Report - dollarsurvey.site/captcha1.html

Report Overview

Submitted URL
dollarsurvey.site/captcha1.html
IP
104.26.3.231
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-04 08:54:20
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
dollarsurvey.site	442579	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.4 kB	132 kB	104.26.2.231
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
ag.gbc.criteo.com	5925	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	493 B	185.235.84.122
cdn.taboola.com	1040	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	177 kB	151.101.85.44
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	3.6 kB	93.184.220.29
images.taboola.com	1621	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.6 kB	244 kB	151.101.85.44
gem.gbc.criteo.com	6039	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	492 B	178.250.6.239
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
trc.taboola.com	602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	13 kB	151.101.85.44
trc-events.taboola.com	1779	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	489 B	141.226.228.48
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	33 kB	34.120.237.76
gum.criteo.com	381	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	11 kB	178.250.2.146
pips.taboola.com	1840	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	336 B	347 B	151.101.85.44
cds.taboola.com	1068	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	152 B	141.226.224.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	325 B	1.5 kB	143.204.55.35
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	172.64.155.188
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	369 B	746 B	139.45.195.8
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.4 kB	104.18.20.226
mc.yandex.ru	2672	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.7 kB	77 kB	93.158.134.119
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	34.214.17.205
dnacdn.net	3760	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	860 B	2.0 kB	178.250.0.157

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-04	medium	dollarsurvey.site/captcha1.html	Phishing
2022-10-04	medium	dollarsurvey.site/captcha1.html?utm_content=zd_public_v2	Phishing
2022-10-04	medium	dollarsurvey.site/captcha1.html	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	dollarsurvey.site/js/data/rtc.js?v=1	15 kB	2023-03-07	2023-03-11
Pretty URL dollarsurvey.site/js/data/rtc.js?v=1 IP 172.67.71.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:39:00 Last Seen2023-03-11 19:38:54 Times Seen1 Hash 576f1cb4158c59ea6c8f947e9c7faad9 35192691cb422e06181c7eb48091ae0846541012 37a1a00b4ec2e0fbba6b4e3b2cd762abfbfb94959631d64d9e0c37785537708c Loading...

	dollarsurvey.site/js/taboola.js	1.2 kB	2023-03-07	2023-03-08
Pretty URL dollarsurvey.site/js/taboola.js IP 172.67.71.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:28:23 Last Seen2023-03-08 08:48:47 Times Seen1 Hash c4f9825020ce7d3ed0fa7e38a8a0489b 1e1790da246991f67de73b3926d515e7a16549af 819e9a881c98513c29db88ea64ed5f6b18351e295d183991251ac97764b4949f Loading...

	gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS	30 kB	2023-03-07	2023-03-17
Pretty URL gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS IP 178.250.2.146 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:17:20 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 49908b82b9e80d6ae18a2a5b3d383af9 b5fdbde84ebb8d44304a39a7eca9afc15fd0fc43 1294283dd1491c4767840ecaafa97659b0e3c560ef4048bd51907181c52af89e Loading...

	cdn.taboola.com/libtrc/socionicsurvey/loader.js	82 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/socionicsurvey/loader.js IP 151.101.85.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:36:06 Last Seen2023-03-08 05:36:06 Times Seen1 Hash 4530a93894f94cab2d1463a62a4976f3 d65361fa521e102e45a595d7fe8a813df6696c44 51efbb891a74cc2d17454fc770b38f08d49439e32aa7bd221800aa2796f6c207 Loading...

	cdn.taboola.com/libtrc/impl.20221003-23-RELEASE.js	704 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/impl.20221003-23-RELEASE.js IP 151.101.85.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:36:06 Last Seen2023-03-08 06:58:19 Times Seen1 Hash 96e71a5ce89ba246f7505d82a7c073f0 8024e9e29b54e41078a00891a10e0f8067a9faa0 6d72a34b76f300e3deddf0a79f62e00002d99e3130763b7d84ce79b86a0f176c Loading...

