dollarsurvey.site/captcha1.html
104.26.2.231301 Moved Permanently 0 B URL HTTP/1.1 dollarsurvey.site/captcha1.html
IP 104.26.2.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /captcha1.html HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Sep 2022 13:57:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 25 Sep 2022 14:57:02 GMT
Location: https://dollarsurvey.site/captcha1.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qz82UhzooiBtE6gIG3%2BmtB%2B1W38XI1SUJYKiKRK8QUGW8d9IsaeKqXT78N0TYNgBBajE2%2FrGqYiCgQOGNAJs3AqFWAZ8o9Rwght43rk94zn0skfJq%2BXGnEJhK8pGxJvlOMwa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 750444444ac51c0a-OSL
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 13:14:57 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vUDE-JVkmp2xVROUeNTjQZfS4MKiVXHgCKjLVLBx42Z0z8LALH_jMQ==
Age: 2525
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6915
Expires: Sun, 25 Sep 2022 15:52:17 GMT
Date: Sun, 25 Sep 2022 13:57:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7wcV7J4Haj5tapXNERRTl76kSVWtqPCGeVD3ajT6qYfs6VwTUDElGQ==
age: 33709
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 448105c56d38e06932b134a3e4ac7386
05dbed565a68e3ff8d14ade78760c2d0ccb36095
6d9aaefbbe453594756c34509c78792cc7766a023043fbd9954064b8c5ad9def
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 13:57:03 GMT
Server: ECS (amb/6B89)
Content-Length: 280
dollarsurvey.site/js/data/rtc.js?v=1
104.26.2.231200 OK 15 kB URL HTTP/2 dollarsurvey.site/js/data/rtc.js?v=1
IP 104.26.2.231:0
Hash 2636e8ca74f3052f6ac6c47897f299c1
48802f0142f7edb8938b8e2893c50cb4c3003786
840be287b5e866a8dbefa8c9be314b4c4865c3e39e497dac0e419ea1854e815c
GET /js/data/rtc.js?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 08:10:43 GMT
vary: Accept-Encoding
etag: W/"632d6a03-3a65"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5487
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXHPJ2aNm9t4DLdseIFsYDukmauJjHOKOeIOfnph0GKpug7ilZlwlUjZtHEpOg0DaK3DBSrAp23Cf1n8xRC6zTPwUcG1ZCH0%2BgaQKvjHiJ19KeJSaURLNzrixwmZkzaHLErO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750444481ee30af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 25 Sep 2022 13:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 25 Sep 2022 13:15:34 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: n9MKGbZVhx2U9ERd1EvKphq6T1pMKC41W7FCMX8ucuNp2MlngjeYrw==
Age: 3166
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd3b36dc2b620b48de491a8d9ba00fc0
be67ba7db5215dcb7c9225876e35a5e0a5005c9e
28205ee62c77b1caad6cc24c1ce98ddb92d26f67d41270f7d5278208a907c62f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3094
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 13:57:03 GMT
Last-Modified: Sun, 25 Sep 2022 13:05:29 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
cdn.taboola.com/libtrc/socionicsurvey/loader.js
151.101.85.44200 OK 21 kB URL HTTP/2 cdn.taboola.com/libtrc/socionicsurvey/loader.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65508)
Hash 7fd47d52dd58ae884002bd808c55e68f
f6c99c496036a60cd2ce02356d83a5b7df4af89a
e9030e6c254ed94e9c5dcddb89ae088dd03df35dc7cf903f374fbdd18b9569df
GET /libtrc/socionicsurvey/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Cjyp8P/dQSQ+tPALZRM8H95D3fjyXZ6/Yku9Tad9Qv3RWw3PSjzEUdI0pZ+NSVXyETsFJkuESg0=
x-amz-request-id: 50MPSQWPY0V2Z9QF
last-modified: Thu, 22 Sep 2022 14:39:39 GMT
etag: "70a4fbe2dc656b867254956a6c4dd4eb"
x-amz-version-id: 3U.PoN0TC2aBlhfi9dWeNo4JwzWTKm1T
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:03 GMT
via: 1.1 varnish
age: 42
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1664114224.902600,VS0,VE1
cache-control: private,max-age=14401
vary: Accept-Encoding
abp: 85
content-length: 21176
X-Firefox-Spdy: h2
dollarsurvey.site/js/data/sd-301.js?v=2
104.26.2.231200 OK 698 B URL HTTP/2 dollarsurvey.site/js/data/sd-301.js?v=2
IP 104.26.2.231:0
Hash 3f0d78a5c22bc8ee8f43285dd7ce2f9c
f9dc502ce33c7fed6f94c29dae0b3371fe871f64
f9a5f0eafedafae960ce5c6886d12dd7b60a716c504b5e709e7d759e0d201da5
GET /js/data/sd-301.js?v=2 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 08:10:43 GMT
etag: W/"632d6a03-1b5"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BtanXoPjY6ncrDHfJGfvGtGon4vaM2SL3w7RG%2FQuTPSWb0Ptqx4L5NhZuHn%2BTVoRbymlpkiBeuGOVcmK9FCmoT%2Fo1e6onUlMXRPIsuYnmPL1ZA9yXLuqpIalXDHOGau4qsmt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75044448bfbb0af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash b7044689ce4492673b5fd8061234768f
eb5b2c11c44c98b1f63a54b8d951ff7d60ddfe4e
cdbe6cfe5e1c0e381388196b90dec81468c24a415fc80dd11e2fbb2278541126
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=b265490a3b0445eda267209797a5263d; expires=Mon, 25 Sep 2023 13:57:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20220922-16-RELEASE.js
151.101.85.44200 OK 146 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20220922-16-RELEASE.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65508)
Size 146 kB (145469 bytes)
Hash b6247ec22fba797cf6f51ae4c86a6509
1807f86f8b7146c10c986fd203d31de61ee67d8a
742c16a6b9e92d702d4e514560b0826268e676278e169e990c548d0bb6dd8a2f
GET /libtrc/impl.20220922-16-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: COg8lMA673OEz5PM+KFXiDXiosSVySM+TdixW+84HZwxLH8GtDt35DYHxlOgtiehZ9ZB4jLgaQI=
x-amz-request-id: W1R6REBMZ25HV30N
last-modified: Thu, 22 Sep 2022 14:15:17 GMT
