dollarsurvey.site/captcha1.html
104.26.2.231301 Moved Permanently 0 B URL HTTP/1.1 dollarsurvey.site/captcha1.html
IP 104.26.2.231:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /captcha1.html HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 08:54:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 04 Oct 2022 09:54:09 GMT
Location: https://dollarsurvey.site/captcha1.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmJBrqvFu0keZyqO9I0c8ZOrxP%2Bh38sEwnhi4mtQXmEedtLHCNq1TYrxoqZjs1nxFEcybt88cXMZMe8VhsIVXfHQFm5UTDHPtZUMextNpMNc5RFhOO2Wa6kGEKqW%2B7PPpXFU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754cb0f68f75b4f9-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11193
Expires: Tue, 04 Oct 2022 12:00:42 GMT
Date: Tue, 04 Oct 2022 08:54:09 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 08:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4D9YxO_ZQMyXgkhYNcqoFYvXCLbRcD8hqZsDj3EqN_T8UDUkXN-9Eg==
Age: 425
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8USWW10GZL6wiX4N1jQFipr0SYqSdGKMfU03XH2iMjxEFN6oGSufaQ==
age: 12342
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
dollarsurvey.site/css/survey.css?v=1
172.67.71.163200 OK 15 kB URL HTTP/2 dollarsurvey.site/css/survey.css?v=1
IP 172.67.71.163:0
File type ASCII text, with very long lines (19834)
Hash d9a659c74e7470f3583fe80977968d59
da34f647d3d68a9e59a07d3a9474643f4d4a2056
c1eebd723a361bc4d31cce8d167ba16f9b306e6d2a428920907ff679b41fe2f8
GET /css/survey.css?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/css
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-4d7b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNJ6Xk2aFUyCof5Rh90uvzc349II3sCGrWt7vqMMjkB5pKD44CBLv%2FqTexjIRCN1Jlb03nPlmnep4R1BBYMPEm%2F9D2FeQYdN2QLRw%2BL66HjqfMo0HrFDS7A4KkShKoG3nz8E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc3a0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0a25532c4133886e22a425cacca9c027
41a1b476967aed6ac227717098cd8be3209b45b3
f50b860d2b3b4d59df90ad6b36c84639141ca9dd9530a74e07fd79fd9387f52e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:54:10 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 06:25:20 GMT
Expires: Mon, 10 Oct 2022 06:25:19 GMT
Etag: "41a1b476967aed6ac227717098cd8be3209b45b3"
Cache-Control: max-age=508868,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754cb0fcad20b503-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 66120d5134904a0deda7426dc03af7b1
a3c2f737d39e2d2ad958e33ff32be4202687e631
0acb5ae4dd6a2912c501bd544efa2844b2459bf7fb21d463226c900e94c722aa
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9dc936046b524ceca929bccbd2d6536d; expires=Wed, 04 Oct 2023 08:54:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dollarsurvey.site/js/data/_global-config-sd.js?v=3
172.67.71.163200 OK 669 B URL HTTP/2 dollarsurvey.site/js/data/_global-config-sd.js?v=3
IP 172.67.71.163:0
Hash a33be79ec99367f3e91fb23f4354d3b7
47efbd1e0e95d8ec7146b5bb15500a1dc21dfc95
23192d1b7776a54180be647866e0aff07bd5d91e4cc3b041c8ff1286498f31ea
GET /js/data/_global-config-sd.js?v=3 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
etag: W/"633acffa-28b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxnmQRunZ5eQJ7%2FnDaYXqd0RnfXKo%2FEAUR%2BPKRPjqcr2fxhNg0hyYZO4NfKzCu9nWzV5OualAZwaQZeESonXFFfDgnTwI706qxqDCSe%2BEHHbFP5aFEiojRUNqzSTtNo0QDYb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754cb0f9bc330b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/socionicsurvey/loader.js
151.101.85.44200 OK 21 kB URL HTTP/2 cdn.taboola.com/libtrc/socionicsurvey/loader.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65476)
Hash b82e3b4d97c99a583a188b3aa26642cb
1ce22a44f0a64a4009815ec6824a7fbfea1aed05
e1e8cdbf8bc909de65b29c5905a3bd071874298df69703c7080987968415debf
GET /libtrc/socionicsurvey/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "d65361fa521e102e45a595d7fe8a813df6696c44"
last-modified: Tue, 04 Oct 2022 07:15:55 UTC
x-amz-id-2: L7pwpQI9U/NVYn0tRrR15VmdMrDdaSamkcVHRisieY1lFQO/ZEKX0paauh1zBzr2gfoC2cDbuFc=
x-amz-request-id: N2SEMG422ZN6KZXS
x-amz-version-id: QAzXzgMju9b0o28V5LukILJ5qSd3U50Z
x-from-cache: 1
x-envoy-upstream-service-time: 5
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:10 GMT
via: 1.1 varnish
age: 5536
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1664873651.864663,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding, Accept-Encoding
abp: 30
content-length: 21390
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/impl.20221003-23-RELEASE.js
151.101.85.44200 OK 146 kB URL HTTP/2 cdn.taboola.com/libtrc/impl.20221003-23-RELEASE.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (65508)
Size 146 kB (145618 bytes)
Hash 0b5cc11a8b1228f344f0bb68ce2c0b76