	mc.yandex.ru/metrika/tag.js	211 kB	2023-03-07	2023-03-08
Pretty URL mc.yandex.ru/metrika/tag.js IP 93.158.134.119 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:52:29 Last Seen2023-03-08 08:14:04 Times Seen1 Hash aa9956e5c73e44cabbbedcc740199c2c 3da126d742a1d0cf72923926f0fa3d30a903b862 32052cc706d52301bbfc3cb10546acae464da944a38de9687606e8b5d91eeee9 Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22dollarsurvey.site%22,%22topUrl%22:%22dollarsurvey.site%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.02276895351343622%22%7D	14 kB	2023-03-07	2023-05-06
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22dollarsurvey.site%22,%22topUrl%22:%22dollarsurvey.site%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.02276895351343622%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:36 Last Seen2023-05-06 00:14:31 Times Seen2035 Hash 49e65b540d43d40997ce3844d41b2dd0 b7331c5edc086ee2c7731b1b36e937e7c44450a7 f185c1b78d87a007d9492a85c6ce64c06cc851ef9f13ca3caf8aaafe243b0ac2 Loading...

	cdn.taboola.com/scripts/cds-pips.js	2.3 kB	2023-03-07	2023-03-17
Pretty URL cdn.taboola.com/scripts/cds-pips.js IP 151.101.85.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:16:15 Last Seen2023-03-17 12:40:57 Times Seen1 Hash 8cbcf8a5c724c32aa9be09d14a4c624d 75263978c8803fa7d78be424409e1a29740bcba7 70efe208587aa0220cbd71b13870394c06f90930540cbdfb677b1af997023bac Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 21:05:33 Times Seen37047205 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	dollarsurvey.site/captcha1.html	40 B	2023-03-07	2024-04-24
Pretty URL dollarsurvey.site/captcha1.html IP 104.26.2.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:07 Last Seen2024-04-24 17:37:12 Times Seen4680 Hash 6bd43cf0ae158526c6ab93dc3be79f28 15c289e342bd3fdf5b1e95f7abf25a2bc78bf357 7a13d5ae0755d86c09084ec300c4a0f1a0a06921f74d9980eba9d966ff17ad38 Loading...

	dollarsurvey.site/captcha1.html	237 B	2023-03-08	2023-03-12
Pretty URL dollarsurvey.site/captcha1.html IP 104.26.2.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:19:24 Last Seen2023-03-12 21:16:07 Times Seen1 Hash 19b8722efab4e2bec7b1aaab4b5d9ab0 92dba16dc1812ec42b43aa97cc31c97138dea642 b972d04cd1cd17737b5ae248abe902f2defab803e7465a3eec21c92c05e6218a Loading...

	dollarsurvey.site/js/config.js?v=7	68 kB	2023-03-08	2023-03-10
Pretty URL dollarsurvey.site/js/config.js?v=7 IP 172.67.71.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 03:12:01 Last Seen2023-03-10 14:22:46 Times Seen1 Hash 89653056f8f6fb1ee030e75823753f72 37f2fd98180eefc9a17a201eee70d01a2b341eba cf3fe8f41a6be84115d07d5b911384f1809b9a75035bfd587ee351f12a824819 Loading...

	dollarsurvey.site/js/data/sd-301.js?v=4	437 B	2023-03-07	2023-03-17
Pretty URL dollarsurvey.site/js/data/sd-301.js?v=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:10 Last Seen2023-03-17 11:32:30 Times Seen1 Hash 1d2ee779aa577d20c3519e937114f12b 399da7122776f2137f6191a70881f3b5a7d1ece1 c751fc69a9f1eb6ae04d9e3ad969ce02dcb57802d78d810c88d0676c352b5a24 Loading...

	cdn.taboola.com/libtrc/userx.20221003-23-RELEASE.es6.js	18 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/userx.20221003-23-RELEASE.es6.js IP 151.101.85.44 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:36:06 Last Seen2023-03-08 06:58:19 Times Seen1 Hash 7183e64b9ee17201f50d997800bd537d b31a532c5c6e784cbe1d6ba9506cbb807bdf2d45 db4cf8abad8c08ffabb57ed73f01f77e28b84d8df0204f7e7ea9ec6aa312bcbf Loading...

	cdn.taboola.com/libtrc/cta-component.20221003-23-RELEASE.es6.js	19 kB	2023-03-08	2023-03-08
Pretty URL cdn.taboola.com/libtrc/cta-component.20221003-23-RELEASE.es6.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:36:06 Last Seen2023-03-08 05:36:06 Times Seen1 Hash f6dfcecfb1d8b810e81bccfe107e20aa 54707b63716985ad34131095689e39c02bc854c7 4b79d8c6b17d60add4b12236cae651cda857e6a83021fa603113bbb155fd39e5 Loading...