etag: "b6247ec22fba797cf6f51ae4c86a6509"
content-encoding: br
x-amz-version-id: wNWqo8c3RDyWSxV8p_CKOzvKdfoSb_oq
content-type: application/javascript
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:03 GMT
via: 1.1 varnish
age: 27705
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 14633
x-timer: S1664114224.970387,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 70
server: AmazonS3-br
content-length: 145469
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 47ab4f79cb7e489989194fcb5214be14
b274efda3152156b8aaa4ec6c3872443b177236a
3d1586131b6b18460507d23c39641eafcc476c3c98f163410a0366fb6d2975c9
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 25 Sep 2022 13:57:04 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Thu, 29 Sep 2022 12:47:06 GMT
ETag: "b274efda3152156b8aaa4ec6c3872443b177236a"
Last-Modified: Sun, 25 Sep 2022 12:47:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3413
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7504444c4c7fb4eb-OSL
push.services.mozilla.com/
34.210.107.213101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.107.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2NiwIIGBU9hdMVgXr3ZC+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7CydfCuv2gu1nTFZ/hq522CrJu8=
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 12482f755f1264f5587bb8cdc7fff5c3
ff01e5ec3898e03cd21ddd586dab090e994abace
7560f40a0cd5c96d14d22048dc6c0a2937c0f7aad9b23b4e4baf36cd08cec337
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4171
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 13:57:04 GMT
Last-Modified: Sun, 25 Sep 2022 12:47:33 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 312
mc.yandex.ru/metrika/tag.js
87.250.250.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 7a68c8644032413981e4ba5bc0d66c4a
2d46ca8055e8577ae7138140e34a6e633434973c
e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 72341
date: Sun, 25 Sep 2022 13:57:04 GMT
access-control-allow-origin: *
etag: "632d6d03-11a95"
expires: Sun, 25 Sep 2022 14:57:04 GMT
last-modified: Fri, 23 Sep 2022 11:23:31 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=13%3A57%3A02.650&type=usage&msg=rtus&llvl=2&id=2091&cv=20220922-16-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/socionicsurvey/log/2/debug?tim=13%3A57%3A02.650&type=usage&msg=rtus&llvl=2&id=2091&cv=20220922-16-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socionicsurvey/log/2/debug?tim=13%3A57%3A02.650&type=usage&msg=rtus&llvl=2&id=2091&cv=20220922-16-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 25 Sep 2022 13:57:04 GMT
x-fastly-to-nlb-rtt: 33000
access-control-allow-credentials: true
X-Firefox-Spdy: h2
dollarsurvey.site/css/captcha.css
104.26.2.231200 OK 1.7 kB URL HTTP/2 dollarsurvey.site/css/captcha.css
IP 104.26.2.231:0
File type ASCII text, with very long lines (5459)
Hash 5f143c12c1cb00ab98c6a1261358fac6
568cf702d0ae5ab58f2ae3150f76e3b7da200a16
e6e4a9af875d6b09e7b31dcc72680619bb300e51f85b4726cdaa0f11a7faf7fa
GET /css/captcha.css HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 08:10:44 GMT
vary: Accept-Encoding
etag: W/"632d6a04-1554"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5487
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ta32RyeaYu8X1BNbFYB%2BYVYpSZOpyWiVycKus%2B2%2BMYnlT%2FERNmmFQsPW53DEK5HouW%2BlkUoQMiBsNzNZwib4BPFNBiYJ1NUs%2F69I1fXwyyBMEJUb3f%2Fj11jLj%2FqI%2BR9eJQA%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750444481eea0af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A139%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135702%3Aet%3A1664114223%3Ac%3A1%3Arn%3A108685106%3Arqn%3A1%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C35%2C1%2C%2C0%2C%2C72%2C3%2C%2C%2C%2C195%3Ans%3A1664114221992%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
87.250.250.119200 OK 400 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A139%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135702%3Aet%3A1664114223%3Ac%3A1%3Arn%3A108685106%3Arqn%3A1%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C35%2C1%2C%2C0%2C%2C72%2C3%2C%2C%2C%2C195%3Ans%3A1664114221992%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash b014f7c813309d37ea2db350d1fe7a96
750138fd9c7d2943c3640b5e6d8f5e2e3cc9a4a2
9663dbe4252354ee3272ebb39513a1a712354deda1f1a1a010396ccbdac5ec51
GET /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A139%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135702%3Aet%3A1664114223%3Ac%3A1%3Arn%3A108685106%3Arqn%3A1%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C35%2C1%2C%2C0%2C%2C72%2C3%2C%2C%2C%2C195%3Ans%3A1664114221992%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 400
date: Sun, 25 Sep 2022 13:57:04 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 25-Sep-2022 13:57:04 GMT
last-modified: Sun, 25-Sep-2022 13:57:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 7fb4df915d04b7ad9fc63a5387df0de8
b146aa5505e39b734c2591334dddc8192cade32c
4c25a2e5f33eeadf1f3e21cbc4fe7acc9e1ab87743b3130adda2fd94f1fd160b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3643
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 13:57:04 GMT
Last-Modified: Sun, 25 Sep 2022 12:56:21 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 312
