financesurveys.pro Open in urlscan Pro
2606:4700:3030::6815:207b  Malicious Activity! Public Scan

URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Submission: On May 02 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3030::6815:207b, located in United States and belongs to CLOUDFLARENET, US. The main domain is financesurveys.pro. The Cisco Umbrella rank of the primary domain is 804454.
TLS certificate: Issued by E1 on March 8th 2024. Valid for: 3 months.
This is the only time financesurveys.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

IP Address AS Autonomous System
11 2606:4700:303... 13335 (CLOUDFLAR...)
3 178.63.248.57 24940 (HETZNER-AS)
2 157.90.33.122 24940 (HETZNER-AS)
16 3
Apex Domain
Subdomains
Transfer
11 financesurveys.pro
financesurveys.pro — Cisco Umbrella Rank: 804454
76 KB
3 push-sdk.net
push-sdk.net — Cisco Umbrella Rank: 104918
16 KB
2 uidsync.net
uidsync.net — Cisco Umbrella Rank: 44096
710 B
16 3
Domain Requested by
11 financesurveys.pro financesurveys.pro
3 push-sdk.net financesurveys.pro
push-sdk.net
2 uidsync.net push-sdk.net
16 3

This site contains links to these domains. Also see Links.

Domain
finance.gofreed.shop
Subject Issuer Validity Valid
financesurveys.pro
E1
2024-03-08 -
2024-06-06
3 months crt.sh
push-sdk.net
R3
2024-04-14 -
2024-07-13
3 months crt.sh
uidsync.net
Sectigo RSA Domain Validation Secure Server CA
2023-12-30 -
2025-01-29
a year crt.sh

This page contains 1 frames:

Primary Page: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Frame ID: DC1DF125BAE214347C92340E6A720B66
Requests: 15 HTTP requests in this frame

Screenshot


Page Statistics

16
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

92 kB
Transfer

136 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
financesurveys.pro/ph/youtube/
18 KB
5 KB
Document
General
Full URL
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6f9241534a02d2ad1fdf6f92c3bba219cc4dd71fe2b2ee51bf7356ded1fc1a2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
public,max-age=0,must-revalidate
cache-status
"Netlify Edge"; fwd=miss
cf-cache-status
DYNAMIC
cf-ray
87dbbb1e4fa19030-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 02 May 2024 23:18:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zMTolNipeGSJyrhVoSkjBzpProHb9HRslhHjB7wCWmUN6Qd6N16cv3bX%2FI0ac%2FCI%2FY6UWagnCNzgS2bM8cnOO%2Bdr7SwB9ZuQVIMAy0GSNd9gzejSflYe7cvUddjCToXG0pdIAWQ%2FZhwX1D2eb6RtC0Y%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-nf-request-id
01HWXSMBQWVJ132JZ84SG4F0DZ
play-control.png
financesurveys.pro/ph/youtube/img/
2 KB
3 KB
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/play-control.png
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b963afd91bb327212c7a29779c23d8ea4099aa2eb4f08bc24e2cfedc2cae362d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBYS4VQK2BNSWEN8EQWT
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; hit
etag
"eb3369720c9de252879ed630be79cdc4-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XVWoUq%2BJcdkoeakYNcu1HbcWQ%2BmS%2B6XvYk2DXYWUViF9xZ3IG%2Fm4UyrHJk%2FX7dBmrJ11XKsZgQRxa5rsHaxGvVwLZHOeISKWFSxDYJKrdsSVDeH1QPCl260XTtGHFd3bStNiuZMRtfG9mmsaazkFlpk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fb8cc9030-FRA
alt-svc
h3=":443"; ma=86400
content-length
2458
ava3.png
financesurveys.pro/ph/youtube/img/
3 KB
4 KB
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/ava3.png
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fd32a97f530b167b81bb36bcf6ffc0d48af958db95b8da450e6fe860475ab3c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBYS3TJT3E9DE250N8TD
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; fwd=miss
etag
"d7b8539ed4198c2b1de41a1f24500041-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3KnoYBUaDe0BZ8KdL67AaysqEWxk3GHda0B2M22DuqLl0zlx35lGbQ%2FI2YWvOZsfL9xwvBIupWQ2m16J0e%2B3dZdH4E8dPA2B%2BMwbXnaCZn9Zsor94kG4On8wBtyNIEVhIjVpNZE%2B0hUsj2AA1gzPX4c%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fb8cd9030-FRA
alt-svc
h3=":443"; ma=86400
content-length
3577
ava.png
financesurveys.pro/ph/youtube/img/
410 B
949 B
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/ava.png
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5127ef23138b68bf983dc7c2e1930cc484f100e58e10716d333ad796bf4f8523

