rewardsprogram.euquestions2.com Open in urlscan Pro
2606:4700:30::681f:4bed Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr
Effective URL:
https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token
Submission: On July 06 via api (July 6th 2019, 10:12:11 am UTC) from BE

Summary HTTP 30 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 9 domains to perform 30 HTTP transactions. The main IP is 2606:4700:30::681f:4bed, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is rewardsprogram.euquestions2.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 9th 2019. Valid for: a year.

This is the only time rewardsprogram.euquestions2.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::6814:da2a	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	198.74.59.73 198.74.59.73	63949 (LINODE-AP...) (LINODE-AP Linode)
2 2	35.192.185.253 35.192.185.253	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	66.172.12.145 66.172.12.145	11051 (CYBERVERSE) (CYBERVERSE - Evocative)
26	2606:4700:30:... 2606:4700:30::681f:4bed	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2606:4700:30:... 2606:4700:30::681b:abe1	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	54.230.202.97 54.230.202.97	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
30	5

1 2606:4700:10::6814:da2a (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.74.59.73 (Newark, United States) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li550-73.members.linode.com

godt-liv.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.192.185.253 (United States) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 253.185.192.35.bc.googleusercontent.com

hwmanymore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
goatshpprd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.172.12.145 (Los Angeles, United States) 1 redirects

ASN11051 (CYBERVERSE - Evocative, Inc., US)
PTR: ip-66-172-12-145.chunkhost.com

go.teldamps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:30::681f:4bed (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

rewardsprogram.euquestions2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681b:abe1 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

mnvrmnd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.202.97 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-202-97.fra50.r.cloudfront.net

api.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	euquestions2.com rewardsprogram.euquestions2.com	135 KB
2	teldamps.com 1 redirects go.teldamps.com	772 B
1	pushnami.com api.pushnami.com	7 KB
1	mnvrmnd.com mnvrmnd.com
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	7 KB
1	goatshpprd.com 1 redirects goatshpprd.com	712 B
1	hwmanymore.com 1 redirects hwmanymore.com	278 B
1	godt-liv.ml 1 redirects godt-liv.ml	282 B
1	tinyurl.com 1 redirects tinyurl.com	961 B
30	9

	Domain	Requested by
26	rewardsprogram.euquestions2.com	go.teldamps.com rewardsprogram.euquestions2.com
2	go.teldamps.com	1 redirects
1	api.pushnami.com	rewardsprogram.euquestions2.com
1	mnvrmnd.com	rewardsprogram.euquestions2.com
1	maxcdn.bootstrapcdn.com	rewardsprogram.euquestions2.com
1	goatshpprd.com	1 redirects
1	hwmanymore.com	1 redirects
1	godt-liv.ml	1 redirects
1	tinyurl.com	1 redirects
30	9

This site contains links to these domains. Also see Links.

Domain
mnvrmnd.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-04-09` - `2020-04-09`	a year	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
*.pushnami.com Amazon	`2019-06-14` - `2020-07-14`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token
Frame ID: 1A88C94A3601D6A17F00A96555D52ADF
Requests: 29 HTTP requests in this frame

Frame: https://mnvrmnd.com/tracking/universalJSRequest.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&ffq=set|ff|flux_fts|ff|lixlxlotxlzpzqiqiteilpxzqcizcliolxptpa7091|ff|set|ff|clickid|ff|%7Bclickid%7D|ff|set|ff|c1|ff|%7Bc1%7D|ff|set|ff|sid|ff|%7Bsid%7D|ff|set|ff|tm|ff|token|ff|set|ff|flux_url|ff|https%3A%2F%2Frewardsprogram.euquestions2.com%2Feu%2Ffr%2Fa.php%3Fclickid%3D1562407915.27-158010169-24883%26c1%3Da1m7%26sid%3D158010169|ff|set|ff|flux_ref|ff|http%3A%2F%2Fgo.teldamps.com%2Fts60-international-credit-gen|ff|set|ff|flux_fn|ff|543536038690450121|ff|set|ff|flux_inject|ff|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3A%22a.flux_cta%22%7D%2C%22tokens%22%3A%7B%22flux_sess%22%3A%22%7Bsession-id%7D%22%7D%7D&frameId=_ffq_track_
Frame ID: 9EC2FF1DC9414EBC3B6F6DEC723BFB18
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr HTTP 301
http://godt-liv.ml/14231xk442384hk9591bl28851th2910bo2226rr HTTP 302
http://hwmanymore.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384 HTTP 302
https://goatshpprd.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384&ckmguid=681ef893-f321... HTTP 302
http://go.teldamps.com/ts60-international-credit-gen Page URL
http://go.teldamps.com/match-52/24883/158010169/1562407913/mf_c7249d2c-4ece-4cb7-b39e-ed2173962425/... HTTP 302
https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=t... Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Page Statistics