	dollarsurvey.site/captcha1.html	512 B	2023-03-08	2023-03-11
Pretty URL dollarsurvey.site/captcha1.html IP 104.26.2.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:19:24 Last Seen2023-03-11 10:15:15 Times Seen1 Hash a1037e53db3060c76e3e815abcbabe97 45b2bad924322c980cb70dc120bc7bb8749ae593 84f98560bb7260892aa9d5cd59c00aa5202adc48d4a33b32afb25f9e24adc363 Loading...

	dollarsurvey.site/js/data/_global-config-sd.js?v=3	651 B	2023-03-08	2023-03-10
Pretty URL dollarsurvey.site/js/data/_global-config-sd.js?v=3 IP 172.67.71.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:42:09 Last Seen2023-03-10 14:11:48 Times Seen1 Hash 57147bdcb9b014876c4692547246d7d6 2c8c83fae4a1e17c6c2c78a18b51b68bad585be4 bebb2db3d52a4431b9912c22e20f4fd2799d3e92f097e25ac0ddc840e1f6dbd6 Loading...

	dollarsurvey.site/captcha1.html	1.2 kB	2023-03-07	2023-03-11
Pretty URL dollarsurvey.site/captcha1.html IP 104.26.2.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:48:08 Last Seen2023-03-11 14:36:48 Times Seen1 Hash 2a29357b03306f0b02184dd3d4016f27 c0646f66b7add9c1dafbe02c7e37d300667594de b7e00634052894ab4253f6e14b8d0f504ee9d247f187e3239fb3b502fd3dad2f Loading...

	dollarsurvey.site/js/survey.js?v=13	304 kB	2023-03-08	2023-03-08
Pretty URL dollarsurvey.site/js/survey.js?v=13 IP 172.67.71.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:19:24 Last Seen2023-03-08 05:48:33 Times Seen1 Hash 85d3cbb357e2f6c62eb8d2cb12dca449 64cc549d4b5a3eafd8e1ece844fccb83697e2662 d513b60e46ba964864adb6aae08dc86af88d033fae310d6c9f2a78c72dbe1cf2 Loading...

	dollarsurvey.site/captcha1.html?utm_content=zd_public_v2	112 B	2023-03-07	2023-04-05
Pretty URL dollarsurvey.site/captcha1.html?utm_content=zd_public_v2 IP 172.67.71.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:33 Last Seen2023-04-05 02:10:30 Times Seen82 Hash e47ee79f740c9eae02464288746f765d 9f2a84ab535d0c773c2d822221917b26446c6d46 24ca2d2952aa702f4191a162f59fbad191c648e851dae7876434baf548af95a7 Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22dollarsurvey.site%22,%22topUrl%22:%22dollarsurvey.site%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.02276895351343622%22%7D	418 B	2023-03-07	2023-03-17
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:null,%22origin%22:0%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22dollarsurvey.site%22,%22topUrl%22:%22dollarsurvey.site%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:72,%22requestId%22:%220.02276895351343622%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:53:17 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 72ad3a00c4af14e8c301e9eafbe741ea 63dc5435a78e8b86fb54fa8be021d2f54b1903b1 d05385301aef1a77fd22c1c56c08102835063c8221b753de58aff20a800c95eb Loading...

		Size	First Seen	Last Seen
	#1 Eval - 37cd3bd2adbd29e7fafaf20f77f4bf43	18 B	2023-03-07	2024-04-15
Pretty Observations First Seen2023-03-07 01:02:19 Last Seen2024-04-15 12:57:44 Times Seen656 Hash 37cd3bd2adbd29e7fafaf20f77f4bf43 d4a665f4bf3dc9a6f3ea3a55c50c5a37c6bd05f5 0f3342bc14063d9ed7a669eb067b50ea17b2cb7dcb51968939b72fa9ac862d91 Loading...

		Size	First Seen	Last Seen
	#1 Write - 3a824154b16ed7dab899bf000b80eeee	4 B	2023-03-07	2024-02-13
Pretty Observations First Seen2023-03-07 01:02:03 Last Seen2024-02-13 04:29:14 Times Seen34 Hash 3a824154b16ed7dab899bf000b80eeee e575dccc71140754dd85beda5965b6a358150309 b1ab1e892617f210425f658cf1d361b5489028c8771b56d845fe1c62c1fbc8b0 Loading...