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=13%3A57%3A03.153&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=1807&cv=20220922-16-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/socionicsurvey/log/2/debug?tim=13%3A57%3A03.153&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=1807&cv=20220922-16-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socionicsurvey/log/2/debug?tim=13%3A57%3A03.153&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=1807&cv=20220922-16-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 25 Sep 2022 13:57:04 GMT
x-fastly-to-nlb-rtt: 33525
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=13%3A57%3A03.152&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=896&cv=20220922-16-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/socionicsurvey/log/2/debug?tim=13%3A57%3A03.152&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=896&cv=20220922-16-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socionicsurvey/log/2/debug?tim=13%3A57%3A03.152&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=896&cv=20220922-16-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 25 Sep 2022 13:57:04 GMT
x-fastly-to-nlb-rtt: 33525
access-control-allow-credentials: true
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:04 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=df9H5180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlNZ3g5ZlBYRkphd01qblNPNTlhTkZWVk53RUphTyUyQkJ6SHVBUG1QNkdRSQ; expires=Fri, 20 Oct 2023 13:57:04 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 265907
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash c355ed9771e902f61a7b25899ee283c4
67f4c542d67acf7b206c6f9d19f04db21c588dbc
75d8d7a6cf95a6bcb3d4176ed97a3adafee0d1371480b7997b9e1361ba133dfa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2255
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 13:57:04 GMT
Last-Modified: Sun, 25 Sep 2022 13:19:29 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 312
dnacdn.net/dna
178.250.0.157200 OK 438 B IP 178.250.0.157:0
Hash f921acb9562f6b3071d05543f7b03b4b
b99adbfa49229b266d19263d85ae4a96678f8068
94ecc2261f0a855f96745473152f4dba7ee204d7a0918f2f34eb4da7d92fd692
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=df9H5180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlNZ3g5ZlBYRkphd01qblNPNTlhTkZWVk53RUphTyUyQkJ6SHVBUG1QNkdRSQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=hnNWg180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlNZ3g5ZlBYRkphd01qblNPNTlhTkYlMkZlU2ZjR0NTeTNCTUNTMXVkNnE5RA; expires=Fri, 20 Oct 2023 13:57:04 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 364364
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A54486411%3Arqn%3A2%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1012%2C1012%2C2%2C%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A54486411%3Arqn%3A2%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1012%2C1012%2C2%2C%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A54486411%3Arqn%3A2%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1012%2C1012%2C2%2C%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 25 Sep 2022 13:57:04 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 25-Sep-2022 13:57:04 GMT
last-modified: Sun, 25-Sep-2022 13:57:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A410521386%3Arqn%3A3%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A410521386%3Arqn%3A3%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A410521386%3Arqn%3A3%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 25 Sep 2022 13:57:04 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 25-Sep-2022 13:57:04 GMT
last-modified: Sun, 25-Sep-2022 13:57:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A85832869%3Arqn%3A4%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A85832869%3Arqn%3A4%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664114224_47a30c9ec008f107dfe48eb60df9dc4c1ecd583167ef541d7fbf41a5fac45984&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135703%3Aet%3A1664114223%3Ac%3A1%3Arn%3A85832869%3Arqn%3A4%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664114221992%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 25 Sep 2022 13:57:04 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 25-Sep-2022 13:57:04 GMT
last-modified: Sun, 25-Sep-2022 13:57:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
185.235.84.227200 OK 46 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 185.235.84.227:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8c644a74b95d912a9b555aabec21df43
f4c84e898d0f282b2eb981604fda0a8ad0180984
572434eaf0d21ea881f774763f3a18d9b4959f074bfdce0a3419df25f67d0eaf
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 92558
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
trc.taboola.com/socionicsurvey/trc/3/json?tim=13%3A57%3A03.158<i=deflated&data=%7B%22id%22%3A245%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1663857573097%2C%22vi%22%3A1664114223156%2C%22cv%22%3A%2220220922-16-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
151.101.85.44200 OK 12 kB URL HTTP/2 trc.taboola.com/socionicsurvey/trc/3/json?tim=13%3A57%3A03.158<i=deflated&data=%7B%22id%22%3A245%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1663857573097%2C%22vi%22%3A1664114223156%2C%22cv%22%3A%2220220922-16-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP 151.101.85.44:0
File type Unicode text, UTF-8 text, with very long lines (19346)
Hash 28f184f89abc1636e0210a839a9ba8c8