30
Requests

97 %
HTTPS

38 %
IPv6

9
Domains

9
Subdomains

5
IPs

1
Countries

150 kB
Transfer

230 kB
Size

7
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://mnvrmnd.com/?flux_action=1&flux_sess=ahps8q7797tjrh08l5rbstjsp7
Title: CLIQUEZ ICI

Search URL Search Domain Scan URL

URL: https://mnvrmnd.com/?flux_action=3&flux_sess=ahps8q7797tjrh08l5rbstjsp7
Title: CLIQUEZ ICI

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr HTTP 301
http://godt-liv.ml/14231xk442384hk9591bl28851th2910bo2226rr HTTP 302
http://hwmanymore.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384 HTTP 302
https://goatshpprd.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384&ckmguid=681ef893-f321-4f0f-997f-96b00b4745bf HTTP 302
http://go.teldamps.com/ts60-international-credit-gen Page URL
http://go.teldamps.com/match-52/24883/158010169/1562407913/mf_c7249d2c-4ece-4cb7-b39e-ed2173962425/dHM2MC1pbnRlcm5hdGlvbmFsLWNyZWRpdC1nZW4= HTTP 302
https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr HTTP 301
http://godt-liv.ml/14231xk442384hk9591bl28851th2910bo2226rr HTTP 302
http://hwmanymore.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384 HTTP 302
https://goatshpprd.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384&ckmguid=681ef893-f321-4f0f-997f-96b00b4745bf HTTP 302
http://go.teldamps.com/ts60-international-credit-gen

