| | 94.130.64.156 | 302 Found | 0 B |
URL User Request GET HTTP/1.1IP 94.130.64.156:443
ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subject*.ch.mbvnclickpush1.site Fingerprint5E:8B:98:0C:B5:2D:06:75:05:F2:E4:81:7F:45:06:48:33:94:C9:41 ValidityMon, 05 Feb 2024 07:47:43 GMT - Sun, 05 May 2024 07:47:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 33.mbvnclickpush1.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 12 Feb 2024 12:58:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://leadhits.media-412.com/click?pid=2233&offer_id=6142&sub1={CLICK_ID}
|
|
| leadhits.media-412.com/click?pid=2233&offer_id=6142&sub1={CLICK_ID} | 35.204.70.16 | 302 Found | 0 B |
URL User Request GET HTTP/2leadhits.media-412.com/click?pid=2233&offer_id=6142&sub1={CLICK_ID} IP 35.204.70.16:443
ASN#396982 GOOGLE-CLOUD-PLATFORM
CertificateIssuerGoDaddy.com, Inc. Subject*.media-412.com Fingerprint16:AB:3B:E7:5C:01:8D:17:4C:E5:2A:16:CE:5F:3B:FB:DE:12:ED:4C ValiditySun, 09 Jul 2023 20:53:14 GMT - Fri, 09 Aug 2024 20:53:14 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=2233&offer_id=6142&sub1={CLICK_ID} HTTP/1.1
Host: leadhits.media-412.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Mon, 12 Feb 2024 12:58:06 GMT
content-length: 0
location: https://leadhits.media-412.com/click?pid=2256&offer_id=6167
x-adjust-use-original-forwarded-for: 1
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| leadhits.media-412.com/click?pid=2256&offer_id=6167 | 35.204.70.16 | 302 Found | 0 B |
URL User Request GET HTTP/2leadhits.media-412.com/click?pid=2256&offer_id=6167 IP 35.204.70.16:443
ASN#396982 GOOGLE-CLOUD-PLATFORM
CertificateIssuerGoDaddy.com, Inc. Subject*.media-412.com Fingerprint16:AB:3B:E7:5C:01:8D:17:4C:E5:2A:16:CE:5F:3B:FB:DE:12:ED:4C ValiditySun, 09 Jul 2023 20:53:14 GMT - Fri, 09 Aug 2024 20:53:14 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=2256&offer_id=6167 HTTP/1.1
Host: leadhits.media-412.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Mon, 12 Feb 2024 12:58:07 GMT
content-length: 0
location: https://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=65ca15df8d67a40001bc98bc; expires=Tue, 11 Feb 2025 12:58:07 GMT; secure; SameSite=None
afoffers={"6167":1707742687}; expires=Tue, 11 Feb 2025 12:58:07 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/survey.4bfdfa3a.js | 104.21.20.53 | 200 OK | 2.6 kB |
URL GET HTTP/3googrootsurvey.top/js/survey.4bfdfa3a.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (6667), with no line terminators Hashad50d7aa19700ca9c56b9aca325af76a df451eb193dafb7697a0fa81aed3b9061c574d16 259da12adf06ddec65517625ea562f4ec5d43d5892593b78c6928533a7daa352
GET /js/survey.4bfdfa3a.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-1a0b"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npu08501p3NnoxyfbJvzAINJa53dYin%2BHpoSZtJnBg9yuSg37VQW0e4TCc7o06GQkUsWxBWjcWoRBaorFGPSw%2BBqY695w9elNofwljMyU3tLS0G3Q%2BpWJtD0Oc6FgqeDJSnYQpM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500561e4e56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/v-attributes-to-props.js.83ec2bf9.js | 104.21.20.53 | 200 OK | 463 B |
URL GET HTTP/3googrootsurvey.top/js/v-attributes-to-props.js.83ec2bf9.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeASCII text, with very long lines (702), with no line terminators Hash3ce63d627b7465c103cf9fe658bd3adf 09400f74ec575fe906e233248d61e7550850e222 fc40a094c3ce0f09d57a8b1275be0fdb79b378fa4672a504dd4f9e0a3061d863
GET /js/v-attributes-to-props.js.83ec2bf9.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-2be"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SndeYH8HUtJbsg1QqbWm5Fgq7JkwS%2B360GuJ3XODvXapqeaNX8s2I0Ba2xAQ6GYZ3wKRoZKeqLHLK3MQedlQKHxHUl2ps2RHNNkKTI5m25aA%2BIqvpdDy3DE4Uy6Ij4968jCiBqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057e90456c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc | 104.21.20.53 | 200 OK | 4.4 kB |
URL User Request GET HTTP/2googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc IP 104.21.20.53:443
CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeHTML document, ASCII text, with very long lines (8009), with no line terminators Hashfa2046594dc02dd74a3efaca98b607df 6d0bed71f6156dcf117cca76b8319656d73e6c87 16ab8f03a0ea209af119f63b866a79f246b6f021347af44781e80b998da7957b
GET /finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: text/html
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iDyzNKk%2BHL0HTUugEJm7LByFVBtbxxpDfTyEZy5X6gO64i4Ys6D7xXJwPBjZisSbSOIOcohnrnk3MZiF9SJw8MPV8wTfHYFwGNRiSegnZN9NKsYU3nEciJffdvr8DKXRh0%2BnoAY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005298f10b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/img/comments/unnamed.webp | 104.21.20.53 | 200 OK | 264 B |
URL GET HTTP/3googrootsurvey.top/img/comments/unnamed.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash606085e7a74fd169da34f9fcb43ad12d 77226a50488fb48256d36f1810a136b69d635f74 df20f4c1d87cb10514a6d526dde70759334705d90a909df0e6cb130061ce1ea5
GET /img/comments/unnamed.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 264
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-108"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jyB7ktybTrDuELVx2m1dRVnutarmycQ%2FqFRvAL5hG51PxWva2x0vuf8N19vIgSHx9EQHkAzP6UwdY8SOTPRU%2BG621xs9f9087B3KivKHMSdYPP17HxzKknv5dGc1t3R4Bh7nSz4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500598b9e56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-14.webp | 104.21.20.53 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-14.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash7dc8c2c56e77f2a329230f677b6e5bf8 23b56b25ef6370e93d6c070c212684ba99612fcc 49ce3d1aa6533e2c9715cdc971939ba08f7072b87d7f60dd1dc3f0ef892e44fc
GET /img/comments/person-14.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1672
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: "65c9e981-688"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d4gStuYGp9k%2FBQkBAgz6r4%2F6NtJQeuHRNrkIAVhnk3nh9rx44Yo3PY%2F2vPw6JetQrSexP6YMuRvM0mbj5xeLWpPBcsT%2Fkw1%2FMV7pBvxbNbW5o179tUJpRX0GYMQqNevdXsUwyyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059bbce56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-checkLocalStorageAvailable.ts.e518196a.js | 104.21.20.53 | 200 OK | 1.3 kB |
URL GET HTTP/3googrootsurvey.top/js/s-checkLocalStorageAvailable.ts.e518196a.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (330), with no line terminators Hashe0bd138b96903c8aaf92368ba7e6e817 069156ab9e0df0622900fb781a3309fdb1f4894b eda0f40501654b949c57fcb0d809ff8598abd5801f57a53318f261892bc9dc48
