: Thu, 04 May 2023 13:36:47 GMT
ETag: "ddb1a54620ba3a4424cb262e457ddbd9"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 16103
Date: Thu, 25 May 2023 17:01:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
tt.stfilecamp.com/jsfiles/second_back_multi_bigo.js
205.185.216.42200 OK 2.3 kB URL GET HTTP/2 tt.stfilecamp.com/jsfiles/second_back_multi_bigo.js
IP 205.185.216.42:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerLet's Encrypt
Subjectstfilecamp.com
FingerprintD9:D1:1B:D4:61:43:A2:E8:66:78:49:BD:B6:F7:72:58:0A:61:2E:19
ValidityTue, 02 May 2023 07:05:53 GMT - Mon, 31 Jul 2023 07:05:52 GMT
File type HTML document, ASCII text
Hash 96af925d55cad494665471c73ac01b04
5d2b1c06d2edb1a1ba9a5335c5dbb73c508b879b
1109fbd42583528695ba5995a756fd0fd09a992a85f50e54862e4b13c1cf75c2
GET /jsfiles/second_back_multi_bigo.js HTTP/1.1
Host: tt.stfilecamp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 17:01:37 GMT
cache-control: max-age=3600
content-length: 2307
content-type: text/javascript
last-modified: Mon, 27 Feb 2023 13:49:23 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "96af925d55cad494665471c73ac01b04"
x-amz-request-id: tx0000000000000b8824891-00646f9471-652bc218-nyc3c
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1685034097.dop202.sk1.t,1685034097.cds222.sk1.hn,1685034097.cds239.sk1.pr
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/images/favicon.ico
23.36.76.194200 OK 4.1 kB URL GET HTTP/1.1 cdn-adef.akamaized.net/images/favicon.ico
IP 23.36.76.194:443
ASN #20940 Akamai International B.V.
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
Fingerprint7B:62:AB:D4:32:FB:D8:97:04:07:9A:AB:8E:BE:E6:48:AE:5C:8D:37
ValidityTue, 28 Jun 2022 00:00:00 GMT - Fri, 30 Jun 2023 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 4cdf3256cd7b8ec3917adb79d6bf457e
bc615337e9223183a126c8fb649774866fb53e69
fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0
GET /images/favicon.ico HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: mzbDFFn0Yhqdz4XL9s4sX6yByljdNVrKhKiK+UtK4DVRgNzfBI6OtL7EakQiGwqEsC19uC++cQI=
x-amz-request-id: 78F19547EBC3B810
Last-Modified: Wed, 07 Nov 2018 08:41:38 GMT
ETag: "4cdf3256cd7b8ec3917adb79d6bf457e"
Accept-Ranges: bytes
Content-Type: image/x-icon
Content-Length: 4103
Server: AmazonS3
Date: Thu, 25 May 2023 17:01:37 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn.stfilecamp.com/fp.min.js
205.185.216.10200 OK 32 kB URL GET HTTP/2 cdn.stfilecamp.com/fp.min.js
IP 205.185.216.10:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerLet's Encrypt
Subjectstfilecamp.com
Fingerprint8E:29:42:AB:6B:6C:A3:84:A2:28:12:0F:47:43:FB:7A:88:81:70:0A
ValiditySat, 29 Apr 2023 15:08:05 GMT - Fri, 28 Jul 2023 15:08:04 GMT
File type Unicode text, UTF-8 text, with very long lines (31370)
Hash 198f2f5b0a649f41fe890c59d37319aa
f24629687612889bb59f610df3879afcd766fb80
d2bc2cb800679f495a7731c105b2e2047965800515f98008867ab33edc940912
Analyzer Verdict Alert fortinet Phishing
GET /fp.min.js HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 May 2023 17:01:38 GMT
cache-control: max-age=3600
content-length: 31705
content-type: text/javascript
last-modified: Mon, 13 Jun 2022 11:23:14 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "198f2f5b0a649f41fe890c59d37319aa"
x-amz-request-id: tx00000000000002eb04df5-00646f9472-3592f1a1-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-hw: 1685034098.dop223.sk1.t,1685034098.cds238.sk1.hn,1685034098.cds237.sk1.pr
X-Firefox-Spdy: h2
stormtrk.com/api/1.0/ping/pong?location=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__
104.26.4.120200 OK 343 B URL GET HTTP/2 stormtrk.com/api/1.0/ping/pong?location=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__
IP 104.26.4.120:443
Requested by http://lsel.pollsandpromotions.site/c/4182ef8a9b09fd89?cid=__SID__&s1=__CAMPAIGN_NAME__&s2=__SID__&s3=__GROUP_NAME__&s4=__AD_ID__
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint12:CF:2B:DC:A1:B5:77:12:91:68:E8:DD:F0:22:9A:1B:06:84:6A:74
ValidityFri, 09 Dec 2022 00:00:00 GMT - Sat, 09 Dec 2023 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with very long lines (364), with no line terminators
Hash 1f38807bd1d2ecee21c6862de896658b
52f1a043987a55c911a932383042717970b8c189
6d1ef9483b047a520e08fd57b38062e37daf35a9997f948a9115b01b2efbc45c
GET /api/1.0/ping/pong?location=http%3A%2F%2Flsel.pollsandpromotions.site%2Fc%2F4182ef8a9b09fd89%3Fcid%3D__SID__%26s1%3D__CAMPAIGN_NAME__%26s2%3D__SID__%26s3%3D__GROUP_NAME__%26s4%3D__AD_ID__ HTTP/1.1
Host: stormtrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://lsel.pollsandpromotions.site
DNT: 1
Connection: keep-alive
Referer: http://lsel.pollsandpromotions.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 May 2023 17:01:37 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, X-Requested-With
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XS%2BNUn3KYrw49e%2F23kImHKhYOvxfgMmmRLVdbyzfW%2B6SYY61ac8%2FbJL1z%2FL4VXwHU8meEQP%2FPV3EIO2mJc6hzKJit1yjatIX0qIXiYpNle1y14KjQbi19DF1I7XHnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ccf5765998ffac0-OSL
content-encoding: br
X-Firefox-Spdy: h2