30 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	ts60-international-credit-gen Show response go.teldamps.com/ Redirect Chain https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr http://godt-liv.ml/14231xk442384hk9591bl28851th2910bo2226rr http://hwmanymore.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384 https://goatshpprd.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384&ckmguid=681ef893-f321-4f0f-997f-96b00b4745bf http://go.teldamps.com/ts60-international-credit-gen	429 B 513 B	732ms 299ms	Document text/html	66.172.12.145 Evocative
General Check archive.org Show headers Download Go to Full URL http://go.teldamps.com/ts60-international-credit-gen Protocol HTTP/1.1 Server 66.172.12.145 Los Angeles, United States, ASN11051 (CYBERVERSE - Evocative, Inc., US), Reverse DNS ip-66-172-12-145.chunkhost.com Software nginx/1.6.2 / Resource Hash `808759a636c47f1145634b14ad373856f9d59d0574b606c1580ac65279491910` Request headers Host go.teldamps.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx/1.6.2 Date Sat, 06 Jul 2019 10:11:53 GMT Content-Type text/html Transfer-Encoding chunked Connection close Content-Encoding gzip Redirect headers Cache-Control private Content-Type text/html; charset=utf-8 Date Sat, 06 Jul 2019 10:11:52 GMT Location http://go.teldamps.com/ts60-international-credit-gen p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie som=q7NnbLiu+sebeIH+p1UA85/PuI0qnxEuQSZEN5nI+uN7D+3ghqjT8g==; domain=.goatshpprd.com; path=/; HttpOnly tym=H8sgGCi0DCONhsSYZzXN15KP5bQdKzZ/dlJSbon/TnSn6JCBgPO9PQ==; domain=.goatshpprd.com; expires=Sat, 06-Jul-2024 06:11:52 GMT; path=/; HttpOnly c2839=q7NnbLiu+sfEZ783n3LnZbE4FfTFWTF3oWL+5rYOnFABK7jWzjYSMQ==; domain=.goatshpprd.com; expires=Mon, 05-Aug-2019 10:11:52 GMT; path=/; HttpOnly Content-Length 169
GET H2	200	Primary Request a.php Show response rewardsprogram.euquestions2.com/eu/fr/ Redirect Chain http://go.teldamps.com/match-52/24883/158010169/1562407913/mf_c7249d2c-4ece-4cb7-b39e-ed2173962425/dHM2MC1pbnRlcm5hdGlvbmFsLWNyZWRpdC1nZW4= https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token	35 KB 9 KB	109ms 36ms	Document text/html	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Full URL https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Requested by Host: go.teldamps.com URL: http://go.teldamps.com/ts60-international-credit-gen Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e978a40dc8f1798cb358ace0d17651a1d6453b22d4ff0ec7926614a517cb6ac2` Request headers :method GET :authority rewardsprogram.euquestions2.com :scheme https :path /eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 referer http://go.teldamps.com/ts60-international-credit-gen accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://go.teldamps.com/ts60-international-credit-gen Response headers status 200 date Sat, 06 Jul 2019 10:11:55 GMT content-type text/html set-cookie __cfduid=d5c580d35a4912fdb6a6514e93fb596b41562407915; expires=Sun, 05-Jul-20 10:11:55 GMT; path=/; domain=.euquestions2.com; HttpOnly PHPSESSID=djv3umebllnhutfusap9i3vbk7; path=/ vary Accept-Encoding expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache age 0 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4f20cc1faaeec272-FRA content-encoding br Redirect headers Server nginx/1.6.2 Date Sat, 06 Jul 2019 10:11:55 GMT Transfer-Encoding chunked Connection close Location https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token
GET H2	200	font-awesome.min.css maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/	30 KB 7 KB	103ms 33ms	Stylesheet text/css	209.197.3.15 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT content-encoding gzip last-modified Wed, 12 Dec 2018 18:35:20 GMT access-control-allow-origin * etag "1544639720" vary Accept-Encoding x-cache HIT content-type text/css; charset=utf-8 status 200 cache-control public, max-age=31536000 x-hello-human Say hello back! @getBootstrapCDN on Twitter accept-ranges bytes timing-allow-origin * content-length 7050
GET H2	200	facebook.css rewardsprogram.euquestions2.com/eu/fr/css/	18 KB 4 KB	14ms 10ms	Stylesheet text/css	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Full URL https://rewardsprogram.euquestions2.com/eu/fr/css/facebook.css Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `cb6088cc9f84fbb1208445298c7741588b625d606b61847d1d671ab4f8f60306` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT content-encoding br cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:44 GMT server cloudflare age 3892 etag W/"5cb60064-47f3" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 4f20cc202c9bc272-FRA expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	cssbluegol.css rewardsprogram.euquestions2.com/eu/fr/css/	1007 B 454 B	12ms 9ms	Stylesheet text/css	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Full URL https://rewardsprogram.euquestions2.com/eu/fr/css/cssbluegol.css Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `fe2d19612d240d2691f29765819cf80cb915ab990d4c319846d03d9ba88b0b5a` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT content-encoding br cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:44 GMT server cloudflare age 2239 etag W/"5cb60064-3ef" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 4f20cc202c9fc272-FRA expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	amazon.css rewardsprogram.euquestions2.com/eu/fr/css/	2 KB 498 B	36ms 34ms	Stylesheet