GET /js/s-checkLocalStorageAvailable.ts.e518196a.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e980-14a"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6059
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kiB%2FstkmqjEjXbfNTH%2FI0UF0ApENHQfl8weohlE5K9gpVIBKnyxGtcB3yNRus81BXXwsHeojpua3HhWdFcL8IWDvrRPFVyYco7qoPd1l0UM6V7jkawFsvnRJZOCvJXS1CLBm3P8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500560e3856c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 798
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: fc77b25fb20a3d5e00653a104b22a5a9
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/v-domparser.js.c4db68d5.js | 104.21.20.53 | 200 OK | 702 B |
URL GET HTTP/3googrootsurvey.top/js/v-domparser.js.c4db68d5.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (1720), with no line terminators Hash7c57096ad1b2043897bd09133272b045 a79d2211ca2f6a659aa62cfffaf07a59c9eb8740 e3f128a760e406fa0d77c5ca9e896c2fde9a7d5fbe2ffeaf7e13e8bbf8b19d14
GET /js/v-domparser.js.c4db68d5.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e980-6b8"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oDJQ%2BtwXMXCkMiVvJuLw%2BM%2Fmb%2FfeHpaJrmpkU4G4VCvoGVtuIKby4CxlbONRdmWHyqT6Y5gqN1uYgFF5O%2FI4ViwuVjAN5ar7KoSeUboT9oloZre5ZJp8tXiXNurQLo3dXcqNPT4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057e8f556c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-4.webp | 104.21.20.53 | 200 OK | 1.4 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-4.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha78233e0cf1abbb3c5c98ef32a087d96 5ac6cdfb7f9e7be828a4d01e57f10379ef173889 3854114bf0acf8bc190e93893a80429d611c1d16b61d6cde07af182c232a30d7
GET /img/comments/person-4.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1356
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-54c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ILxKjbLPhGm%2FLKdpLBqtIYb51v6JTFrEH%2F4btrT36vuf2sX3b0pW87MggxKbiGyOhQVzKrwTcHNdI2%2F2oyzDIcvNVk9T3X7Dws18%2Bo54aeyUgo7FDdPFyHIMnu30J8BBm4awKg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059dc0556c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 749
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: b9290cff20875285d82d01657473261b
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/img/comments/person-6.webp | 104.21.20.53 | 200 OK | 1.9 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-6.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash0f174a9245ed9f2a0660204a8320880f fd36dc7b39c675bff5d4dff0b331d70b57f0ec7d 1cfb6cdf94c080825e93d4bff72079fdca2d8f3d9f7d2e75badf48c29d4e31c4
GET /img/comments/person-6.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1854
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-73e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iU8RAEIHHkV8K0%2FKmp%2FmwiQcjqhKsKvGUaKL25Y2cdj%2FDXZMNdO25ArEwV9qQCVD3aDziOpGk22OQ8puslVOsdRFPAO6ouGZ2DcN%2Bhd%2BMkk9o2DJt9vine3UntyXt8IPRLQklJw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059ec1c56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/icon-survey.svg | 104.21.20.53 | 200 OK | 2.6 kB |
URL GET HTTP/3googrootsurvey.top/img/icon-survey.svg IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeSVG Scalable Vector Graphics image Hash9a8ba19b913810bd358e5caf3a7c2a75 6eff5e84f2b82772bb6029088ed852a8161b3252 58b0a3aa24ef605d4b812bcf92cbaa2e7f78bd43f929ca6362bc259da610399a
GET /img/icon-survey.svg HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: image/svg+xml
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: W/"65c9e980-a72"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rX9YcLp5Ku1Do0Vh7ZNqzpZm4nka4BmDa3ewvais1sYwUrQzLiJhVd%2FPYzVvt6u7NluCLs%2F7yUxRmdnqvK%2Fty7Ear2S6sWmiPYdTepv%2Fc1f15Ws8Ob%2FSLbJlzuf07eahCdlEyvE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500562e5356c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-9.webp | 104.21.20.53 | 200 OK | 1.7 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-9.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash12f578cbef79e63d347e2c8384c03ce6 496afa2132dc6a09052596587de749aefa634975 be233e744893994063c5cc341d9f60ff9ccdaa582da7b05bcfc01a7415b7cffa
GET /img/comments/person-9.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1654
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-676"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22wMdByIeU8GSg4SVTuLZgJKuefjvv2vy70p6cSAVwnmjBqAo51pQqcv5CFeFQKXFtAxHM45fGlNHGr0GD5gGMXU9Ju4Lj%2BLGmJB0Es2Bfspvn9cIWYyyHOrGb9KkmjCU5vIkCU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059ec3d56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-10.webp | 104.21.20.53 | 200 OK | 2.2 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-10.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash9dd9074774147c349c8a5bd4760c3cfb 99675a91391516dee57d557728a8cc96257429a3 318ecbca5e7cedf56bad3a556b5c8a8fd14b22a3d536c85f0e4a646e40d8d332
GET /img/comments/person-10.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 2222
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-8ae"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PQ1ycExlJ745Qsb2UdwenGcvWlrE8sBc7R6UWBjzXnVIwrVFJcnoQc1gE2PH9yzn8i1mNYNyOiUFPWpaYbaellED2w3EU8oYaR%2BJjsIt5qLspFI1HxSclb%2FOti7SjpmTT30xfZc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059ec4156c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-13.webp | 104.21.20.53 | 200 OK | 1.9 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-13.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashad1e0d431ec5fcb9a1e7ba8680d14a21 0f30fc9c7a5460458fb1e01acff03df4d5809950 45f8553b96fbe562a88e1366e8986d14b4d51f7d069604f8d29675844a19b204
GET /img/comments/person-13.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1888
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-760"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r67P6idnFGXGrub4M2i7y2ft2lSoVnS16ShOlbhpwBb4MOyanoNXgTk0c5U82hsBJ5h23TP054EmNBt6ieiAGpH2C0KDvy%2BvHQhrd%2BVhHUCYqda2cvHrwgCvCU2eiSbQ9i3z1%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059fc6556c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-12.webp | 104.21.20.53 | 200 OK | 1.4 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-12.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hasha2a75db01afaab639bcc0c6c76a14c09 2c773be63192164745f2a42c2fde74812c6e905d f22ac207c07f65a697682c466b4e87364c43a720b4e240df2d418ffbd8070e5e
GET /img/comments/person-12.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1390