a50b09c15c9d9342dc20f6c832ae1d5fdcbf6cc9
14af68cfb1ba31c78c560f3a55b71f2766210560d72ccc4c5a579a8d55aade2d
GET /libtrc/impl.20221003-23-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: K0AUSbn+fdb2yEUyAKC7opM7shodLQiyyWAiLb7NZTFwoEBd8ak2OpHlGWXiZP/b3mDqBFrt0Xo=
x-amz-request-id: D1F3HER4F2EX39EP
last-modified: Mon, 03 Oct 2022 19:41:38 GMT
etag: "0b5cc11a8b1228f344f0bb68ce2c0b76"
content-encoding: br
x-amz-version-id: A.XFET_2d9kM4WV4VXweOs3gFbcHia3Z
content-type: application/javascript
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:10 GMT
via: 1.1 varnish
age: 18268
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 12070
x-timer: S1664873651.923215,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 97
server: AmazonS3-br
content-length: 145618
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 2a52e610b96389b6dd5852fd6767232a
acb68655212b24f4fd533c082e6351dfa7ae1cea
b6a2e5679f5cf237c37ca20b58fc7b7f6a02db50b5e4b2ad6efc280009274355
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:54:10 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sat, 08 Oct 2022 04:14:25 GMT
ETag: "acb68655212b24f4fd533c082e6351dfa7ae1cea"
Last-Modified: Tue, 04 Oct 2022 04:14:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3573
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754cb0fe599cb51e-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5122
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:10 GMT
Last-Modified: Tue, 04 Oct 2022 07:28:48 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 7a68c8644032413981e4ba5bc0d66c4a
2d46ca8055e8577ae7138140e34a6e633434973c
e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 72341
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: *
etag: "633583ac-11a95"
expires: Tue, 04 Oct 2022 09:54:11 GMT
last-modified: Thu, 29 Sep 2022 14:38:20 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 904a0d87402d9eecfec00481cdb28d62
6b37e41d4321718433996e4c1f4eed2f8f1727fc
e0884556a581a67e0e212887e97ca7f4438ef644fea7a0efd10175902f5e77e5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4148
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:11 GMT
Last-Modified: Tue, 04 Oct 2022 07:45:03 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7KQvS6/DTb8zKSZsdhodaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bH2ASnvuotfuord8NmnK8JN0LcI=
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 400 B URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Hash f8ba39696a5c0911be9ee39b076a1502
02c93405b29533eb1aa8627d5612bd34e8587899
0581f568fb8a27ce6f0f95664da2566739d2aae7d44b1554c2837f006f752b14
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
set-cookie: yandexuid=3682208501664873651; Expires=Wed, 04-Oct-2023 08:54:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3682208501664873651; Expires=Wed, 04-Oct-2023 08:54:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=420726161664873651; Path=/; SameSite=None; Secure
i=hT0xQ/OdnviDiDeuaOjv7NTPiG3dF6S03Q/M6nTUHnA2xfj2J3F/62xQNfxAzeHwq9+lfyfI681DQa/IGhxFPJYkccU=; Expires=Fri, 01-Oct-2032 08:54:10 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696409651.yrts.1664873651#1696409651.yrtsi.1664873651; Expires=Wed, 04-Oct-2023 08:54:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: *
etag: "633583ac-2b"
expires: Tue, 04 Oct 2022 09:54:11 GMT
accept-ranges: bytes
last-modified: Thu, 29 Sep 2022 14:38:20 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A665895257%3Arqn%3A4%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A665895257%3Arqn%3A4%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A665895257%3Arqn%3A4%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A617768287%3Arqn%3A3%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A617768287%3Arqn%3A3%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A617768287%3Arqn%3A3%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A392051300%3Arqn%3A2%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A392051300%3Arqn%3A2%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A392051300%3Arqn%3A2%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
trc.taboola.com/socionicsurvey/trc/3/json?tim=08%3A54%3A11.234<i=deflated&data=%7B%22id%22%3A173%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1664828479901%2C%22vi%22%3A1664873651232%2C%22cv%22%3A%2220221003-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
151.101.85.44200 OK 11 kB URL HTTP/2 trc.taboola.com/socionicsurvey/trc/3/json?tim=08%3A54%3A11.234<i=deflated&data=%7B%22id%22%3A173%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1664828479901%2C%22vi%22%3A1664873651232%2C%22cv%22%3A%2220221003-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP 151.101.85.44:0