text/css	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Full URL https://rewardsprogram.euquestions2.com/eu/fr/css/amazon.css Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `e71ed54801386e335ff34fe13967db2e411a6e4b7e6703bf6b25a2536b9a7335` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT content-encoding br cf-cache-status REVALIDATED last-modified Tue, 16 Apr 2019 16:18:43 GMT server cloudflare etag W/"5cb60063-86c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 4f20cc202ca2c272-FRA expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	amznewg.css rewardsprogram.euquestions2.com/eu/fr/css/	275 B 207 B	13ms 11ms	Stylesheet text/css	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Full URL https://rewardsprogram.euquestions2.com/eu/fr/css/amznewg.css Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `606de7c96412aa199126c85bcae803e648bbddfed2a2adfcee258a94265e6ebf` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT content-encoding br cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:41 GMT server cloudflare age 3892 etag W/"5cb60061-113" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=14400 cf-ray 4f20cc202ca3c272-FRA expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	a.png rewardsprogram.euquestions2.com/eu/fr/l/	9 KB 9 KB	41ms 39ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/l/a.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `6ba2141090eb469b5c60ba9bc3158d14b781b1a5bc1073d531ada4fb75d4dcbf` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status REVALIDATED last-modified Tue, 16 Apr 2019 16:19:21 GMT server cloudflare etag "5cb60089-2280" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc202ca8c272-FRA content-length 8832 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	frflag.png rewardsprogram.euquestions2.com/eu/fr/images/	1 KB 1 KB	18ms 17ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/frflag.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `50a3290216ca4d778af89d26039d7eb54582ad9331090bca5f4a8cfc0a9a2184` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:03 GMT server cloudflare age 3892 etag "5cb60077-4b3" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc202cacc272-FRA content-length 1203 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	presenthead.png rewardsprogram.euquestions2.com/eu/fr/images/	13 KB 13 KB	11ms 10ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/presenthead.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `93619c22601047342bb8a8bad0159b699e3a9fc96decb1346e454f4f881441d6` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:14 GMT server cloudflare age 3892 etag "5cb60082-3403" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc204cfec272-FRA content-length 13315 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	present.png rewardsprogram.euquestions2.com/eu/fr/images/	13 KB 13 KB	11ms 10ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/present.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `8068542f56aae2f41c2822f90d0d6ec7bcdbe91a09676840a73db81cbcbde868` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:13 GMT server cloudflare age 3892 etag "5cb60081-3364" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc205d5ec272-FRA content-length 13156 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	loading.gif rewardsprogram.euquestions2.com/eu/fr/images/	1 KB 2 KB	21ms 18ms	Image image/gif	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/loading.gif Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:11 GMT server cloudflare age 3892 etag "5cb6007f-5b1" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/gif status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc207dc2c272-FRA content-length 1457 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	fb-check.jpg rewardsprogram.euquestions2.com/eu/fr/images/	646 B 752 B	16ms 15ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/fb-check.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:01 GMT server cloudflare age 3892 etag "5cb60075-286" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc207dc5c272-FRA content-length 646 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	phone.jpg rewardsprogram.euquestions2.com/eu/fr/images/	5 KB 6 KB	12ms 10ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/phone.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `4e3dbf3fcde964ca22b110c0ddd200cc054992c08bb26dbbde23f1ad94f068ee` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:13 GMT server cloudflare age 3892 etag "5cb60081-15b9" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc208e1ec272-FRA content-length 5561 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	5.png rewardsprogram.euquestions2.com/eu/fr/images/	4 KB 4 KB	12ms 11ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/5.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `48009a9653676b93d1749c2f87dafd370ef7c48683b26ce99fa4dd033096127b` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:51 GMT server cloudflare age 3892 etag "5cb6006b-f17" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc208e25c272-FRA content-length 3863 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	cartblack.png rewardsprogram.euquestions2.com/eu/fr/images/	8 KB 8 KB	33ms 32ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/cartblack.