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-56e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVvVyQXcJrXNozWvZbhF0M%2FLmnfUBOorZvrM%2FltrIKqZiGhoJjvxlq2cLD9wV%2B%2BbvkZakuO9pNcA2yNLuQ51UgxMhZZ2HPOZl2XGahyl9rK38czVCwdWh8wIwo%2BmwxQfiCMJkL0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059fc6156c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-11.webp | 104.21.20.53 | 200 OK | 1.5 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-11.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash0100f949c3302195d906e13bc199399d 2b39580485f3e9ca81a8a2ead4747f89731800f4 10df37a82d90b2225e19460cbe7403726591fbd02caabfdf6a2884db631d8511
GET /img/comments/person-11.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1526
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-5f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fV5PThfvg3NoxGlSs1cmKLjJ5YIriQ%2BoXCJezksWHgYUeB4491Z1JwH6btwzQe9eibz5D8qW45PY%2BJ2Gx2Nk5dgqHPW3mPYo18F1UwOA%2FaC5zRWNW8nHmeHg53yF9KXG54PQaac%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059ec4956c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-3.webp | 104.21.20.53 | 200 OK | 982 B |
URL GET HTTP/3googrootsurvey.top/img/comments/person-3.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash489a7f64f96c92f3325af92fa2af78b5 098cbcbd7ee329321d2fb7bac74535ab258a1f97 fd84809b70e4186fc2529a7ce54316e51ddf51ff8b2f099dcdb88ea91840be4f
GET /img/comments/person-3.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 982
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: "65c9e981-3d6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pJdSZI6R4vGDVwKdYKO1b6ce1PxRT07SU8qLSurQEy6%2BrRcdL78JpyG8F%2F%2F4bHH9gLHmKrZmQWLymohARx725g6%2BqqtiT75%2Bvj5X4ids1mEqDudVXJgz%2Fe0y7kh7VI0D0Qn%2Bqp0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059ec3a56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-8.webp | 104.21.20.53 | 200 OK | 1.8 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-8.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash2ad9296fef7cd1f60823b80098d31c1f 145b3a66be3deb658a453963cef39a018b6f0928 82bcaa459e3d55b1f99c7154b506f5f5f464f04c5873a3e66ebaf5d064c4de6d
GET /img/comments/person-8.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1802
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-70a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMwv12TXI%2Fm9tw61KGP8ZEVLrWvSrc%2F3VjIDvyI89yyXCP%2BSaX96uiFPiloW5sShG9hZhjfRsmgasN%2BnE7Viyz0H%2FYb%2BNUwgZUNSB5mmvYXHMguGSzYeg0jq8hVjs9hEXvg4nN8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059ec2356c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-1.webp | 104.21.20.53 | 200 OK | 10 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-1.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image Hasha5bef813a0113d018592091106451c8b 59365e96c4abca5eb98a0c56db0af0bb5cbffebb 036beb7de9c9d450e1442d593ff70ad392ca4be6754e7feaec249c0009e1bd83
GET /img/rain/dollars-1.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 10546
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-2932"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSn6m%2B7S3TA4jOtMpNncllX5dwFGZTpu%2BliR2tPUWTPzUOXnU9h5KRNr%2B8slS9NMR%2BAh4hcFepCngrMIkAbRG9VO5ucCf5YvER5ngByNpG8yQTWmSPYgrcKvJg8%2FFFrZ2fMO360%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005b5e7a56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-2.webp | 104.21.20.53 | 200 OK | 8.1 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-2.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash8b4203d496c3f52b116af082a0cd4017 de5369e9459e240950bb7eb5261eaac1db26907f 8dd1f04088c25e20d15e1bc23129604830aab2b4d3d0a408a5f047f9768f39a4
GET /img/rain/dollars-2.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 8140
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-1fcc"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F%2BGwRsDqOAQmkGTgN6GILadOItVHCYkEMaesD3laiXT8dUkex9OWXWEkdOu2%2F1i8NbFGBAUXm1VILZ7LVe0gi9N6XUcT9aaYK6BHNUj8LOqhUsmhflIfrti2JP6ro5eV5lsClZc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005b5e8056c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/rain/dollars-3.webp | 104.21.20.53 | 200 OK | 5.9 kB |
URL GET HTTP/3googrootsurvey.top/img/rain/dollars-3.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash51ea76ff382bff8ef58a9943f7fd21d1 5c3d6ad6620fbde5ce3dddc88604e6d54621eba2 0240f30fc542fb5c2d532f33bc793b797199adaea75e22a7d9f04674b80d9a32
GET /img/rain/dollars-3.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://googrootsurvey.top/css/survey.3b7d0b23.css
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 5938
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-1732"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QeFNUhm3G1ZFJRfYzyaD3c1RoezEk6EDtBO%2F%2BcwVk6J7p59cjScjZhoVvlnBY9J%2FhOahjFoSe%2Bn19%2Bvj3K7LGvDkGqUWIq%2BD8EavjpeoYTlVdyrwrt%2BZEJ1XLNBfXcJ87Dq%2Fu20%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005b6e8256c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/icon/finance/man.webp | 104.21.20.53 | 200 OK | 590 B |
URL GET HTTP/3googrootsurvey.top/img/icon/finance/man.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image Hashd729db2f101fe611a5a74cec2fa7a7d7 5a13312a8723c57605804f07f064b5f233ea9595 929f7c5d50d2bea65039de8cf572e24c1957209c92b983eebe4c322a93ccfe87
GET /img/icon/finance/man.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 590
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-24e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BHb2sZ1qZVnjpcJAaAwGmJPCaLtX%2FNgtQHZdfgngIdBDYSdXmp5VRAUXNncMAIVpQMeR9W0Luhxte1wQS6CczUCFuFcXrvUTvZdiK35YcAU%2FP70s%2BoTinwvt3IQXUqvPC9qHVVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005b6e9a56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/icon/finance/woman.webp | 104.21.20.53 | 200 OK | 2.4 kB |
URL GET HTTP/3googrootsurvey.top/img/icon/finance/woman.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash590fd4a60be002011c4d09a32b3dee9e 45dbb90f6edd9dd9b777e5b3fc98b82ca18eaaf2 12f0bfe3db63dff3314b64cb12871681258a87bfcec40db1bc7712d4a32620e7
GET /img/icon/finance/woman.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 2356
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-934"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bLHvrQbKo4FRG890OpMnFRhDgHLfXY6KpyW3DQm4mBOfzTGXyjBvvg6uIzkQpiQPHHqrCrNJq2oVxjWKxX84l8Rs%2BAri5IdOug1sb58NDtnQhLTRZBXAC%2BHxVyrIMmBk3fR7kMU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005b6ea356c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/betting/sport-betting/star.webp | 104.21.20.53 | 200 OK | 246 B |
URL GET HTTP/3googrootsurvey.top/img/betting/sport-betting/star.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image Hash01caf8f85cfefbebbb8cd3fde3f6d973 f47df1411899076e0856c75114597168e2afd8d0 7bae9821e9132aee43121502a061a55671dbc660966e0c5c3e2a88a6d48b9a84