File type ASCII text, with very long lines (18924)
Hash 2678d064969969eb9e0201bf82841fe6
e19df958728d043b86a0b399fba3d8110a1b4717
604e2a83dc86b84089dde4e2f89279ee370ef1c2cc074ffbca399bafc19091ce
GET /socionicsurvey/trc/3/json?tim=08%3A54%3A11.234<i=deflated&data=%7B%22id%22%3A173%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1664828479901%2C%22vi%22%3A1664873651232%2C%22cv%22%3A%2220221003-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873652.681549,VS0,VE235
vary: Accept-Encoding
x-vcl-time-ms: 235
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/userx.20221003-23-RELEASE.es6.js
151.101.85.44200 OK 5.4 kB URL HTTP/2 cdn.taboola.com/libtrc/userx.20221003-23-RELEASE.es6.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (17842)
Hash acdae16fe2932657252fce877251ad2f
a32cf1cacb37aa15e8e4bb0daced8aa17778c1e6
d2318a36c86a1ffd751e4668de220b379de9c2bc45d15a30d2169a6dc4753be9
GET /libtrc/userx.20221003-23-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 74Oyd+YzaF0KzSJI5TwkiBMuw8VLv9X/+7Eq7er8yGHx/jTe5WiojOY5eOYmdLvqsvl1p6e9DEM=
x-amz-request-id: Y8K4EZ24TMJR8EY8
x-amz-replication-status: COMPLETED
last-modified: Mon, 03 Oct 2022 20:10:39 GMT
etag: "7183e64b9ee17201f50d997800bd537d"
x-amz-version-id: a0U9IweTK7Sd_KH5FMrKJF5ImQLd_3CT
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
via: 1.1 varnish
age: 72
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 12
x-timer: S1664873652.018978,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 97
content-length: 5399
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg
151.101.85.44200 OK 30 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash f46d522b4f8651c567d5cd840dc9118f
9faf8658ae02bb010dde46e5ddc597b44601dbf6
cefc85b3a8795af5f67c319cd903cbe7a7927f1998c2c8535d722c7532d9540b
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 353731689933732867918532423341708278778,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 353731689933732867918532423341708278778,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "5714076aa615214c5ded5af150bd53d7"
expiration: expiry-date="Sat, 03 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 03 Aug 2022 14:13:25 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 222
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 4246570
x-served-by: cache-iad-kjyo7100118-IAD, cache-iad-kcgs7200176-IAD, cache-lga21932-LGA, cache-iad-kjyo7100101-IAD, cache-bma1624-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 2, 1
x-timer: S1664873652.045337,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg
x-vcl-time-ms: 1
content-length: 30148
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg
151.101.85.44200 OK 24 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c6b9a07f712b8e42f3b1490937ce683a
4d033c539617b21626f78e2028e67cfce4dd9e79
6be913c9513bbed66c5c457726e3ad2569014de5a17c9f7c0967967bfe073667
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 595260562278860826721960044480358324270,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 595260562278860826721960044480358324270,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
etag: "913240a374db67dfa42ece5ffd824aba"
expiration: expiry-date="Fri, 26 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 26 Jul 2022 14:11:12 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 442
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 3705103
x-served-by: cache-iad-kiad7000081-IAD, cache-iad-kjyo7100087-IAD, cache-lga21928-LGA, cache-iad-kcgs7200069-IAD, cache-bma1624-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 1, 1
x-timer: S1664873652.045488,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg
x-vcl-time-ms: 1
content-length: 23972
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png
151.101.85.44200 OK 31 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a98af7b5490e32d3b26f95aa96da5317
b86f99b51df55ff72557d1aa76bde7e9c19e3dd0
50f1405dd4b5dc84c9dd966b8b6c76084e70bcaac76e0c4d3151ccab21e7e0d8
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 505357209565147916781037331362602449736,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 505357209565147916781037331362602449736,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "282cd69788ab3f951d3140d064dbecda"
last-modified: Mon, 01 Aug 2022 01:03:43 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: bdecf1ee8168d11fd098f0eefba2bba8
x-envoy-upstream-service-time: 113
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 4061429
x-served-by: cache-iad-kjyo7100125-IAD, cache-iad-kcgs7200066-IAD, cache-sna10725-LGB, cache-iad-kjyo7100160-IAD, cache-bma1624-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 1, 1