86a64e2df98dfb280165f4634889b14e9dbf5955
8e1e95baa8a9bb48359f507681dda57c197008413088ab1e1db2db87564f40fd
GET /socionicsurvey/trc/3/json?tim=13%3A57%3A03.158<i=deflated&data=%7B%22id%22%3A245%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1663857573097%2C%22vi%22%3A1664114223156%2C%22cv%22%3A%2220220922-16-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
via: 1.1 varnish
x-served-by: cache-bma1629-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664114225.648791,VS0,VE192
vary: Accept-Encoding
x-vcl-time-ms: 192
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1265667946__7YOo179N.jpg
151.101.85.44200 OK 32 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1265667946__7YOo179N.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2bf9a6c4f95c6be6bd99d959871d6924
4df2ced3a313bc587c5a11d7f903c2ace67aa9c6
cf522331e04df843a2e4d1e33a8c02473b8059fb39fe622cfcb16f1669691a13
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1265667946__7YOo179N.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 555911585990092449565053449736646102177,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 555911585990092449565053449736646102177,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
etag: "200fd0519165f193d5d358e5c24f500d"
last-modified: Fri, 09 Sep 2022 11:26:54 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 3da1a131bf03889b71162762ce76b996
x-envoy-upstream-service-time: 781
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
age: 1045404
x-served-by: cache-iad-kiad7000050-IAD, cache-iad-kjyo7100110-IAD, cache-sna10747-LGB, cache-iad-kiad7000142-IAD, cache-bma1629-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1664114225.898438,VS0,VE3
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/1265667946__7YOo179N.jpg
x-vcl-time-ms: 3
content-length: 32014
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.36200 OK 31 kB URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.36:0
Hash fa735738ed307fda5d27a84ad8a11ade
9169132262e54c43c280c67e46c48ca143377738
d1f96e51c6f38a7fe7a6e6378e2b20c1d90a533dc95f315849969aed3ec13ac6
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 97210
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65f164d6b52ccb031f05b5771e9f9c18.jpg
151.101.85.44200 OK 33 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65f164d6b52ccb031f05b5771e9f9c18.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8df1a4e87a6bbca74ebffc025dc0f1dc
f007c39c2fe3e91338e70f509fd45fc4608b3539
8ed9ac902361aefa37f3f7519ddbae7d66f071d11912ef3713bde5c506a66117
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65f164d6b52ccb031f05b5771e9f9c18.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 437993598534242782629886861504141631328,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 437993598534242782629886861504141631328,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "c99209a5f7a3562b973f9938f9f29fc6"
last-modified: Tue, 23 Aug 2022 10:02:42 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 97dee27ff01d3b487b66df8816d8319f
x-envoy-upstream-service-time: 741
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
age: 2843071
x-served-by: cache-iad-kcgs7200103-IAD, cache-iad-kiad7000107-IAD, cache-lga21979-LGA, cache-iad-kiad7000151-IAD, cache-bma1629-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1664114225.904779,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/65f164d6b52ccb031f05b5771e9f9c18.jpg
x-vcl-time-ms: 1
content-length: 32696
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/caae91cc665f73dbff047d77e27b78c4.png
151.101.85.44200 OK 24 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/caae91cc665f73dbff047d77e27b78c4.png
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b8c050708142d428748816fbd69806e1
629c34c5f0c3fe433afd2e2eea52d44f6a4ddb35
464602663b40fc699b417c91c861482f369fa84308b432b7aa571d603eb17752
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/caae91cc665f73dbff047d77e27b78c4.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 463296600190594128952414663651669785429,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 463296600190594128952414663651669785429,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "e60dcb184394735d9d01144e2577f793"
last-modified: Wed, 10 Aug 2022 04:39:44 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 8532629528a96ecf76ec5b5677f3eb12
x-envoy-upstream-service-time: 183
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
age: 2537861
x-served-by: cache-iad-kcgs7200051-IAD, cache-iad-kjyo7100166-IAD, cache-chi-klot8100055-CHI, cache-iad-kjyo7100055-IAD, cache-bma1629-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1664114225.904984,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/caae91cc665f73dbff047d77e27b78c4.png
x-vcl-time-ms: 1
content-length: 23932
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88df849da3c32324e2608be835a9d396.png
151.101.85.44200 OK 8.2 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88df849da3c32324e2608be835a9d396.png
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5b7ce263eae52e9a10d24aee9d6df650
4153c4bd2907410a421a033cb4f98c8f3adec6a8
503662e3dcf373c6df20eb78512f0de5797578865c734f3587b6a88dedc6ed18