GET /img/betting/sport-betting/star.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 246
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-f6"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qo4EUjSdOcyoR3tTR08K%2BVRZztyr2wk4dlfoqac%2FkAMSd7cKZFLkfb9%2F4%2BO8U76tO49H9XQdrzs0UjXI4POz%2FavMqrf%2FwEMKM7lIXXhepQhLsHBX7ETBBkTCJKHommmsAV2KvL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005b6e8f56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 0 B |
IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| offpichuan.com/track?offer_id=9540&z=6070194&request_var=2256&variable2=65ca15df8d67a40001bc98bc&oaid=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe | 139.45.197.237 | 200 OK | 165 B |
URL GET HTTP/2offpichuan.com/track?offer_id=9540&z=6070194&request_var=2256&variable2=65ca15df8d67a40001bc98bc&oaid=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe IP 139.45.197.237:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectoffpichuan.com FingerprintDC:A4:ED:0D:9C:95:9F:89:94:CA:0B:F4:EC:28:BA:13:BF:A1:67:00 ValidityTue, 06 Feb 2024 21:03:49 GMT - Mon, 06 May 2024 21:03:48 GMT
Hash3de2c8466a22dde915b4b405ff27042f 079c0951f9a50d053a5d453d4f8d3f3765474295 d4513dd79b9a338cc081cb5d4cc1728eb0ba9d7734a45b78b1444f85b5e835f5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track?offer_id=9540&z=6070194&request_var=2256&variable2=65ca15df8d67a40001bc98bc&oaid=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/json
content-length: 165
x-trace-id: 9b54b22b71e1a3bf6b1c357371b772d6
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-do | 139.45.197.248 | 200 OK | 179 B |
IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash081142aa1c9267422ee7fd25ac457579 cf8a223610da412aab4cc9aec68f6f304258b3ce 58084d495376ed2e41f026c352cabb187129c58109f2b15caeb1a539deb2cd19
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-do HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 157
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/json; charset=utf-8
content-length: 179
x-trace-id: a9e31137bc454da006d87b7466e92990
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 1774
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: ac519f3a651c824e5c72e4161369e608
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js | 142.250.74.35 | 200 OK | 200 kB |
URL GET HTTP/2www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js IP 142.250.74.35:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint9D:25:7E:5C:DF:C3:E5:5B:00:4F:04:97:A3:48:A3:30:60:9A:DB:48 ValidityTue, 09 Jan 2024 06:30:50 GMT - Tue, 02 Apr 2024 06:30:49 GMT
File typeJavaScript source, ASCII text, with very long lines (566) Size200 kB (199529 bytes) Hashca50556eed6c3ec820e1e84b8b8c4c89 94b412b047930720ea1cf6e26279821859f6a666 5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd
GET /recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 199529
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Feb 2024 11:41:12 GMT
expires: Tue, 11 Feb 2025 11:41:12 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 05 Feb 2024 05:00:25 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 4616
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=f5f033be-5ee1-4170-b2fa-04e959061fc0 | 37.48.68.71 | 200 OK | 12 B |
URL POST HTTP/1.1datatechonert.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=f5f033be-5ee1-4170-b2fa-04e959061fc0 IP 37.48.68.71:443
ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerSectigo Limited Subjectdatatechonert.com Fingerprint3F:E1:50:2C:9F:FC:F9:37:03:E3:B6:34:00:06:89:69:01:E7:C3:27 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
Hashadb4650bfc9d2a73d4dd69583b0ceb14 1ce399d6e936232aaf2192cd7903a279c5015f22 21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a&ruid=f5f033be-5ee1-4170-b2fa-04e959061fc0 HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1486
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 12 Feb 2024 12:58:09 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://googrootsurvey.top
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 0 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:09 GMT
content-length: 0
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| arleavannya.com/sync-metrics | 139.45.197.248 | 200 OK | 17 B |
URL POST HTTP/2arleavannya.com/sync-metrics IP 139.45.197.248:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectarleavannya.com FingerprintA4:8A:3B:44:4D:C2:D4:BD:92:AC:E7:B8:3A:C3:C9:4B:85:17:24:1F ValidityMon, 22 Jan 2024 17:53:34 GMT - Sun, 21 Apr 2024 17:53:33 GMT
Hash5b64e8b89092b2e3dfd448b10700627f 484b3032619fa1acd135d114565b0a5166281c22 f1ea07a1e51a389c8de07120ae5c2e432e9dd8f4fbd6f92489f185b0523a3fd4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /sync-metrics HTTP/1.1
Host: arleavannya.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 850
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:09 GMT
content-type: application/json; charset=utf-8
content-length: 17
x-trace-id: 3944e32003b924c13b98400cfce00d21
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/sw/sw6679100.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 | 104.21.20.53 | 200 OK | 6.9 kB |
URL GET HTTP/3googrootsurvey.top/sw/sw6679100.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
Hash3e410d4367b7b5067978bc0f1b452d11 c19c08239cfa055187e421790a7cd0aef201de76 02a5b9e6ce975e7bc74f18dfdb4d9cd95667300446e4daa279639cdf5a8da990
GET /sw/sw6679100.js?var=6070194&var_3=null&var_4=null&ymid=2256&ab2_ttl=5184000000 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:09 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1321
etag: W/"65c9e980-529"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHzGzf3VpGhRJO9kIL0E1fULhOqEjnh2YELlKmsqkjX94jWrk8gAsr3WSXKEGxVdqyKRLyWsuby2ukXSidsF013Lq4mcASkqoTksoscwzh%2B40lBokY32qY%2BW7fJRD7MmvN4UrFc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005f1cc456c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-constants.js.19349cba.js | 104.21.20.53 | 200 OK | 9.0 kB |
URL GET HTTP/3googrootsurvey.top/js/v-constants.js.19349cba.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeASCII text, with very long lines (600), with no line terminators Hash0455c0a95ad62d73e6d4b9c3e1ab2ec5 5fa06e00056d4361b4335fbcbc8b1c7ac7430d65 886e1dcfe8c826cbb1683b268d86dc031f7c551d76e8c64918b3634514b45735
GET /js/v-constants.js.19349cba.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e983-258"