x-timer: S1664873652.045358,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png
x-vcl-time-ms: 2
content-length: 30810
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg
151.101.85.44200 OK 24 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash c6591f478b0c784e34f37424b444cb98
91a642ba9e655c6ed44992d4fcd090b39e705a9a
c6f66e0209b76477f5b39ee08bf58f47b7cc9662d6199f3b1eb8e83107b8daa7
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 365624821007675099561087980638275804902,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 365624821007675099561087980638275804902,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "3f4f5a8d22193737c642b3f7e46c63e4"
expiration: expiry-date="Fri, 16 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 16 Aug 2022 06:18:54 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 155
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 2297032
x-served-by: cache-iad-kcgs7200076-IAD, cache-iad-kjyo7100126-IAD, cache-bur-kbur8200087-BUR, cache-iad-kcgs7200103-IAD, cache-bma1624-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1664873652.131570,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg
x-vcl-time-ms: 1
content-length: 23988
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg
151.101.85.44200 OK 32 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 8d977c117f0720f82418788a2c096377
9a548edf739243d496728a5d01d64dcadac28d26
057732d31e4b89203a3e048fadf0040ed2536ac2079feecdd5d5a87d53364bd7
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 554978713124100936179217900433612326464,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 554978713124100936179217900433612326464,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "a610f0cf2d8043b2ed59d0a040f2f215"
last-modified: Tue, 30 Aug 2022 10:52:20 GMT
req-referer: https://technology.inquirer.net/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: ea8aa2ca53e502db6091107aed79ba45
x-envoy-upstream-service-time: 246
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 1744649
x-served-by: cache-iad-kcgs7200118-IAD, cache-iad-kcgs7200057-IAD, cache-bur-kbur8200101-BUR, cache-iad-kcgs7200149-IAD, cache-bma1624-BMA
x-cache: HIT, HIT, HIT, HIT, HIT
x-cache-hits: 1, 1, 1, 1, 1
x-timer: S1664873652.137337,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg
x-vcl-time-ms: 2
content-length: 31602
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg
151.101.85.44200 OK 36 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 786ff2b86b7235ba55a726436715dae4
2b56f864705f0c0817e5afea7658d35ab3fa0cf1
8e921f193fac3bbe7398ed90de742dda83b714332d07b310e34ff125806c5d93
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 336213556022377362283590561039274049214,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 336213556022377362283590561039274049214,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
etag: "824a7c0fb3089ec954f7e68e6f4e0bff"
expiration: expiry-date="Thu, 29 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 29 Aug 2022 16:09:40 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 125
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 1774619
x-served-by: cache-iad-kjyo7100056-IAD, cache-iad-kcgs7200150-IAD, cache-chi-klot8100031-CHI, cache-iad-kcgs7200021-IAD, cache-bma1624-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1664873652.138233,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg
x-vcl-time-ms: 1
content-length: 35954
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png
151.101.85.44200 OK 16 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 6264aae2a1e00efd09584de42ac877fc
13f2d4516db5c88b89baaa4e549e5cd14581d882
4d4b644a295a5c90df79f305b6ce5609e2b03d7533e35f6ccff4c41b90aaa392
GET /taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 397904652904529804999342732080284249541,612558585418111780582903095364650663529,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 397904652904529804999342732080284249541,612558585418111780582903095364650663529,29ecf9b93bbf306179626feeda1fab70
etag: "1767dbb367a50c903999accedd0082f5"
last-modified: Tue, 16 Aug 2022 15:15:50 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: a065afa9f4b5d1472e31128ea805a982
x-envoy-upstream-service-time: 2949
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 1875300
x-served-by: cache-iad-kjyo7100154-IAD, cache-iad-kcgs7200071-IAD, cache-chi-kigq8000032-CHI, cache-iad-kjyo7100041-IAD, cache-bma1624-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1664873652.138599,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png
x-vcl-time-ms: 1
content-length: 16266
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg
151.101.85.44200 OK 24 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9c62383b00d20d8baa2a60b5e16af13d