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBZ69P3SR70ECX2QWBWK
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; fwd=miss
etag
"168f846e286117a4bae5f0f36f5d1b0b-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T92wGO8Pgi5BAfrZ2GQDlSdP8j5lecWiSQrAJ01dAQdv0zEbBYTDJNWGP80xUsfwHWspN4h5Wc39IRfpLVV3betlX5GuguhaOHPEc%2Bj3%2BO%2BU3Q8khbs4SXPw2YkmvtqUBoTag%2Bp6UKuwvmpi66PVMQw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fc8d89030-FRA
alt-svc
h3=":443"; ma=86400
content-length
410
ava2.png
financesurveys.pro/ph/youtube/img/
3 KB
4 KB
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/ava2.png
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bef6c6c113c81db3fa220490ffdda2665cdfb7dd8feaa24a349e330429d5c9f8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBZ78E62SSXKG2W1SPFF
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; fwd=miss
etag
"34d67454a7ca9a47475d94c2f6cc0f7a-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G82xKaST5ob2Fun%2BFqYqddLs%2F%2Bc63HAMe21XX%2ByGEVv4%2BhSYuLBeKMtN2FqqOSwvMI8rl2UD73du62wq%2B6Js%2B1t3UqXUHnMoqdi011GoCrSztBTEwtUmow0xvArlH5l5pXf%2BUQOmkI2tf10ENJWWU%2Bk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fc8dc9030-FRA
alt-svc
h3=":443"; ma=86400
content-length
3475
sdk.js
push-sdk.net/f/
52 KB
15 KB
Script
General
Full URL
https://push-sdk.net/f/sdk.js?z=1207270
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.63.248.57 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
sub6.1push.io
Software
Angie /
Resource Hash
1c60c387936024b9abb1b2514bba07be7725ffad25903c7faf23eecb61e222d7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:18:31 GMT
content-encoding
gzip
cache-control
no-cache, max-age=0, must-revalidate, proxy-revalidate
server
Angie
content-length
14884
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
background.jpg
financesurveys.pro/ph/youtube/img/
45 KB
45 KB
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/background.jpg
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e14bbab9e27c0d55cdae0b51a4fd52b79c33a82c757f215281fc9f517e51b501

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBZEH8W7FADBZ9HT9RVV
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; fwd=miss
etag
"7a8dd7dd1d51ccfb8797b2cf7c901596-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JqPKnGUCl26bjag86idBN%2F8j%2BltxD6ByR%2BB9kDm51b5WU%2FxYN31ptGC9yq%2FZPv9Jr680rOiniZ8P7iSDXSj6sjXi3xGbqxZ7eVvq%2BzeKjTTQATZaEudOKN0AA29tOIFUzfsZA8dBbEPjj7RrPTm97nI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fc8e09030-FRA
alt-svc
h3=":443"; ma=86400
content-length
46003
share-icon.jpg
financesurveys.pro/ph/youtube/img/
2 KB
2 KB
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/share-icon.jpg
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6a41308f06e884d5283a57a48ec470c0a15c1133f5792f1d2144ca6d3da1bd0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBZDQSWMBW6M8H24PAQ9
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; hit
etag
"0da75108efac9247d5245888424a7d75-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q3WpVV70e9%2FedTTbtIWgakDbX07Wx2Gs27ryKBLd%2BwAvKcDagFWxCWTf%2Bj40AWVDW5wl%2FEwczSkrq5QslIWNdeXP5%2FmRRdpY2ZTW%2BTaxGVWFNGNs2LxHrqERAnXpwB%2B%2B4tQ1m18Bqjw4kqo5l4jyOR4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fc8e19030-FRA
alt-svc
h3=":443"; ma=86400
content-length
1589
play.png
financesurveys.pro/ph/youtube/img/
860 B
1 KB
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/play.png
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
744a720a0e24c40be97c5b6184a953fc708ad5e12a38cf61202aff195bdaf5ad