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88df849da3c32324e2608be835a9d396.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 610972146451104571902967245117703670981,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 610972146451104571902967245117703670981,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "66eff57cbcd874e26520af1cf733b790"
expiration: expiry-date="Wed, 31 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Sun, 31 Jul 2022 16:36:52 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 138
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
age: 4432499
x-served-by: cache-iad-kiad7000084-IAD, cache-iad-kiad7000078-IAD, cache-lga21956-LGA, cache-iad-kcgs7200051-IAD, cache-bma1629-BMA
x-cache: HIT, MISS, HIT, HIT, HIT
x-cache-hits: 1, 0, 1, 1, 1
x-timer: S1664114225.905525,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/88df849da3c32324e2608be835a9d396.png
x-vcl-time-ms: 1
content-length: 8160
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=hnNWg180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlNZ3g5ZlBYRkphd01qblNPNTlhTkYlMkZlU2ZjR0NTeTNCTUNTMXVkNnE5RA&idsd=-540128211,-1731235992&cw=1&rtusCallerId=72&lsw=1
178.250.2.146200 OK 20 kB URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=hnNWg180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlNZ3g5ZlBYRkphd01qblNPNTlhTkYlMkZlU2ZjR0NTeTNCTUNTMXVkNnE5RA&idsd=-540128211,-1731235992&cw=1&rtusCallerId=72&lsw=1
IP 178.250.2.146:0
Hash 46020421632b2d76babaabccab2ce9c0
1908612b65d6621deecc3a4e8df0fe2e45c5fd4c
17fa8111ae961335436dae281f10db81ffe5c00b0113172abbd85810ff71e51b
GET /sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=hnNWg180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlNZ3g5ZlBYRkphd01qblNPNTlhTkYlMkZlU2ZjR0NTeTNCTUNTMXVkNnE5RA&idsd=-540128211,-1731235992&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:04 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1206445
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/bb85af70c78e55637d8509c56353cd74.jpg
151.101.85.44200 OK 31 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/bb85af70c78e55637d8509c56353cd74.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 854ed56a45b16d31e3552e78da2e1e1f
4dc6cd2cf9154d38bf81723dea9a2d5bd545101b
e2b6971b9a042a92f837e542550e43e9c2a69052a3755f0aecb438ed99820470
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/bb85af70c78e55637d8509c56353cd74.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 313198434263196175663509327644304820424,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 313198434263196175663509327644304820424,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "34b273634e9e76d304dcb6cfc724bcc0"
expiration: expiry-date="Mon, 08 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Fri, 08 Jul 2022 15:51:33 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 294
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
age: 4486089
x-served-by: cache-iad-kiad7000086-IAD, cache-iad-kcgs7200101-IAD, cache-bur-kbur8200077-BUR, cache-iad-kjyo7100118-IAD, cache-bma1629-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1664114225.905336,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/bb85af70c78e55637d8509c56353cd74.jpg
x-vcl-time-ms: 1
content-length: 31292
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c98d021d67b7e64fe29e539f62f002ad.jpg
151.101.85.44200 OK 12 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c98d021d67b7e64fe29e539f62f002ad.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 189813deabb4f64c6bc04c0b62e1c933
a76017ac1e8ae71ab1e8be0a4ee6cf3f1bb37d2d
6e5c60b574a8a00ea2d62b7ff3101666739e7fc1616987fa5dbc9ad5d742ba21
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c98d021d67b7e64fe29e539f62f002ad.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 519282699665171940151662702649447449168,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 519282699665171940151662702649447449168,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "3de7781253b1e79c9358ce1da9850f63"
expiration: expiry-date="Sat, 27 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 27 Jul 2022 19:29:28 GMT
req-referer: https://weather.com/
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 153
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
age: 4036041
x-served-by: cache-iad-kcgs7200073-IAD, cache-iad-kcgs7200073-IAD, cache-lga21921-LGA, cache-iad-kjyo7100106-IAD, cache-bma1629-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 1, 1, 1, 1
x-timer: S1664114225.939735,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/c98d021d67b7e64fe29e539f62f002ad.jpg
x-vcl-time-ms: 1
content-length: 12422
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg
151.101.85.44200 OK 14 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f0cf8ccb1e0fb9283ce7396fbc9df473
6a0db802ba76d5747195a0bd5f2e81434887cbf9
11601d2132e5c5f7570069b2cc0187f1da0a25dd7f49286c8eec72ca766f0172
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 492138907706621124196904210773979421999,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 492138907706621124196904210773979421999,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "1df2e7025946fcc1ff955c11b9c181a6"
expiration: expiry-date="Sat, 20 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 20 Jul 2022 12:43:41 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 103
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:04 GMT
age: 3954532
x-served-by: cache-iad-kcgs7200156-IAD, cache-iad-kiad7000159-IAD, cache-bur-kbur8200068-BUR, cache-iad-kjyo7100171-IAD, cache-bma1629-BMA