3586299f74bcfc8f3a35b37dcb5b11e290658fd3
27d0b0ad534db2a78d0aebd4cb8adf6ae0ac44ed647d0037d744e19c2c0336ff
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 398954946340191402030755089796314689703,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 398954946340191402030755089796314689703,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "578fcf1aa0e82d269450626bed14a905"
expiration: expiry-date="Thu, 01 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 01 Aug 2022 15:50:23 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 241
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 3442993
x-served-by: cache-iad-kiad7000125-IAD, cache-iad-kiad7000103-IAD, cache-bur-kbur8200071-BUR, cache-iad-kjyo7100050-IAD, cache-bma1624-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 1, 1
x-timer: S1664873652.141221,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg
x-vcl-time-ms: 1
content-length: 24182
X-Firefox-Spdy: h2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A10.727&type=usage&msg=rtus&llvl=2&id=670&cv=20221003-23-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A10.727&type=usage&msg=rtus&llvl=2&id=670&cv=20221003-23-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socionicsurvey/log/2/debug?tim=08%3A54%3A10.727&type=usage&msg=rtus&llvl=2&id=670&cv=20221003-23-RELEASE<=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:12 GMT
x-fastly-to-nlb-rtt: 21227
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=6190&cv=20221003-23-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=6190&cv=20221003-23-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=6190&cv=20221003-23-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:12 GMT
x-fastly-to-nlb-rtt: 21227
access-control-allow-credentials: true
X-Firefox-Spdy: h2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=2369&cv=20221003-23-RELEASE<=deflated&pct=1
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=2369&cv=20221003-23-RELEASE<=deflated&pct=1
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=2369&cv=20221003-23-RELEASE<=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:12 GMT
x-fastly-to-nlb-rtt: 21227
access-control-allow-credentials: true
X-Firefox-Spdy: h2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg
151.101.85.44200 OK 14 kB URL HTTP/2 images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg
IP 151.101.85.44:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 889bb9240883413b69cd91f848149041
0c0e5874abd662ace7ad9dae2f2edd8b4d3aa832
a46b116cc9b481a3e3239818ff44f004ae9a3d51d9cf568d7b4cc76cb271212f
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 382388442081793375627107603736449493769,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 382388442081793375627107603736449493769,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "ae76fed43ef41e2a9ca3d179390b0e44"
expiration: expiry-date="Fri, 09 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 09 Aug 2022 09:22:02 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 132
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 4034557
x-served-by: cache-iad-kiad7000022-IAD, cache-iad-kiad7000061-IAD, cache-chi-klot8100115-CHI, cache-iad-kcgs7200038-IAD, cache-bma1624-BMA
x-cache: HIT, MISS, MISS, HIT, MISS
x-cache-hits: 1, 0, 0, 1, 0
x-timer: S1664873652.138471,VS0,VE102
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg
x-vcl-time-ms: 102
content-length: 13874
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 4e5b1c18b41c244135794b09f34ef8c0
954b38d1eca6896a15c88cae2ebd5b791d32cc91
459d21039ffbad3ea5274c2d0df28e4b684bcbc6c306b0ae7d977aa782b8dffe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3583
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:12 GMT
Last-Modified: Tue, 04 Oct 2022 07:54:29 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=rqxN1V80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk15endUY0FJMk9GMEVGQVhyT0JOcGk; expires=Sun, 29 Oct 2023 08:54:12 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 274579
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive
dnacdn.net/dna
178.250.0.157200 OK 632 B IP 178.250.0.157:0
Hash 3ad67097b0491e7472eaeaffb2a84993
f56d4058780cc49b108d37d13fc4349847022d4c
0611c188f7ef32a9c1074b8ebb68c2a9fd1c7d292481b1a222e0764622108355
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=rqxN1V80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk15endUY0FJMk9GMEVGQVhyT0JOcGk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw; expires=Sun, 29 Oct 2023 08:54:12 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 397608
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 39446