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `83c6c68049b117e9e003ab598b4d090448b551d0c0c39d65b35cb1d01a821484` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status REVALIDATED last-modified Tue, 16 Apr 2019 16:18:55 GMT server cloudflare etag "5cb6006f-2006" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20ae5dc272-FRA content-length 8198 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	iphone.jpg rewardsprogram.euquestions2.com/eu/fr/images/	4 KB 4 KB	11ms 10ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/iphone.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `02deafac2798c926ef826b26d97bac956459fa59600c555bbca04cc7c4afbbfe` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:10 GMT server cloudflare age 3892 etag "5cb6007e-118d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20ae61c272-FRA content-length 4493 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	watches.jpg rewardsprogram.euquestions2.com/eu/fr/images/	9 KB 9 KB	9ms 9ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/watches.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `1539a006427495c4ff3640cc0220e9bf91eb932fd02b96e749a483e668fc85ac` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:18 GMT server cloudflare age 3892 etag "5cb60086-22b1" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20beadc272-FRA content-length 8881 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	4.png rewardsprogram.euquestions2.com/eu/fr/images/	4 KB 4 KB	14ms 13ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/4.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `da79dc902b464e92380f8fdbcaf1432cf71f74adc0befcc79313cb3ed36d5212` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:50 GMT server cloudflare age 3892 etag "5cb6006a-f6d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20cef3c272-FRA content-length 3949 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	tablet.jpg rewardsprogram.euquestions2.com/eu/fr/images/	8 KB 8 KB	14ms 10ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/tablet.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `1071f4f77ec205b365f4819a52a1cc617dc76152bbf68ff6fb9a1b037a0f808e` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:19:18 GMT server cloudflare age 3892 etag "5cb60086-1e1b" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df07c272-FRA content-length 7707 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	f1.jpg rewardsprogram.euquestions2.com/eu/fr/images/	2 KB 2 KB	13ms 9ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/f1.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `18b60afc8548639623f2395f3f828b2ea05d029d0218b9632ee85909ef8071f4` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:56 GMT server cloudflare age 3892 etag "5cb60070-607" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df09c272-FRA content-length 1543 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	com_s9.jpg rewardsprogram.euquestions2.com/eu/fr/images/	11 KB 11 KB	14ms 11ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/com_s9.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `7fe38f9fc2e3040ef5768cda90d5340d4bfda2167a29473d7ed59379431682e2` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:54 GMT server cloudflare age 3892 etag "5cb6006e-2bad" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df0bc272-FRA content-length 11181 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	f.jpg rewardsprogram.euquestions2.com/eu/fr/images/	2 KB 2 KB	15ms 12ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/f.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `248ec048f18428c832697369173e5801d2facfbced81e4331b9d8c8c9bae49fa` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:56 GMT server cloudflare age 3892 etag "5cb60070-739" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df0fc272-FRA content-length 1849 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	f3.jpg rewardsprogram.euquestions2.com/eu/fr/images/	1 KB 2 KB	15ms 13ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/f3.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `40361853c237fdb30bb38f4d0bf28a756cf40ca80be438b14231ba42b7ed987c` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:59 GMT server cloudflare age 3891 etag "5cb60073-5d8" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df12c272-FRA content-length 1496 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	f6.jpg rewardsprogram.euquestions2.com/eu/fr/images/	1 KB 1 KB	14ms 11ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/f6.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `4604e524a2131ee561e13c9fe760267a0bbc64ca91027ab92fd355ff4dc1514d` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:59 GMT server cloudflare age 3892 etag "5cb60073-460" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df15c272-FRA content-length 1120 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	com_s9b.jpg rewardsprogram.euquestions2.com/eu/fr/images/	12 KB 12 KB	12ms 10ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/com_s9b.