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBZDP18Z2NJZC0ZGQHXZ
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; fwd=miss
etag
"b877f922cef696076348914f30a5f1b3-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Nj9ODM3RYB8baqdmYc5TPUmaYwrYg3hNsvT8lSvs1zAsiz2NZYnAh%2BVop23mdb4FA%2BJbH1vBcqil0zIJLLRYjNNprzZpFpTDlI7X0RfP0MdM0Q%2Ffo%2FBoiU%2F3XuLjJqZNlLFw3TJtUcrAbB82Hb5H4k%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fc8e29030-FRA
alt-svc
h3=":443"; ma=86400
content-length
860
option.png
financesurveys.pro/ph/youtube/img/
142 B
682 B
Image
General
Full URL
https://financesurveys.pro/ph/youtube/img/option.png
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
805d30bda20cfc09e426097b2b6149dcddf879b474db20c023128773449a270c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBZBTMJ6TWCVGHXDNQM1
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; fwd=miss
etag
"2c911881b196c7e39ba3d09d552ad1b0-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HGUvFOZDxuUTonUzsnVakzmQSbJeIPMFN7J9nTVE0qJaoY4y52XLgudqUAG4EwjZ7XeKbJXM1v79iMGlO6s0ofnJVMHZRCXGP5sqVVZ1g4Ph8mJkTW9fA0HaLAmtN%2FSIKUiBAM8fdmg3jLaOULmyz%2FM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400, must-revalidate
accept-ranges
bytes
cf-ray
87dbbb1fc8e39030-FRA
alt-svc
h3=":443"; ma=86400
content-length
142
default.mp3
financesurveys.pro/ph/youtube/
7 KB
7 KB
Media
General
Full URL
https://financesurveys.pro/ph/youtube/default.mp3
Requested by
Host: financesurveys.pro
URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMBZN3BTK8DEHYH19GHX9
date
Thu, 02 May 2024 23:18:31 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; hit
etag
"55b714f0de4df470d68aee2e3ba77076-ssl"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2rL%2BH8U2ctoa0CodmXFykQUgoQ19yASaqbYZ60ffFK%2FC1wnkkmRp1WzTtvwStflbvNn9kcB3nxVwsRQPlgAWlLxsOv4nsOsQRjA6yyeTBSjW0xs7WP3GP4VlyA%2FkzjdeXFFI1Orf%2BCYjD7oYfe7R0gA%3D"}],"group":"cf-nel","max_age":604800}
content-type
audio/mpeg
Content-Range
bytes 0-6711/6712
cache-control
public, max-age=14400, must-revalidate
cf-ray
87dbbb1fd8eb9030-FRA
alt-svc
h3=":443"; ma=86400
Content-Length
6712
event
push-sdk.net/
0
529 B
Ping
General
Full URL
https://push-sdk.net/event?z=1207270
Requested by
Host: push-sdk.net
URL: https://push-sdk.net/f/sdk.js?z=1207270
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.63.248.57 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
sub6.1push.io
Software
Angie /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://financesurveys.pro/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 02 May 2024 23:18:31 GMT
server
Angie
accept-ch
Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://financesurveys.pro
access-control-expose-headers
Authorization
cache-control
no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
content-length
0
expires
Tue, 11 Jan 1994 00:00:00 GMT
sync
uidsync.net/
62 B
710 B
Fetch
General
Full URL
https://uidsync.net/sync?user_id=Ts50S75gnNPszVvv2PitH6
Requested by
Host: push-sdk.net
URL: https://push-sdk.net/f/sdk.js?z=1207270
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.90.33.122 Ismaning, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
sub3.1push.io
Software
Angie /
Resource Hash
cb1062e4d29555b382f9679e668615af50a19378b61145b70fa221842ab57194

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://financesurveys.pro/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Thu, 02 May 2024 23:18:31 GMT
server
Angie
accept-ch
Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://financesurveys.pro
access-control-expose-headers
Authorization
cache-control
no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
content-length
62
expires
Tue, 11 Jan 1994 00:00:00 GMT
sync
uidsync.net/
0
0
Preflight
General
Full URL
https://uidsync.net/sync?user_id=Ts50S75gnNPszVvv2PitH6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.90.33.122 Ismaning, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
sub3.1push.io
Software
Angie /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://financesurveys.pro
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://financesurveys.pro
access-control-expose-headers
Authorization
cache-control
no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
date
Thu, 02 May 2024 23:18:31 GMT
expires
Tue, 11 Jan 1994 00:00:00 GMT
pragma
no-cache
server
Angie
favicon.ico
financesurveys.pro/
3 KB
2 KB
Other
General
Full URL
https://financesurveys.pro/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:207b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
776e7455e3b0cbb09fdbb5bf269a6b3e0404430f882e215985ecaaca7b805221

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-nf-request-id
01HWXSMC6FJGGDVJFGF7EDFV3W
date
Thu, 02 May 2024 23:18:31 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cache-status
"Netlify Edge"; hit
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I4D7GHmeD8Atd56y3y14olsO7xcbVEm1%2B9akcJccYqkOjTeb2Ry%2BC9fQgveuUlXROOC6F3J87Fsm8pCSuS10u8TLotfI9Ysxgn4kftoRdiokY7Lz3VwL4uLDmhTTfgSCMqRK%2FzTeFG1a4AQfHrsiNJA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cache-control
public, max-age=14400, must-revalidate
cf-ray
87dbbb21399a9030-FRA
alt-svc
h3=":443"; ma=86400
event
push-sdk.net/
0
530 B
Ping
General
Full URL
https://push-sdk.net/event?z=1207270
Requested by
Host: push-sdk.net
URL: https://push-sdk.net/f/sdk.js?z=1207270
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.63.248.57 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
sub6.1push.io
Software
Angie /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://financesurveys.pro/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 02 May 2024 23:18:33 GMT
server
Angie
accept-ch
Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://financesurveys.pro
access-control-expose-headers
Authorization
cache-control
no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token
content-length
0
expires
Tue, 11 Jan 1994 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getURLParameter

1 Cookies

Domain/Path Name / Value
uidsync.net/ Name: rauid
Value: Ts50S75gnNPszVvv2PitH6

4 Console Messages

Source Level URL
Text
rendering warning URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a(Line 6)
Message:
The key "target-densitydpi" is not supported.
intervention error URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a(Line 14)
Message:
Blocked call to navigator.vibrate because user hasn't tapped on the frame or any embedded frame yet: https://www.chromestatus.com/feature/5644273861001216.
other warning URL: https://financesurveys.pro/ph/youtube/index.html?uclick=hqdvik&uclickhash=hqdvik-hqdvik-2t0-0-2t6o-y9i4-y90-3a9d0a#
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://financesurveys.pro/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()