	#2 Write - 2d6673eded37338627f4fc432783fc4d	759 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 12:04:33 Last Seen2023-05-06 00:14:31 Times Seen121 Hash 2d6673eded37338627f4fc432783fc4d bb226d552cec5533fb1d7fd8b486efa856d7f333 a7e9c7904cd65627b33964bbb90839a2fa154c33d9c353413da6dcdc4fba2295 Loading...

HTTP Transactions (72)

URL IP Response Size

dollarsurvey.site/captcha1.html

104.26.2.231

301 Moved Permanently

0 B

URL HTTP/1.1
dollarsurvey.site/captcha1.html
IP
104.26.2.231:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /captcha1.html HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 08:54:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 04 Oct 2022 09:54:09 GMT
Location: https://dollarsurvey.site/captcha1.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmJBrqvFu0keZyqO9I0c8ZOrxP%2Bh38sEwnhi4mtQXmEedtLHCNq1TYrxoqZjs1nxFEcybt88cXMZMe8VhsIVXfHQFm5UTDHPtZUMextNpMNc5RFhOO2Wa6kGEKqW%2B7PPpXFU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754cb0f68f75b4f9-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11193
Expires: Tue, 04 Oct 2022 12:00:42 GMT
Date: Tue, 04 Oct 2022 08:54:09 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 08:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4D9YxO_ZQMyXgkhYNcqoFYvXCLbRcD8hqZsDj3EqN_T8UDUkXN-9Eg==
Age: 425

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8USWW10GZL6wiX4N1jQFipr0SYqSdGKMfU03XH2iMjxEFN6oGSufaQ==
age: 12342
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

dollarsurvey.site/css/survey.css?v=1

172.67.71.163

200 OK

15 kB

URL HTTP/2
dollarsurvey.site/css/survey.css?v=1
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (19834)
Size
15 kB (14871 bytes)
Hash
d9a659c74e7470f3583fe80977968d59
da34f647d3d68a9e59a07d3a9474643f4d4a2056
c1eebd723a361bc4d31cce8d167ba16f9b306e6d2a428920907ff679b41fe2f8

HTTP Headers

GET /css/survey.css?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/css
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-4d7b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNJ6Xk2aFUyCof5Rh90uvzc349II3sCGrWt7vqMMjkB5pKD44CBLv%2FqTexjIRCN1Jlb03nPlmnep4R1BBYMPEm%2F9D2FeQYdN2QLRw%2BL66HjqfMo0HrFDS7A4KkShKoG3nz8E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc3a0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0a25532c4133886e22a425cacca9c027
41a1b476967aed6ac227717098cd8be3209b45b3
f50b860d2b3b4d59df90ad6b36c84639141ca9dd9530a74e07fd79fd9387f52e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:54:10 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 06:25:20 GMT
Expires: Mon, 10 Oct 2022 06:25:19 GMT
Etag: "41a1b476967aed6ac227717098cd8be3209b45b3"
Cache-Control: max-age=508868,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754cb0fcad20b503-OSL

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
66120d5134904a0deda7426dc03af7b1
a3c2f737d39e2d2ad958e33ff32be4202687e631
0acb5ae4dd6a2912c501bd544efa2844b2459bf7fb21d463226c900e94c722aa

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9dc936046b524ceca929bccbd2d6536d; expires=Wed, 04 Oct 2023 08:54:10 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dollarsurvey.site/js/data/_global-config-sd.js?v=3

172.67.71.163

200 OK

669 B

URL HTTP/2
dollarsurvey.site/js/data/_global-config-sd.js?v=3
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
669 B (669 bytes)
Hash
a33be79ec99367f3e91fb23f4354d3b7
47efbd1e0e95d8ec7146b5bb15500a1dc21dfc95
23192d1b7776a54180be647866e0aff07bd5d91e4cc3b041c8ff1286498f31ea

HTTP Headers

GET /js/data/_global-config-sd.js?v=3 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
etag: W/"633acffa-28b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxnmQRunZ5eQJ7%2FnDaYXqd0RnfXKo%2FEAUR%2BPKRPjqcr2fxhNg0hyYZO4NfKzCu9nWzV5OualAZwaQZeESonXFFfDgnTwI706qxqDCSe%2BEHHbFP5aFEiojRUNqzSTtNo0QDYb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754cb0f9bc330b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/socionicsurvey/loader.js