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `eb7796b1744853f978dc23e3a819ff1b809e382b84026ee69de7ca4a363cac3c` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:54 GMT server cloudflare age 3892 etag "5cb6006e-2f21" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df17c272-FRA content-length 12065 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	f5.jpg rewardsprogram.euquestions2.com/eu/fr/images/	1 KB 1 KB	14ms 12ms	Image image/jpeg	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/f5.jpg Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `7a15c7fd6cff51cb3a08a1b705e578578f16f316835547063e9298a27257936b` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:59 GMT server cloudflare age 3892 etag "5cb60073-577" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df19c272-FRA content-length 1399 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	cc.png rewardsprogram.euquestions2.com/eu/fr/images/	10 KB 10 KB	15ms 13ms	Image image/png	2606:4700:30::681f:4bed Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://rewardsprogram.euquestions2.com/eu/fr/images/cc.png Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681f:4bed , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `c54b3acd031d174f96f8b939e7636cab350422c68d197442d345594c6d243ec3` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:11:55 GMT cf-cache-status HIT last-modified Tue, 16 Apr 2019 16:18:54 GMT server cloudflare age 3892 etag "5cb6006e-266d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png status 200 cache-control public, max-age=14400 accept-ranges bytes cf-ray 4f20cc20df1cc272-FRA content-length 9837 expires Sat, 06 Jul 2019 14:11:55 GMT
GET H2	200	universalJSRequest.php mnvrmnd.com/tracking/ Frame 9EC2	0 0	221ms 154ms	Document text/html	2606:4700:30::681b:abe1 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://mnvrmnd.com/tracking/universalJSRequest.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&ffq=set\|ff\|flux_fts\|ff\|lixlxlotxlzpzqiqiteilpxzqcizcliolxptpa7091\|ff\|set\|ff\|clickid\|ff\|%7Bclickid%7D\|ff\|set\|ff\|c1\|ff\|%7Bc1%7D\|ff\|set\|ff\|sid\|ff\|%7Bsid%7D\|ff\|set\|ff\|tm\|ff\|token\|ff\|set\|ff\|flux_url\|ff\|https%3A%2F%2Frewardsprogram.euquestions2.com%2Feu%2Ffr%2Fa.php%3Fclickid%3D1562407915.27-158010169-24883%26c1%3Da1m7%26sid%3D158010169\|ff\|set\|ff\|flux_ref\|ff\|http%3A%2F%2Fgo.teldamps.com%2Fts60-international-credit-gen\|ff\|set\|ff\|flux_fn\|ff\|543536038690450121\|ff\|set\|ff\|flux_inject\|ff\|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3A%22a.flux_cta%22%7D%2C%22tokens%22%3A%7B%22flux_sess%22%3A%22%7Bsession-id%7D%22%7D%7D&frameId=_ffq_track_ Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681b:abe1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/7.0.28 Resource Hash Request headers :method GET :authority mnvrmnd.com :scheme https :path /tracking/universalJSRequest.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&ffq=set\|ff\|flux_fts\|ff\|lixlxlotxlzpzqiqiteilpxzqcizcliolxptpa7091\|ff\|set\|ff\|clickid\|ff\|%7Bclickid%7D\|ff\|set\|ff\|c1\|ff\|%7Bc1%7D\|ff\|set\|ff\|sid\|ff\|%7Bsid%7D\|ff\|set\|ff\|tm\|ff\|token\|ff\|set\|ff\|flux_url\|ff\|https%3A%2F%2Frewardsprogram.euquestions2.com%2Feu%2Ffr%2Fa.php%3Fclickid%3D1562407915.27-158010169-24883%26c1%3Da1m7%26sid%3D158010169\|ff\|set\|ff\|flux_ref\|ff\|http%3A%2F%2Fgo.teldamps.com%2Fts60-international-credit-gen\|ff\|set\|ff\|flux_fn\|ff\|543536038690450121\|ff\|set\|ff\|flux_inject\|ff\|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3A%22a.flux_cta%22%7D%2C%22tokens%22%3A%7B%22flux_sess%22%3A%22%7Bsession-id%7D%22%7D%7D&frameId=_ffq_track_ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169 accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169 Response headers status 200 date Sat, 06 Jul 2019 10:11:55 GMT content-type text/html;charset=UTF-8 set-cookie __cfduid=dff767a5472f07ea25c6f11d574c034b81562407915; expires=Sun, 05-Jul-20 10:11:55 GMT; path=/; domain=.mnvrmnd.com; HttpOnly PHPSESSID=ahps8q7797tjrh08l5rbstjsp7; expires=Sat, 13-Jul-2019 10:11:55 GMT; Max-Age=604800; path=/ csid2=ahps8q7797tjrh08l5rbstjsp7; expires=Sun, 05-Jul-2020 10:11:55 GMT; Max-Age=31536000; path=/ PHPSESSID=ahps8q7797tjrh08l5rbstjsp7; expires=Sun, 07-Jul-2019 10:11:55 GMT; Max-Age=86400; path=/ ff-do-ss=node-119280778\|XSBz7\|XSBz7; path=/ __cflb=1759559876; path=/; expires=Tue, 09-Jul-19 10:11:55 GMT; HttpOnly vary Accept-Encoding x-powered-by PHP/7.0.28 access-control-allow-origin * access-control-allow-credentials true access-control-allow-methods GET, POST access-control-expose-headers Access-Control-Allow-Credentials, Access-Control-Allow-Origin, Access-Control-Allow-Methods pragma no-cache cache-control no-cache, must-revalidate expires Mon, 26 Jul 1997 05:00:00 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 4f20cc2159bc6485-FRA content-encoding br
GET H2	200	5c365643eeb4c100109517b6 Show response api.pushnami.com/scripts/v1/pushnami-adv/	24 KB 7 KB	130ms 38ms	Script application/javascript	54.230.202.97 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://api.pushnami.com/scripts/v1/pushnami-adv/5c365643eeb4c100109517b6 Requested by Host: rewardsprogram.euquestions2.com URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.230.202.97 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-54-230-202-97.fra50.r.cloudfront.net Software / Resource Hash `f0f176edcd72c19d8d502cda24ca1d0294a19b3cc4a5486297239edaa8fcccc6` Request headers Referer https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 06 Jul 2019 10:08:24 GMT content-encoding gzip age 211 vary accept-encoding x-cache Hit from cloudfront content-type application/javascript; charset=utf-8 status 200 cache-control no-cache x-amz-cf-pop FRA50 x-amz-cf-id -5mPKFrOMaTA6nXVPx3T5WgC1GDz0vATfNOY8upJDtt6pqBsoMFeaw== via 1.1 147e057d2f96cf5a0082d96978e38a5b.cloudfront.net (CloudFront)