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 37493
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59c6121e6f6cb833939e12585aca131e
5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df
88b8a458ad437bf40d154b21d844ba56530ae05c2f42b417cfb0e6cffcb294e5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 35cc0acc-ac90-4f36-a976-c61c34cfe4fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqNXG3mIAMFujg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5722-112061742493dd5255c3fb00;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VeeA3FQIKbAt5xmPr99k9gQjGbbwrRLM1lFYWaVIO3TCVM19GUKJaA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 39431
etag: "5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dollarsurvey.site/js/survey.js?v=13
172.67.71.163200 OK 102 kB URL HTTP/2 dollarsurvey.site/js/survey.js?v=13
IP 172.67.71.163:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 102 kB (102048 bytes)
Hash b5716a2f44fcd886687c81477878ffbc
e3a6bd2d3f2ea863c57ef03cdc35fe5e29afa563
1f3019e5bf5e07b7f8a5253ac9e80ee68a284ebf73c1df168e6d1a2c03f3f5ae
GET /js/survey.js?v=13 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-4a180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncV17H616yFjY%2FijEUMykMB6kLp8kz%2FzjZoGOVQ%2Bwpy0wwBAcbxEV94ULBWkPBFu6Uv8OAZsAwY8qkQyQTfq7Mpyn1DwW86VXvIT1RqfO6049GqQCcHOZt1yKBESuHvujfZM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9cc480b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/js/taboola.js
172.67.71.163200 OK 6.8 kB URL HTTP/2 dollarsurvey.site/js/taboola.js
IP 172.67.71.163:0
File type ASCII text, with very long lines (1167), with no line terminators
Hash 85e9c1c05cfc18f2d7a7d958a8fb9d16
ee5e85e8e28567cf90345cf122eb8b0c32e4a76f
eec6de908684e113c494b607bac67a30f8bf068632b962790de6fcdc8b53c98d
GET /js/taboola.js HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-48f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eb3FVMjjfTgcdhOsnnCO3tej6aYQadV%2BCVMmdxHQ68DY3X1JelEmjygcMNh7wRM59bhkOydpABTGxC3OuCGVTi2tF3EvQC%2B9VW5RSBEemi0tNjx5lsN2mueLgpUs7p%2FHp8lg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9cc4a0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash e433fcb50acece9e71308bea3cae2176
2c0f6555dac211dede365146a74683d1e9dfd861
f857ceb2aa56ca52b06507625e2e52a4b27ff34f21fdd32a20048e9abf9a66b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2260
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:12 GMT
Last-Modified: Tue, 04 Oct 2022 08:16:32 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 39498
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash e433fcb50acece9e71308bea3cae2176
2c0f6555dac211dede365146a74683d1e9dfd861
f857ceb2aa56ca52b06507625e2e52a4b27ff34f21fdd32a20048e9abf9a66b6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2260
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:12 GMT
Last-Modified: Tue, 04 Oct 2022 08:16:32 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://dollarsurvey.site
server-processing-duration-in-ticks: 368554
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
trc.taboola.com/socionicsurvey/log/3/explore?route=AM:IL:V<i=deflated&ri=e8380e8bb0838b7f34c8d5713c6149ce&sd=v2_ee4dcbe383319507d005ca4a8eb6403c_6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33_1664873651_1664873651_CNawjgYQrbZYGKC4z5G6MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33&pi=/captcha1.html&wi=2979729064176134672&pt=text&vi=1664873651232&li=rbox-t2m<=deflated&tim=08%3A54%3A12.357&id=2174&llvl=2&cv=20221003-23-RELEASE&
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/socionicsurvey/log/3/explore?route=AM:IL:V<i=deflated&ri=e8380e8bb0838b7f34c8d5713c6149ce&sd=v2_ee4dcbe383319507d005ca4a8eb6403c_6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33_1664873651_1664873651_CNawjgYQrbZYGKC4z5G6MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33&pi=/captcha1.html&wi=2979729064176134672&pt=text&vi=1664873651232&li=rbox-t2m<=deflated&tim=08%3A54%3A12.357&id=2174&llvl=2&cv=20221003-23-RELEASE&
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socionicsurvey/log/3/explore?route=AM:IL:V<i=deflated&ri=e8380e8bb0838b7f34c8d5713c6149ce&sd=v2_ee4dcbe383319507d005ca4a8eb6403c_6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33_1664873651_1664873651_CNawjgYQrbZYGKC4z5G6MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33&pi=/captcha1.html&wi=2979729064176134672&pt=text&vi=1664873651232&li=rbox-t2m<=deflated&tim=08%3A54%3A12.357&id=2174&llvl=2&cv=20221003-23-RELEASE& HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873653.785486,VS0,VE83
x-vcl-time-ms: 83
X-Firefox-Spdy: h2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