x-cache: MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 1, 1, 1, 2
x-timer: S1664114225.940940,VS0,VE0
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/d521105845c173fb953e64d199e33154.jpg
x-vcl-time-ms: 0
content-length: 14318
X-Firefox-Spdy: h2
dollarsurvey.site/js/taboola.js
104.26.2.231200 OK 806 B URL HTTP/2 dollarsurvey.site/js/taboola.js
IP 104.26.2.231:0
File type ASCII text, with very long lines (1167), with no line terminators
Hash 06327ea41ee836d575c4c4f8f355ad38
213bee5e7ae9c1025e6fb6a0f0d6d441e1c66c3e
23294c45dd17afc8fd61f5e5f34b4a322e775af8330cdcec10be19e95e27e528
GET /js/taboola.js HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 08:10:43 GMT
vary: Accept-Encoding
etag: W/"632d6a03-48f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5487
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jFlajbjb91aXspS85k9Y%2BLkiUy%2FMlPuyrV26bjObsRtou8RerqTcFDLgbOyfSX9zkhoMvdae8xYpCmvZiM0rHNX0wgFawYtCQUzA5BAZx2IfBaDXxQd6u5lJAt8SSFNdQuSW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750444481ef10af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
178.250.2.150200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1
IP 178.250.2.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.72.Events.StartInit~1&entry=c~Idfs.Rtus.72.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.72.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.72.Headers.Bundle~1&entry=c~Idfs.Rtus.72.Events.InitiateFetch~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:05 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9540
Expires: Sun, 25 Sep 2022 16:36:05 GMT
Date: Sun, 25 Sep 2022 13:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9540
Expires: Sun, 25 Sep 2022 16:36:05 GMT
Date: Sun, 25 Sep 2022 13:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9540
Expires: Sun, 25 Sep 2022 16:36:05 GMT
Date: Sun, 25 Sep 2022 13:57:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9540
Expires: Sun, 25 Sep 2022 16:36:05 GMT
Date: Sun, 25 Sep 2022 13:57:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714af732a9aa1db2b13ffb62810fd532
358e74de395352a9529ff1c17856daf8900888c5
1d2035cfcd283560ebe8494f9438e52f8d96cd092dd41cb0eb899a3f905c1e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6199
x-amzn-requestid: d26f22d9-4e9b-4764-8c96-2e1c7ce36340
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--OKHowoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7727-7adb7c4925e6e50e13889544;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3_xkH-s3Fzz3CRHux4j3hergFHWBmOFF9vMBCoN1rJrjrCkeSEp0qQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:16 GMT
age: 57349
etag: "358e74de395352a9529ff1c17856daf8900888c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6307cf78-7c68-41f1-9dfd-ba063eeb3f4b.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6307cf78-7c68-41f1-9dfd-ba063eeb3f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7bd3afd3069904500c28e9bb16587e8
a881666627e1077859ed1941cee576caf600d798
78a7b0a2127c583aba569abace503cff376cde67d5faa9a346c1494d91e8f3cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6307cf78-7c68-41f1-9dfd-ba063eeb3f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5172
x-amzn-requestid: d366d3e0-71d7-404c-a93b-3267852824ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_T5F5PoAMFqWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f78e5-52362b5f0dc1ee8951eebc07;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: E5AjrYJrZjEREIaYV21riZZIvhquVUTRRwArp-UNXAEKlwHUL1CtIw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:23 GMT
age: 57522
etag: "a881666627e1077859ed1941cee576caf600d798"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 58773
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dfdacc8edea3c24dad020d7e9c11b3f4
2b6e37596e88b62f288dc8e8c937fd904fae28d5
338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
age: 58799
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b8b1112-7394-4d92-9fc1-54f8e005817f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b8b1112-7394-4d92-9fc1-54f8e005817f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 716068d10c9e3a16d3a8e727992f71ec
f18edf7b5080b39e00bde335c16ca0f771428e8e
5991be1a009df210adc123f9f8081f669368a3a1891305717fc40ead172917a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b8b1112-7394-4d92-9fc1-54f8e005817f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10845
x-amzn-requestid: b819b750-c0b1-46b1-9e6c-010912fa87b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EzFpWoAMFxdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7884-3671ba9f0fc6b3e52e25f8a7;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L6IiWD_BO-6-lBIZ-DGLVNr19LxOcEYX402OmOgqNRsbzbpfZWuhgw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:23 GMT
age: 57522
etag: "f18edf7b5080b39e00bde335c16ca0f771428e8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/video/v1661248922/lggnjndqagi1dw3sb7xm.mp4
151.101.85.44206 Partial Content 108 kB URL HTTP/2 cdn.taboola.com/libtrc/static/video/v1661248922/lggnjndqagi1dw3sb7xm.mp4
IP 151.101.85.44:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 108 kB (107616 bytes)
Hash 69de92946660a850bdf43c3a68c25256
7d1cd9243b40fd8330dacbeba20e6b30e733555e
ba27d8247a2279ef18f4044876f46fcf4f56e57d69169374265fba069c782940