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
mnvrmnd.com/	1970-01-19 02:04:27	Name: __cflb Value: 1759559876
mnvrmnd.com/	1970-01-19 10:45:43	Name: csid2 Value: ahps8q7797tjrh08l5rbstjsp7
mnvrmnd.com/	1970-01-19 02:01:34	Name: PHPSESSID Value: ahps8q7797tjrh08l5rbstjsp7
mnvrmnd.com/	1969-12-31 23:59:59	Name: ff-do-ss Value: node-119280778\|XSBz7\|XSBz7
.mnvrmnd.com/	1970-01-19 10:45:43	Name: __cfduid Value: dff767a5472f07ea25c6f11d574c034b81562407915
rewardsprogram.euquestions2.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: djv3umebllnhutfusap9i3vbk7
.euquestions2.com/	1970-01-19 10:45:43	Name: __cfduid Value: d5c580d35a4912fdb6a6514e93fb596b41562407915

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.pushnami.com
go.teldamps.com
goatshpprd.com
godt-liv.ml
hwmanymore.com
maxcdn.bootstrapcdn.com
mnvrmnd.com
rewardsprogram.euquestions2.com
tinyurl.com
198.74.59.73
209.197.3.15
2606:4700:10::6814:da2a
2606:4700:30::681b:abe1
2606:4700:30::681f:4bed
35.192.185.253
54.230.202.97
66.172.12.145
02deafac2798c926ef826b26d97bac956459fa59600c555bbca04cc7c4afbbfe
1071f4f77ec205b365f4819a52a1cc617dc76152bbf68ff6fb9a1b037a0f808e
1539a006427495c4ff3640cc0220e9bf91eb932fd02b96e749a483e668fc85ac
18b60afc8548639623f2395f3f828b2ea05d029d0218b9632ee85909ef8071f4
248ec048f18428c832697369173e5801d2facfbced81e4331b9d8c8c9bae49fa
40361853c237fdb30bb38f4d0bf28a756cf40ca80be438b14231ba42b7ed987c
4604e524a2131ee561e13c9fe760267a0bbc64ca91027ab92fd355ff4dc1514d
48009a9653676b93d1749c2f87dafd370ef7c48683b26ce99fa4dd033096127b
4e3dbf3fcde964ca22b110c0ddd200cc054992c08bb26dbbde23f1ad94f068ee
50a3290216ca4d778af89d26039d7eb54582ad9331090bca5f4a8cfc0a9a2184
606de7c96412aa199126c85bcae803e648bbddfed2a2adfcee258a94265e6ebf
6ba2141090eb469b5c60ba9bc3158d14b781b1a5bc1073d531ada4fb75d4dcbf
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a15c7fd6cff51cb3a08a1b705e578578f16f316835547063e9298a27257936b
7fe38f9fc2e3040ef5768cda90d5340d4bfda2167a29473d7ed59379431682e2
8068542f56aae2f41c2822f90d0d6ec7bcdbe91a09676840a73db81cbcbde868
808759a636c47f1145634b14ad373856f9d59d0574b606c1580ac65279491910
83c6c68049b117e9e003ab598b4d090448b551d0c0c39d65b35cb1d01a821484
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e
93619c22601047342bb8a8bad0159b699e3a9fc96decb1346e454f4f881441d6
c54b3acd031d174f96f8b939e7636cab350422c68d197442d345594c6d243ec3
cb6088cc9f84fbb1208445298c7741588b625d606b61847d1d671ab4f8f60306
da79dc902b464e92380f8fdbcaf1432cf71f74adc0befcc79313cb3ed36d5212
e71ed54801386e335ff34fe13967db2e411a6e4b7e6703bf6b25a2536b9a7335
e978a40dc8f1798cb358ace0d17651a1d6453b22d4ff0ec7926614a517cb6ac2
eb7796b1744853f978dc23e3a819ff1b809e382b84026ee69de7ca4a363cac3c
f0f176edcd72c19d8d502cda24ca1d0294a19b3cc4a5486297239edaa8fcccc6
fe2d19612d240d2691f29765819cf80cb915ab990d4c319846d03d9ba88b0b5a

rewardsprogram.euquestions2.com Open in urlscan Pro 2606:4700:30::681f:4bed Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

97 %HTTPS

38 %IPv6

9 Domains

9 Subdomains

5 IPs

1 Countries

150 kBTransfer

230 kBSize

7 Cookies

2 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

rewardsprogram.euquestions2.com Open in urlscan Pro
2606:4700:30::681f:4bed Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

97 %
HTTPS

38 %
IPv6

9
Domains

9
Subdomains

5
IPs

1
Countries

150 kB
Transfer

230 kB
Size

7
Cookies

30 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!