last-modified: Mon, 12 Feb 2024 09:48:51 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aXkFhKqVHLmeB3qs2LsI6I3ORq8pdJNdXizeDxbF%2FM%2BEhA25EpY1pYbhhcPj2uoLeOXAuKtbeFTqKtwK2boLpl43awfFnQRCZ%2B9c31DIc7xbmleUGeHG9wHtFkT6yEmnSfp3%2Bzg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057f91256c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-storageService.js.2a07b5da.js | 104.21.20.53 | 200 OK | 11 kB |
URL GET HTTP/3googrootsurvey.top/js/s-storageService.js.2a07b5da.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (2170), with no line terminators Hash6607e9abab001795abe5dc7165c98948 2002d2e98a5dbb3f7c264f533e9b6f83919489b0 04697ac28832825aa6fb3ddb543889a50b1d1c10bef84dca7393022134b69267
GET /js/s-storageService.js.2a07b5da.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-87a"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glTsXio1BCUdrFLFiRWuUUq4%2B%2FK0SiGSK88UGA5G7KesSz4dfvarpDhaQIZfQ6NyDERldZlMVEsTVlT748j1ms05VhigPI2O7PDWh7lENDQsKQzmBwMkOUwZ0ey1FWdaATaRuc8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500560e3156c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| offpichuan.com/rotate?zz=4292526;4326653;5128285;4949467;5381242;5381316;5381339;5381307&var=6070194&ymid=2256&uid=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe | 139.45.197.237 | 200 OK | 14 kB |
URL GET HTTP/2offpichuan.com/rotate?zz=4292526;4326653;5128285;4949467;5381242;5381316;5381339;5381307&var=6070194&ymid=2256&uid=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe IP 139.45.197.237:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectoffpichuan.com FingerprintDC:A4:ED:0D:9C:95:9F:89:94:CA:0B:F4:EC:28:BA:13:BF:A1:67:00 ValidityTue, 06 Feb 2024 21:03:49 GMT - Mon, 06 May 2024 21:03:48 GMT
File typegzip compressed data, max speed, from Unix Hash9f14f377b324fe0e259a8bc9f1aad430 38dd9aef924c193fdb2a345043877e6f064d9002 147b866943173b1e5c0b234d5bb1fa01ab48d6ec1048bf4e82ec9083fd862243
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=4292526;4326653;5128285;4949467;5381242;5381316;5381339;5381307&var=6070194&ymid=2256&uid=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe HTTP/1.1
Host: offpichuan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:09 GMT
content-type: application/javascript
x-trace-id: 9326dfe28a03cb55958467dcda020022
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://googrootsurvey.top
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; expires=Tue, 11 Feb 2025 12:58:09 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/v-react-dom.production.min.js.82e7d04b.js | 104.21.20.53 | 200 OK | 129 kB |
URL GET HTTP/3googrootsurvey.top/js/v-react-dom.production.min.js.82e7d04b.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size129 kB (129356 bytes) Hash1a6ba4ec06bc62522664dd2c3322806a de585cfceb5edc6cfae839f27d994341b295e02d b00befad2af4cae1d45592f2771d21fc3ea2bc33146f8b3863fee997a8fad108
GET /js/v-react-dom.production.min.js.82e7d04b.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=129359
etag: W/"65c9e981-1f94f"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ac22hr1bXxi%2F8S0smn%2BfQqYopNRLEW7o1fj1MiU9A137gBpeGgZpzjJyKRmwAuhkEnBZtvUZcS1K9ykz9CdlYcITgRucBoIgki5DoWKi9HZm4fXsCRmgGFz7be13juA2rgEzaAk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500561e4456c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.google.com/recaptcha/api.js?render=explicit&hl=en | 216.58.211.4 | 200 OK | 852 B |
URL GET HTTP/2www.google.com/recaptcha/api.js?render=explicit&hl=en IP 216.58.211.4:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com Fingerprint5D:23:4F:47:50:A1:0C:C2:BD:E0:26:27:45:EA:E2:C7:F5:34:61:5B ValidityTue, 09 Jan 2024 06:31:40 GMT - Tue, 02 Apr 2024 06:31:39 GMT
File typeJavaScript source, ASCII text, with very long lines (852), with no line terminators Hash78c8be896bc1f2c1f00ad563f61a0eaf 0fc5501d1a5c12ac214303ec929ac7bc650645dc 0b5fd874139a6b35b0b7b5fad1e5e40d47d415c8d876555eb8a666103491adb2
GET /recaptcha/api.js?render=explicit&hl=en HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
expires: Mon, 12 Feb 2024 12:58:08 GMT
date: Mon, 12 Feb 2024 12:58:08 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/v-dom-to-react.js.a72e65f9.js | 104.21.20.53 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/js/v-dom-to-react.js.a72e65f9.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (1101), with no line terminators Hash157999007a87873d0826f59916ca65cb 04e4179a726c3990ab40fa00d4ae3c718cf91499 21c0f082db023da8864dfb1cb4ace90e7b559c08c81781f961fe05b4602a6659
GET /js/v-dom-to-react.js.a72e65f9.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e980-43d"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=feUfx6f3SLFqjuB3sufmUdpea6nvB9RyrY8irY5PZ4vpx6p5Randc%2Bmd5YwipFhoJ7aHUGluHqan%2FgJiJ7bc5kBuSdimas9OLxZ%2FQ5pErtRJm85RYdz0ZcorTpDbNFfVBtymPEU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057e90156c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/css/_core-survey.d3ac2ee0.css | 104.21.20.53 | 200 OK | 83 B |
URL GET HTTP/3googrootsurvey.top/css/_core-survey.d3ac2ee0.css IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeASCII text, with no line terminators Hash30d726a40ffe74d794b282ca1795b44c b43155653a1b9cc8d257687df9a75e0f204db348 4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4
GET /css/_core-survey.d3ac2ee0.css HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=84
etag: W/"65c9e980-54"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F54EjfsFrEFV4rowYfKTq62Rml226WH1uD%2BMcnT8ucmdbPrfdRGWRpppvDuPw1COFmQX4xE4gFVger%2BVwKRQgasFLANcN%2Bm420rRwMlJpzJUvadEIFPk5QxhQ2dy3nis3Jo9tWk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500561e4f56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/css/survey.3b7d0b23.css | 104.21.20.53 | 200 OK | 72 kB |
URL GET HTTP/3googrootsurvey.top/css/survey.3b7d0b23.css IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashb73782889f162bcbf6cb45913f540ec3 27cd8e6d8b4159b1a4f3e466b845b7d0a7e61d67 ea6df993a607e008f434e5e950a08da1397044cbc442cb76d25f02cf3499c77b
GET /css/survey.3b7d0b23.css HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=71475
etag: W/"65c9e980-11733"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQBkY0XzpXSCuvpZJwlXigmMnrY%2B37Vt71F2zJ43ljh181wfudFLdwUj%2BQ9KrfDdDNPsHVLDFJ9Gj2YfMuGS5qQ2vPEZIHv4ehbSX4RrPUToErCeIJRw8pS8OM6nOxuaKUlDnVU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500562e5056c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-possibleStandardNamesOptimized.js.52c34469.js | 104.21.20.53 | 200 OK | 7.6 kB |