GET /libtrc/static/video/v1661248922/lggnjndqagi1dw3sb7xm.mp4 HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
x-amz-id-2: jx7fYd7RIfR7wq125wJDUfd7Qk8XBcUJG/lbVP1GROIT9tScpfn9/zwjKXvU5Mj88Z8E7Mz2FGM=
x-amz-request-id: CY7YT15SE1T8J0ZZ
x-amz-replication-status: COMPLETED
last-modified: Tue, 23 Aug 2022 10:02:07 GMT
etag: "cb5aeb40b15295396e9e888c69d3f4da"
x-amz-version-id: fb6Ec1hOSvczcV_O_5ctwUAFdW1CQaa5
content-type: video/mp4;codecs=avc1
server: AmazonS3
accept-ranges: bytes
age: 3
content-range: bytes 0-177061/177062
date: Sun, 25 Sep 2022 13:57:04 GMT
via: 1.1 varnish
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1664114225.939371,VS0,VE1
cache-control: private,max-age=31536000
abp: 70
content-length: 177062
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
151.101.85.44200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP 151.101.85.44:0
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:05 GMT
via: 1.1 varnish
age: 23188
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 1979
x-timer: S1664114226.929681,VS0,VE0
cache-control: private,max-age=31536000
abp: 70
content-length: 254
X-Firefox-Spdy: h2
trc.taboola.com/socionicsurvey/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=1
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/socionicsurvey/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=1
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /socionicsurvey/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=1 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5601
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1629-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664114226.896787,VS0,VE85
x-vcl-time-ms: 85
X-Firefox-Spdy: h2
trc.taboola.com/socionicsurvey/log/3/visible?route=AM%3AIL%3AV<i=deflated
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/socionicsurvey/log/3/visible?route=AM%3AIL%3AV<i=deflated
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /socionicsurvey/log/3/visible?route=AM%3AIL%3AV<i=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 8088
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1629-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664114226.902018,VS0,VE87
x-vcl-time-ms: 87
X-Firefox-Spdy: h2
cdn.taboola.com/scripts/cds-pips.js
151.101.85.44200 OK 923 B URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (2312), with no line terminators
Hash 26cdd3fcc80c31abb5e56a5be502737e
a6a67fd2591deaa331e11376972b2dd06616242a
ac58c61fa356670a0b14838061e474db061cc73d27cd8495d6a80499e1ec340e
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: w6fgNIMZM2fENM2mjLHAxJhEvZ7OhJ+orh5+d/mAuz+tqM7fgRp+7Y73K8+rKM3qB+G/FeTtVqo=
x-amz-request-id: 158FK1E03H5TYFXQ
x-amz-replication-status: COMPLETED
last-modified: Thu, 15 Sep 2022 14:11:45 GMT
etag: "8cbcf8a5c724c32aa9be09d14a4c624d"
x-amz-version-id: NrP0zRqJgdqCAFOGjLJOgaX1BFZQx8TJ
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:06 GMT
via: 1.1 varnish
age: 3294
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 2958
x-timer: S1664114227.861836,VS0,VE0
vary: Accept-Encoding
abp: 70
cache-control: private, max-age=3600
content-length: 923
X-Firefox-Spdy: h2
pips.taboola.com/
151.101.85.44200 OK 4 B IP 151.101.85.44:0
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://dollarsurvey.site
accept-ranges: bytes
date: Sun, 25 Sep 2022 13:57:06 GMT
via: 1.1 varnish
x-served-by: cache-bma1683-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
cds.taboola.com/?uid=8bce1f63-4fa5-4274-9492-b7baaf27b6bf-tucta29e3b0
141.226.224.32204 No Content 0 B URL HTTP/2 cds.taboola.com/?uid=8bce1f63-4fa5-4274-9492-b7baaf27b6bf-tucta29e3b0
IP 141.226.224.32:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?uid=8bce1f63-4fa5-4274-9492-b7baaf27b6bf-tucta29e3b0 HTTP/1.1
Host: cds.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 25 Sep 2022 13:57:07 GMT
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
dollarsurvey.site/css/survey.css?v=1
104.26.2.231200 OK 0 B URL HTTP/2 dollarsurvey.site/css/survey.css?v=1
IP 104.26.2.231:0
GET /css/survey.css?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: text/css
last-modified: Fri, 23 Sep 2022 08:10:44 GMT
vary: Accept-Encoding
etag: W/"632d6a04-4d7b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0cO2tEyHcnAlqg%2B9Y1bLF382G%2Bm%2FJXnisNiphHOD%2FjJUMiOEQ%2BNk52TIGVJtx6Bz%2B4ijfIhkfBiv5GEV%2FxTniyNtx4wNEzvy2z4aldDdzRJqQpy7sWnu412f%2BQ7u5STyiWu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750444481ee70af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/js/dict/cookie-consent-1.json?v=1
104.26.2.231200 OK 0 B URL HTTP/2 dollarsurvey.site/js/dict/cookie-consent-1.json?v=1
IP 104.26.2.231:0
GET /js/dict/cookie-consent-1.json?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/json
last-modified: Fri, 23 Sep 2022 08:10:43 GMT
vary: Accept-Encoding