151.101.85.44200 OK 254 B URL HTTP/2 cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP 151.101.85.44:0
File type PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Hash dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
age: 4998
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 775
x-timer: S1664873653.054370,VS0,VE0
cache-control: private,max-age=31536000
abp: 97
content-length: 254
X-Firefox-Spdy: h2
trc.taboola.com/socionicsurvey/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=1
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/socionicsurvey/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=1
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /socionicsurvey/log/3/bulk?route=AM%3AIL%3AV<i=deflated&bulkSize=1 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5651
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873653.040604,VS0,VE86
x-vcl-time-ms: 86
X-Firefox-Spdy: h2
trc.taboola.com/socionicsurvey/log/3/visible?route=AM%3AIL%3AV<i=deflated
151.101.85.44204 No Content 0 B URL HTTP/2 trc.taboola.com/socionicsurvey/log/3/visible?route=AM%3AIL%3AV<i=deflated
IP 151.101.85.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /socionicsurvey/log/3/visible?route=AM%3AIL%3AV<i=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 8095
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873653.079380,VS0,VE83
x-vcl-time-ms: 83
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash b43e3e9cdad5efad05577946fe4b3f06
c1d7dd2fcc933aeb0ee32c520cc252667f5eb6c2
ee93a7579b92a4eff610e9ff201c8afe63e04e2aadebabb10a2ddb1dbe2b9518
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3374
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:13 GMT
Last-Modified: Tue, 04 Oct 2022 07:57:59 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 312
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 8.8 kB URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
Hash ba08148514c5fe621e08c47feb3e64e3
7ac60fa210eadf7b6357feba48d85d2b23415b4f
25c93465db75b372eac58429093c1dfe8388f9c804d8e9a8d6b9c614e1e957a3
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-crto-bundle: qZyXiF9pJTJCVGNHRkswdnRSa1RNOG9YWmlSVSUyRlZHYXlvVXdqRUtjdVBsTDFiam5OJTJCTnFRd1FVNjQ1TldzMXFCZVdlaDE3aDluN1puVUdzdk9sS0dIbGtTJTJCcmZEOTJlR1lEUXRDd3JQbyUyRmtyWDZzZ1NmMnRsWGtGRndrcm5VZ1BFbG14ZHFyM0d0S0xkcWdORGV4aFp2eVVScERnJTNEJTNE
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://dollarsurvey.site
server-processing-duration-in-ticks: 1463946
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
cdn.taboola.com/scripts/cds-pips.js
151.101.85.44200 OK 923 B URL HTTP/2 cdn.taboola.com/scripts/cds-pips.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (2312), with no line terminators
Hash 26cdd3fcc80c31abb5e56a5be502737e
a6a67fd2591deaa331e11376972b2dd06616242a
ac58c61fa356670a0b14838061e474db061cc73d27cd8495d6a80499e1ec340e
GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: w6fgNIMZM2fENM2mjLHAxJhEvZ7OhJ+orh5+d/mAuz+tqM7fgRp+7Y73K8+rKM3qB+G/FeTtVqo=
x-amz-request-id: 158FK1E03H5TYFXQ
x-amz-replication-status: COMPLETED
last-modified: Thu, 15 Sep 2022 14:11:45 GMT
etag: "8cbcf8a5c724c32aa9be09d14a4c624d"
x-amz-version-id: NrP0zRqJgdqCAFOGjLJOgaX1BFZQx8TJ
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
age: 3077
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 3370
x-timer: S1664873654.991182,VS0,VE0
vary: Accept-Encoding
abp: 97
cache-control: private, max-age=3600
content-length: 923
X-Firefox-Spdy: h2
pips.taboola.com/
151.101.85.44200 OK 4 B IP 151.101.85.44:0
File type ASCII text, with no line terminators
Hash 6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921
GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://dollarsurvey.site
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:14 GMT
via: 1.1 varnish
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2
cds.taboola.com/?uid=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33
141.226.224.32204 No Content 0 B URL HTTP/2 cds.taboola.com/?uid=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33
IP 141.226.224.32:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?uid=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33 HTTP/1.1
Host: cds.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:14 GMT
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.122200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.122:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 100259
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP 178.250.2.146:0
GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 579299
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dollarsurvey.site/js/config.js?v=7
172.67.71.163200 OK 0 B URL HTTP/2 dollarsurvey.site/js/config.js?v=7