URL GET HTTP/3googrootsurvey.top/js/v-possibleStandardNamesOptimized.js.52c34469.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeASCII text, with very long lines (7923), with no line terminators Hashd10e1efe9b48a98d1de00738b82c02b5 43c7009b8920b6e2d9848306166dc3bba9a5d24a 7cccf68ce62b1fd3e4d67b82e6d6e8e9ac8048a349e4ace3f0f6f68fd70c9cc8
GET /js/v-possibleStandardNamesOptimized.js.52c34469.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e980-1d99"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5CCCFm0uD7YQ3oc5%2BUx3AzxuLF2hppc7SvlXLopV0biTD6t3o2%2FOBgvvWNVDS7z7%2BRnJkzp3X%2FfO9H7mTDOdMWOLBIwL59bTGo7kqVM2lt3IBTN2RnYeNBHuDfrFNefZ1ADwbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057e8e956c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/s-checkSessionStorageAvailable.ts.034e8a5d.js | 104.21.20.53 | 200 OK | 330 B |
URL GET HTTP/3googrootsurvey.top/js/s-checkSessionStorageAvailable.ts.034e8a5d.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (338), with no line terminators Hashb08b92b26188e9a0779da46d38424f05 0efe50bf9576cc45c5e845890c0565702eea83e1 e071db6b213971ece635bcc538b8890381466cdb0a324bbb5c7cd56f4fc64106
GET /js/s-checkSessionStorageAvailable.ts.034e8a5d.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e983-14a"
last-modified: Mon, 12 Feb 2024 09:48:51 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5qk1M%2BHlhD5sDh7hY2t8NwdZhNMpEWTqVZuRVspY3rHKWYgmt3g4nXj32MehiTGWxRWnRzZEp7a%2FpgfYQSxm1w9HcwgLat0Vb%2F4UwH6fQRdnlz0htPt3pn4FsS1V3e39Ex7nlYI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500560e3656c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/config/sd/sd-9540-en.js?v=10 | 104.21.20.53 | 200 OK | 8.0 kB |
URL GET HTTP/3googrootsurvey.top/js/config/sd/sd-9540-en.js?v=10 IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeUnicode text, UTF-8 text, with very long lines (8359), with no line terminators Hash979517482417bab72a87fcb46bb96ed7 f6b50889f9e61c0cd733ee8e0a7d4e5019e655aa f151d790cd58c035bfcc7068cc75a49d194eb7bcdd77dd0b92a340c86c380b82
GET /js/config/sd/sd-9540-en.js?v=10 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-1f1b"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OINqS9bWDZgAlwjRiaz2o2s3QqEyVeBnYyh%2BZCn8orLAEYjnacs26lkBNkeQ6xDSS%2BhI0AsIdMWHMkOW1YNCCPmBlgKaCDxZD3rqmeklyZYeKWOvybC75WtsBNfw1c2KmVW5MdY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500571f7056c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/_rtc.8634e228.js | 104.21.20.53 | 200 OK | 12 kB |
URL GET HTTP/3googrootsurvey.top/js/_rtc.8634e228.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (12222), with no line terminators Hashc0eec32a72945a12dbff576ba23c7fcf a74b9b50117673d63563bc1f282550876badb934 ca2aa7c20c51a36bdc6c807b86aa722a5a0ecb312f1fcca97567dc5b63641eb7
GET /js/_rtc.8634e228.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-2fbe"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SG1UA46%2BPRS29qZQrtUq3SBEKgCkRGL9lhnb7UbMcmfTbWsdYhxA3C823vh%2FLw4gVtfZX2Bvjaawq%2BV%2BmaQ7a9Vp8tgH4bEoii1n5J%2B8zGJq5pw13HwfHjJFUj6XtzADt5v1vzM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500560e2856c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-utilities.js.896d234d.js | 104.21.20.53 | 200 OK | 2.6 kB |
URL GET HTTP/3googrootsurvey.top/js/v-utilities.js.896d234d.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (2645), with no line terminators Hash1f6ef1c622f3812c7d6c0c9d58cd056c 817a94b6ae580dc7262f391cb7077d8c86b0b7b6 c8f1d8a494e21a9e61690f8d45dc5a9a06b915b2fe8d31b3a94ed989e5c54662
GET /js/v-utilities.js.896d234d.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-a11"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFVx1tom6nWGr1hE2QwaG5L%2B0U1XdsTEITha0fnfpuPqdEnMyhX%2BgFwVybbJ4h4tjdgb5GVn6RUDSqywuKW4iHGpJoKBzjo8jrAGQv3ejOZoTZShuLnioLs8JjOHLEDGC%2BbupXc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057e8ee56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-index.js.f858a42c.js | 104.21.20.53 | 200 OK | 41 kB |
URL GET HTTP/3googrootsurvey.top/js/v-index.js.f858a42c.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (40985), with no line terminators Hash5076b890500d5104cfceaea7962e9e9a 9a8cd4cc37f5ccb0864c889d43a24035f314d0a5 39d2e9f3c001253e0b419f27647ae70d2cd1ff39c99e3e8408667f97ece002d1
GET /js/v-index.js.f858a42c.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40988
etag: W/"65c9e980-a01c"
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2F0sMxSFoQSgc%2FHkS1r47w9asSOw4F5uE4G%2BfpA9yr8sMjwBP6bpq8MdAFLid4dn5kHplMX9Xs%2FNjkBwas6HDonsmHDMqbZ0Xa2oAB%2BcJtcgD%2Ff4cGx6x1evG82O5eAMgwUv1fc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500560e2e56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-redux-toolkit.esm.js.b9840c6d.js | 104.21.20.53 | 200 OK | 11 kB |
URL GET HTTP/3googrootsurvey.top/js/v-redux-toolkit.esm.js.b9840c6d.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (11319), with no line terminators Hash8fb7e172a4e94b8503d6c8e9753e6200 435a2eb8e4bde051ac5e7405be4556b50c33ad4c 67de1922c9275ee52177c86bc298725db162738807f05781c0ed701892037181
GET /js/v-redux-toolkit.esm.js.b9840c6d.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-2c37"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6059
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2JJ93r3vLIYsOZS%2BmvBxNxgCRAfLm0SI7dU7Q3qhxlwRbsYXsaE1dJJ8QP7JSDncPNz7%2BJW2MkzcC0Nwmool8hom0a5Tm%2FUFEKboCRgdLsfeMoidcJbb1r0BfSjk6FfTC4%2FRkB8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500560e3a56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-node.js.6e9d7d4d.js | 104.21.20.53 | 200 OK | 6.3 kB |
URL GET HTTP/3googrootsurvey.top/js/v-node.js.6e9d7d4d.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (6337), with no line terminators Hash7879d1a36754bb3a65fe00bec6aed117 e0091d4c04d5c54ebbc9c9100a15a0d6e83df895 d52dea76b8ba88b3dfdfe0f256c57b5a95b53913dc115e83337c62fe473a0653
GET /js/v-node.js.6e9d7d4d.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-186b"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B7lczCcigSQtnDWSBf51RkbFo0Ct26g4LyYuYyrvaddDLWFojiibY6oJeCdzP72oXwj1ne2VsoN7WU5538syh06WUR4ULtnpVDqjxmbgHRkux0XhNkGDKKQpLiqqy%2Banggdf52M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057d8e456c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/_core-survey.6514d33f.js | 104.21.20.53 | 200 OK | 169 kB |
URL GET HTTP/3googrootsurvey.top/js/_core-survey.6514d33f.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
Size169 kB (168750 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/_core-survey.6514d33f.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=168753