etag: W/"632d6a03-168d"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2L7Efy0JpVlUIYiocer0bUptPjoIGdDSGouxRlVFz41jYBU2JPNKNx%2BDD4W0IcbB7nx5GZMcX%2FeMVIjTTJ0v%2BFtFbx%2BS2gHfcJ7dDLDJI06IaOnR05n0E62hEV7Ma4w3nUK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7504444a49db0af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A139%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135702%3Aet%3A1664114223%3Ac%3A1%3Arn%3A108685106%3Arqn%3A1%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C35%2C1%2C%2C0%2C%2C72%2C3%2C%2C%2C%2C195%3Ans%3A1664114221992%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A139%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135702%3Aet%3A1664114223%3Ac%3A1%3Arn%3A108685106%3Arqn%3A1%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C35%2C1%2C%2C0%2C%2C72%2C3%2C%2C%2C%2C195%3Ans%3A1664114221992%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A139%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135702%3Aet%3A1664114223%3Ac%3A1%3Arn%3A108685106%3Arqn%3A1%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C35%2C1%2C%2C0%2C%2C72%2C3%2C%2C%2C%2C195%3Ans%3A1664114221992%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A139%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A723599380004%3Ahid%3A641600747%3Az%3A0%3Ai%3A20220925135702%3Aet%3A1664114223%3Ac%3A1%3Arn%3A108685106%3Arqn%3A1%3Au%3A1664114223366715885%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C35%2C1%2C%2C0%2C%2C72%2C3%2C%2C%2C%2C195%3Ans%3A1664114221992%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664114223%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 25 Sep 2022 13:57:04 GMT
access-control-allow-origin: https://dollarsurvey.site
set-cookie: yandexuid=437378571664114224; Expires=Mon, 25-Sep-2023 13:57:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=437378571664114224; Expires=Mon, 25-Sep-2023 13:57:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2064274601664114224; Path=/; SameSite=None; Secure
i=q6NXZqSqZ+6cnI1QqdMfPtikecE8r51D3Gnz1dvrrzfCqFgW6ieCCGPeM3TaGYs2iMbYk2YMBx0rAVXU60v05MT/s+c=; Expires=Wed, 22-Sep-2032 13:56:59 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1695650224.yrts.1664114224#1695650224.yrtsi.1664114224; Expires=Mon, 25-Sep-2023 13:57:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 25-Sep-2022 13:57:04 GMT
last-modified: Sun, 25-Sep-2022 13:57:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
dollarsurvey.site/js/config.js?v=4
104.26.2.231200 OK 0 B URL HTTP/2 dollarsurvey.site/js/config.js?v=4
IP 104.26.2.231:0
GET /js/config.js?v=4 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 08:10:42 GMT
vary: Accept-Encoding
etag: W/"632d6a02-10181"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UT4SCVS%2BOQ2Kzq9jmNzHqWQsEKRhvhtlSeSzQsxBAm%2FJ3mQWRG2EccYILh5eWknvFABKtaF%2F0NjuJPzy%2FLks2P0O%2BmODaQf9NiQiU%2Fxfw3olJ1wsSGeB9VolESg7Gu9OLEor"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750444481ee40af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 659036
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
IP 178.250.2.146:0
GET /syncframe?origin=rtus&topUrl=dollarsurvey.site HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=4cbbd19a-fd2c-4d7a-825a-83055f2d6d86; expires=Fri, 20 Oct 2023 13:57:04 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 589656
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dollarsurvey.site/js/survey.js?v=11
104.26.2.231200 OK 0 B URL HTTP/2 dollarsurvey.site/js/survey.js?v=11
IP 104.26.2.231:0
GET /js/survey.js?v=11 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 08:10:43 GMT
vary: Accept-Encoding
etag: W/"632d6a03-4957c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2qRjSGjOhK2xmGWS0KJpP07LdRK5HrszuX%2FfEMptG9jOi4v9hags32rvWG9K6pS7%2BGcgU5ITAXwA6mEJ9L5fLPcEWJidYnIx6Jj3cO7QD19GrCJfiS6Uw3dGdFsiuZhwxCtq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750444481eee0af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/captcha1.html
104.26.2.231200 OK 0 B URL HTTP/2 dollarsurvey.site/captcha1.html
IP 104.26.2.231:0
Analyzer Verdict Alert fortinet Phishing
GET /captcha1.html HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: text/html
last-modified: Fri, 23 Sep 2022 08:10:42 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BHZYHxedlXqOVbsxdfebX54v0L0yE9Qoovq%2FRsZdIhRr3mC5NzC%2FUvnG6PQu%2BPmubGbNZgaoa1AoKBaeD1jjWPp09%2F%2BRGvFMdWeX7PjR8XzcPyBI7wwOuRhPPo8aZUWun90A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 750444472daf0af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/js/data/_global-config-sd.js?v=2
104.26.2.231200 OK 0 B URL HTTP/2 dollarsurvey.site/js/data/_global-config-sd.js?v=2
IP 104.26.2.231:0
GET /js/data/_global-config-sd.js?v=2 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: application/javascript
last-modified: Fri, 23 Sep 2022 08:10:43 GMT
etag: W/"632d6a03-283"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5487
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPvz1qVnVHe0NaXcoz04V7ySq2jaQ8EAJbqP6F0odg9c7xYY%2Fqtmm%2Fam5KWE%2FuRnUTvWI1ku%2FZfzHuqKPrNGwE1Cb%2BA5ram9FvhMhNq%2BzjuJ2bUtR0bcWZSu5%2FDocrKB3syk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 750444481ee00af6-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/favicon.ico
104.26.2.231200 OK 0 B URL HTTP/2 dollarsurvey.site/favicon.ico
IP 104.26.2.231:0
GET /favicon.ico HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 25 Sep 2022 13:57:03 GMT
content-type: image/x-icon
last-modified: Fri, 23 Sep 2022 08:10:44 GMT
etag: W/"632d6a04-47e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4850
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bLSSRO8Bqd7asavjDc1g10nc%2FkpLQvY33IyFPcQSpI4MwDlR4oduq7Iq9nG8ULaqLy5f5kYESE4%2F1yy8GYJGusIjrzcVAo4SydfX9dMR%2Buid%2FtYIoEaDrWZsWPC1w%2BNRZqe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7504444b3b100af6-OSL
content-encoding: br
X-Firefox-Spdy: h2