IP 172.67.71.163:0
GET /js/config.js?v=7 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-1085d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7l5tsJG%2F61egaby0YCzJjBluPe41KNqG2%2F6rE3C%2FcTjlruygKJELiYZjRs7cVQiX%2BPqEVoOW3qE4lWlXYvaSmvc8slxDfg5xYleD0%2BFpo7QrjxuJ4EoktaDav3EO2GMaZm6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc380b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw&idsd=30310835,1546669770&cw=1&rtusCallerId=72&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw&idsd=30310835,1546669770&cw=1&rtusCallerId=72&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw&idsd=30310835,1546669770&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1189238
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dollarsurvey.site/captcha1.html?utm_content=zd_public_v2
172.67.71.163200 OK 0 B URL HTTP/2 dollarsurvey.site/captcha1.html?utm_content=zd_public_v2
IP 172.67.71.163:0
Analyzer Verdict Alert fortinet Phishing
GET /captcha1.html?utm_content=zd_public_v2 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/html
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXHTTQ8ESbcZuuk3P%2FJbRAhVB%2BW3nD8hVR14xeZXHtkxDSFimLfRSzNJxa7ItIZp5wn6%2B712R6C3SdXnAm2DpjAQWVqAZtWoCQfzNISiTaTMEWfxEcTgG6zrQBAEJmg3d9TO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0fb1d920b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/favicon.ico
172.67.71.163200 OK 0 B URL HTTP/2 dollarsurvey.site/favicon.ico
IP 172.67.71.163:0
GET /favicon.ico HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: image/x-icon
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
etag: W/"633acffa-47e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6801
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6bncnlOo3LNta962yxooX3SWMQgevhAC2JH1VO0mCj1MRprp%2FQOk9yd9gYVgkLy84jglkioKbFpR0ps%2FkHlqXd6PkfOpI%2F4Gwl7R1K8ijfA1N6OIc2QxoUTgkukPCInHX08"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754cb0fda89f0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/js/dict/cookie-consent-1.json?v=1
172.67.71.163200 OK 0 B URL HTTP/2 dollarsurvey.site/js/dict/cookie-consent-1.json?v=1
IP 172.67.71.163:0
GET /js/dict/cookie-consent-1.json?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/json
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-168d"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BK4B7k7Pg%2F7jPH%2B2DNb6duHqZB4dzYPNb0rQx%2BNR8AKac8%2BPhqeyKViMOemAnM3j3%2FK3XJz0WxxFhQcGq87hggsUCoUFv5l0InhllzRcqjojsEhUMhCOG6ZAwXTB8Rv%2BDK8U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0fcaf4d0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/css/captcha.css
172.67.71.163200 OK 0 B URL HTTP/2 dollarsurvey.site/css/captcha.css
IP 172.67.71.163:0
GET /css/captcha.css HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/css
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-1554"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0xYnWTLYRnBdlQOTalGaGo6OChtH2h0XZBzbzV6y5gjlUtascAR%2FU%2FAdZlDlnT8TQBAeB0SXjc6eHXv25RpCzhbOYWw6OXqUKpFWGD1pFjKa72EF8CphpSBw3m%2FhPigucam"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc3c0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.239200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.239:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 98286
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
IP 178.250.2.146:0
GET /syncframe?origin=rtus&topUrl=dollarsurvey.site HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=cb4becf7-e4c8-42c5-babc-f94189c8020a; expires=Sun, 29 Oct 2023 08:54:11 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 694121
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
dollarsurvey.site/captcha1.html
172.67.71.163200 OK 0 B URL HTTP/2 dollarsurvey.site/captcha1.html
IP 172.67.71.163:0
Analyzer Verdict Alert fortinet Phishing
GET /captcha1.html HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/html
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FqO6cSh8CEFGkG5KMIA6%2BUHvDoOJi2vCJHG2GBYo7nEGikz830XtL%2BYCNUbgFsawKEflD6SgMMKMq%2FHQacxqQRC4ThOIOL%2FI2QNeDb00tkVCfVZfZ6HFN1rUAiE8Res%2FS1Hw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f85ada0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2
dollarsurvey.site/js/data/rtc.js?v=1
172.67.71.163200 OK 0 B URL HTTP/2 dollarsurvey.site/js/data/rtc.js?v=1
IP 172.67.71.163:0
GET /js/data/rtc.js?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-3a65"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROEFC04nBpLaGS3KB2HL6aoEzOImAm9hhxsI1v1vKFzPxWxuFjMt3aZKqXxal6VyOgOv9i8e72tt%2BeTCcheBl3gJn5WXojB8kVfk6%2BM0DoVzLJgTkqpoPJKTMlsGisQbmRu7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc350b06-OSL
content-encoding: br
X-Firefox-Spdy: h2