etag: W/"65c9e981-29331"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2DfngPmS5XCUXzsC4Aa2Xt8GtzMXLNZ2YqMO1c%2BqUtj1Uko4czgNulU1xTF5HTmkG5Z%2FF%2BpiVImCm4AIknRt5N4sSq5Pmzm4Ax772sUv1Lol6APbFyjWhZKq6HiRx3%2BDtPTT6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500561e4756c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-html-to-dom.js.0b382f98.js | 104.21.20.53 | 200 OK | 364 B |
URL GET HTTP/3googrootsurvey.top/js/v-html-to-dom.js.0b382f98.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (373), with no line terminators Hash3796897bf3b99e456f6c9aeded5dbc71 8002854a5adf7ddaa5135b67cf6ca497b1b6014b d4582b65a0a8d588a7f1ac7194542b766319f836470daef76637ee32685a36c7
GET /js/v-html-to-dom.js.0b382f98.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-16c"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D67Kak%2FR%2BME8ikALNAZbd9VwWD%2BACZCpO%2BkowGnicbxuUo3Lfv6xtmUOjtfintBcg%2B9%2FiA85wD1V6VkH%2FQDKGYNdlQuLw4xxR29vN%2F5bjH016MEOwDzkh4kKhqWRWL1JHDBxTEM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057f90c56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/SurveyContainer.eee0c501.js | 104.21.20.53 | 200 OK | 57 kB |
URL GET HTTP/3googrootsurvey.top/js/SurveyContainer.eee0c501.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (56658), with no line terminators Hash6ee0c2c6954a7863293c05d1e3e32726 cff71ec620431ee0b63b051a4a769ca51e8cbb80 054074bf6fa33c788c45ed5007ba27d5ed4693ac3bb9a3bd003accdcc5e693fb
GET /js/SurveyContainer.eee0c501.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=56661
etag: W/"65c9e981-dd55"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7rS7vB5TKQ6sODKqzTb7%2BMXmIhjEY9FQad60TR%2FH8OtdmBKJHJKkbobkduigx46uvptyajf%2Fti%2BlR0jbL%2F9ioPQwc3e79Wtn2a3EchsUlOYY7%2FNjXBYjDNkEaDeYRwQUzbuBHG4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057f91656c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-1.webp | 104.21.20.53 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-1.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash56441eb05774cd7ed15d829e06947346 25649e1ed3820d97bd8bcdc737974e0c65adc1aa 5be168d58cf2dc0e41bc5a9b386add0d57fee26848613ca601f0c31378a8ad02
GET /img/comments/person-1.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1122
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: "65c9e981-462"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FP7H5DJqKsVI95IMZp%2BTimzo9bQs%2F8QJSjboOXcs%2FwyjCdcsLpKxaVOgammx5tPO9OIt3w296Ua6O%2FRwIrOVl6DLoV9%2FXvGFU%2FOopegGRXGAu%2FuBrIdYQvPUSdAVf1e7C6dZgsE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500599ba056c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-2.webp | 104.21.20.53 | 200 OK | 1.1 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-2.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashcd20c1e86fd66d301b6e35a97af461fd 3f92712ef775681d59dfd96bb9b6429227a944e9 0d5556f5acd9a72ca66c6bfab3d813e35f504dcf73e6e6baca816da78a8fbad0
GET /img/comments/person-2.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1104
last-modified: Mon, 12 Feb 2024 09:48:48 GMT
vary: Accept-Encoding
etag: "65c9e980-450"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=67ZQaVnRC8LHHNU9WndJ2y81%2B0EOTqodOPLb6xPYV%2BZcIc6lbrKUwTQpGPqYQvBsifZacE1Y0KdM3zRJsphsa%2FMpOINAfCM%2F5N1k6ecjXlHIhpfNDzO59mjUOt%2FcxywioI3dDIA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059bbcf56c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/gid.js?userId=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe IP 139.45.195.8:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectrtmark.net Fingerprint41:21:53:7F:A2:C4:68:B1:CA:BC:47:66:5D:3C:CA:96:45:5E:71:15 ValiditySat, 23 Dec 2023 22:43:24 GMT - Fri, 22 Mar 2024 22:43:23 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash52a135927df228db9179302cf1e03318 f06e9fb55fad808a57318c226ec44c64a85ea620 e48703721764d3aa9783bacfd81e1d2f4c233ff7b6cfb5b06a478ca72b362ac3
GET /gid.js?userId=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://googrootsurvey.top
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://googrootsurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; expires=Tue, 11 Feb 2025 12:58:08 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/config/comments/en.json | 104.21.20.53 | 200 OK | 4.5 kB |
URL GET HTTP/3googrootsurvey.top/js/config/comments/en.json IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeUnicode text, UTF-8 text, with very long lines (5173), with no line terminators Hash50680109e350a76b2bb8131cdaeb735e 0c14dde15f13c0deefd1ff3eb8c4608e73d133b6 a9ebf6b7ceb48bd6c63b99320183934f2b183af64cc7f27fd85ebe7191d92e42
GET /js/config/comments/en.json HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/json
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: W/"65c9e981-11aa"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSCyjvxWEpF64EiyuHyGmE3%2F%2BMSxghApq0wXdJ%2B1a1B9m9%2BTSoJ8VOUhIRrfEvM6SXrFbXoygjw8unteDCj9z9X1%2BZko9Rlhs87eEQ1GgRUlSCUFQCO6x195tqTK1dw2s9bpi4Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057d8de56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/_each-land-config.2585c54c.js | 104.21.20.53 | 200 OK | 72 kB |
URL GET HTTP/3googrootsurvey.top/js/_each-land-config.2585c54c.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash7aeac02c3c0282e729d544e7cbcb0ab5 db56aeb84c9ebc3d27c6d9d5feccfeeb8f126ee3 e7621fac5eea193280e9763009d9204668333e340c0b865f6a490d3ef324ddb3
GET /js/_each-land-config.2585c54c.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=71720
etag: W/"65c9e981-11828"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 6059
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BZAebu9i2chJsFxwhR4bk3RMEGQIvz2MYQ0bm13x2U6Gfwlan6bAIWH56TlGA70EWSXQ89CFnm7HjBgaogC9PjPBrfQvQeTYTtspMkYgRxSgkIN%2Bu2gk1nJ9yf563k2pdIwAdo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 854500561e3e56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/favicon.ico | 104.21.20.53 | 200 OK | 1.2 kB |
URL GET HTTP/3googrootsurvey.top/favicon.ico IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash668ba1a9fa1890ba16cb8adc28d3dad8 5e35223b2541265114eaf61b9da2556c812fea17 7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2
GET /favicon.ico HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/x-icon
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: W/"65c9e981-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqKPPwg19ZqC4sT15jsuPLB5%2BtKxWmIkF2%2BJxrgaGVgLfS4AsZigSktKS1H8U59RHc%2FE4C7RZWAt7cm1YrrzUCgwE4P%2Fd3BROe12YXgx3%2BADB2OnQ8K9xay68jH%2FxmXmtfQKR4I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005d49e756c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/v-index.mjs.4e8a04d0.js | 104.21.20.53 | 200 OK | 35 kB |
URL GET HTTP/3googrootsurvey.top/js/v-index.mjs.4e8a04d0.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (35287), with no line terminators Hash05c026a07b4d38c32fbc781479ad6a12 24a137767f69b3313b10dd83e4a6a2eb2eff54b1 0248ebc73f99ea485ea6b809f2a574e91527016decfb8f8a96b28819201467b0
GET /js/v-index.mjs.4e8a04d0.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-89d7"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lo3tk1PLJeJviqjg7%2Fr1BWPBxKxaUBwIvnAw9O2vAUKyxn2QdOKL0ygHn%2FDb9OPgm4O9b1ilZPhG5HAKPrknXhrCE1QvKjTy9dxx3aJUWrJR%2FTNRpCS9bhOAHP1uz0861%2B55gwM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057d8e056c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/js/rating.cda2cefa.js | 104.21.20.53 | 200 OK | 5.3 kB |
URL GET HTTP/3googrootsurvey.top/js/rating.cda2cefa.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (5550), with no line terminators Hash740dfb6e64592bfe109c574b463c4dbb 0abc00b4395830d668db09bf9be87e30d0a40489 77c6a2251b6275d03f46e84921073374510bb50f22001faaea5a118179f493a1
GET /js/rating.cda2cefa.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-14bd"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHe7237qj7E03OU%2BXcK0y4gP7d77mdST9ogy0695FF%2FdrPvGpWU%2FphKO0NQV2Htf3KSrfko08cLBATUEsvK2aR0hklrGUI1qOwM4tXZgOJYVTNTTy3YrjNjnZpyGio%2FBBw5Fy8A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450058fab656c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/pfe/current/micro.tag.min.js?z=6679100&sw=/sw/sw6679100.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 | 104.21.20.53 | 200 OK | 27 kB |
URL GET HTTP/3googrootsurvey.top/pfe/current/micro.tag.min.js?z=6679100&sw=/sw/sw6679100.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (27174), with no line terminators Hash75c26ccd65e96e912725399ff3ce66e9 d300939979d2048844dc5ac80c51ed8121126f4e c9db5c92934b273ad485c58710d6fbc2d580c2923a99bb456b18cb5e1465f5cf
GET /pfe/current/micro.tag.min.js?z=6679100&sw=/sw/sw6679100.js&var=6070194&var_3=null&var_4=null&ymid=2256&cdn=1&domain=ofklefkian.com&ab2_ttl=5184000000 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/javascript
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: W/"65c9e981-6a26"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5097
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NnGtcmUvFKrvApsrXyGO4c5ZaZP91anYhtKjYa3gpYim%2FISNLuMPznX87bbysm%2BE4WDs8VtM3zSOQnodHjmrxhliEd77iCdtPNjQxEcOybBMyFeLNTtl%2BSrulRG0RU96sW%2BHjnc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057c8c356c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/img/comments/person-5.webp | 104.21.20.53 | 200 OK | 1.8 kB |
URL GET HTTP/3googrootsurvey.top/img/comments/person-5.webp IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash10f4b15b0a471e17ef598de73ffb319b e3fd3478fa27f2cce0a9b945c50d640832594594 21411e70dfd7d12a4180188a1ccf3797df346cf6cb6f477f5ecbfb505d6fa378
GET /img/comments/person-5.webp HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: image/webp
content-length: 1846
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: "65c9e981-736"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b9UfIze%2FPtcbF8pEdUDRHitpJj8G3HcggOQo9%2FuF%2BRR9QbgajY%2BDoWUVJrMslq3HoN%2BJ7fzl2nf3DWdwsix2hCMPCyhkfdJ0K%2FvY4WpAfs62%2FshmB3L03FPyYtxHV%2BA27si51U0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450059ec1956c0-OSL
alt-svc: h3=":443"; ma=86400
|
|
| googrootsurvey.top/pfe/current/stattag.js | 104.21.20.53 | 200 OK | 19 kB |
URL GET HTTP/3googrootsurvey.top/pfe/current/stattag.js IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeJavaScript source, ASCII text, with very long lines (19053), with no line terminators Hash3a74216e872211a9c770302bb7d4a63f 7e63556174a7d66eee407218e503ec0aae2c0f9e 03405209d89a927b81d53eb13968663069760776389c5400bb79d11bd9f78f78
GET /pfe/current/stattag.js HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe; syncedCookie=true; oaidts=1707742688; ID=hm2z4q7nvtqx0hvybk7xjvbgfhmeqooe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:08 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"65c9e981-4a6d"
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: HIT
age: 5098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nS7cZ0wWYaYSA4qTyj%2FAASvPbl9Q%2Bcg4o8UQpWoelvjA3Y8D2yhhaMrRInzQSelxW3V2A278VhaUWqv1p618BqDg%2Fe6jOo09hIAD4tR5iCbIVHVdME1HDALNAecGbB9cEexNbXI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8545005c383d56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ofklefkian.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2ofklefkian.com/zone?&pub=0&zone_id=6679100&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest IP 139.45.197.251:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectofklefkian.com FingerprintE2:4F:E5:BB:A9:86:E9:9A:42:9D:EC:91:F3:0A:AC:0A:CC:89:3B:12 ValidityThu, 25 Jan 2024 11:36:43 GMT - Wed, 24 Apr 2024 11:36:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6679100&is_mobile=false&domain=googrootsurvey.top&var=6070194&ymid=2256&var_3=null&var_4=null&dsig=&tg=1&sw=3.1.472&action=prerequest HTTP/1.1
Host: ofklefkian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Mon, 12 Feb 2024 12:58:08 GMT
content-length: 0
x-trace-id: ccf20751989a0a0d06a9ef14a5387a56
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| googrootsurvey.top/js/config/dict/cookie-consent-1.json?v=10 | 104.21.20.53 | 200 OK | 6.8 kB |
URL GET HTTP/3googrootsurvey.top/js/config/dict/cookie-consent-1.json?v=10 IP 104.21.20.53:443
Requested byhttps://googrootsurvey.top/finance-survey.html?z=6070194&offer_id=9540&var=2256&ymid=65ca15df8d67a40001bc98bc CertificateIssuerLet's Encrypt Subjectgoogrootsurvey.top Fingerprint39:41:BF:3D:26:67:5E:8A:73:DF:0E:94:CD:3E:35:D2:D0:D0:28:D8 ValidityFri, 22 Dec 2023 08:01:28 GMT - Thu, 21 Mar 2024 08:01:27 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (6009), with no line terminators Hash4b2ff958e811a50d2f641818590b443d 6abae297812bb55fad869e953e7fdf7469cbe1ae 9c77a5f3d0028d9ba122ed15728ee7b144619431f8302503a19c5785ddaa06b8
GET /js/config/dict/cookie-consent-1.json?v=10 HTTP/1.1
Host: googrootsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 12 Feb 2024 12:58:07 GMT
content-type: application/json
last-modified: Mon, 12 Feb 2024 09:48:49 GMT
vary: Accept-Encoding
etag: W/"65c9e981-1a65"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iBCjKiJQPVrB5K6gV1DFAqdc0dFgBzIdhWNtZvpNObs4%2FPLUbVTi3N4La%2Bp%2B9IKrwimNnWw2K%2BWudU%2FiEithXUnMnAB7gm8oGHko7kJjM4Qc8PPlCP98M8t1G4lgpejG%2BCwSuCU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 85450057785f56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|