151.101.85.44

200 OK

21 kB

URL HTTP/2
cdn.taboola.com/libtrc/socionicsurvey/loader.js
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65476)
Size
21 kB (21390 bytes)
Hash
b82e3b4d97c99a583a188b3aa26642cb
1ce22a44f0a64a4009815ec6824a7fbfea1aed05
e1e8cdbf8bc909de65b29c5905a3bd071874298df69703c7080987968415debf

HTTP Headers

GET /libtrc/socionicsurvey/loader.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
etag: "d65361fa521e102e45a595d7fe8a813df6696c44"
last-modified: Tue, 04 Oct 2022 07:15:55 UTC
x-amz-id-2: L7pwpQI9U/NVYn0tRrR15VmdMrDdaSamkcVHRisieY1lFQO/ZEKX0paauh1zBzr2gfoC2cDbuFc=
x-amz-request-id: N2SEMG422ZN6KZXS
x-amz-version-id: QAzXzgMju9b0o28V5LukILJ5qSd3U50Z
x-from-cache: 1
x-envoy-upstream-service-time: 5
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:10 GMT
via: 1.1 varnish
age: 5536
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1664873651.864663,VS0,VE1
cache-control: private,max-age=14400
vary: Accept-Encoding, Accept-Encoding
abp: 30
content-length: 21390
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/impl.20221003-23-RELEASE.js

151.101.85.44

200 OK

146 kB

URL HTTP/2
cdn.taboola.com/libtrc/impl.20221003-23-RELEASE.js
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65508)
Size
146 kB (145618 bytes)
Hash
0b5cc11a8b1228f344f0bb68ce2c0b76
a50b09c15c9d9342dc20f6c832ae1d5fdcbf6cc9
14af68cfb1ba31c78c560f3a55b71f2766210560d72ccc4c5a579a8d55aade2d

HTTP Headers

GET /libtrc/impl.20221003-23-RELEASE.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: K0AUSbn+fdb2yEUyAKC7opM7shodLQiyyWAiLb7NZTFwoEBd8ak2OpHlGWXiZP/b3mDqBFrt0Xo=
x-amz-request-id: D1F3HER4F2EX39EP
last-modified: Mon, 03 Oct 2022 19:41:38 GMT
etag: "0b5cc11a8b1228f344f0bb68ce2c0b76"
content-encoding: br
x-amz-version-id: A.XFET_2d9kM4WV4VXweOs3gFbcHia3Z
content-type: application/javascript
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:10 GMT
via: 1.1 varnish
age: 18268
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 12070
x-timer: S1664873651.923215,VS0,VE0
cache-control: private,max-age=31536000
vary: Accept-Encoding
abp: 97
server: AmazonS3-br
content-length: 145618
X-Firefox-Spdy: h2

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
2a52e610b96389b6dd5852fd6767232a
acb68655212b24f4fd533c082e6351dfa7ae1cea
b6a2e5679f5cf237c37ca20b58fc7b7f6a02db50b5e4b2ad6efc280009274355

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 08:54:10 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sat, 08 Oct 2022 04:14:25 GMT
ETag: "acb68655212b24f4fd533c082e6351dfa7ae1cea"
Last-Modified: Tue, 04 Oct 2022 04:14:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3573
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754cb0fe599cb51e-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5122
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:10 GMT
Last-Modified: Tue, 04 Oct 2022 07:28:48 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

mc.yandex.ru/metrika/tag.js

93.158.134.119

200 OK

72 kB

URL HTTP/2
mc.yandex.ru/metrika/tag.js
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Size
72 kB (72341 bytes)
Hash
7a68c8644032413981e4ba5bc0d66c4a
2d46ca8055e8577ae7138140e34a6e633434973c
e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5

HTTP Headers

GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 72341
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: *
etag: "633583ac-11a95"
expires: Tue, 04 Oct 2022 09:54:11 GMT
last-modified: Thu, 29 Sep 2022 14:38:20 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
904a0d87402d9eecfec00481cdb28d62
6b37e41d4321718433996e4c1f4eed2f8f1727fc
e0884556a581a67e0e212887e97ca7f4438ef644fea7a0efd10175902f5e77e5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4148
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:11 GMT
Last-Modified: Tue, 04 Oct 2022 07:45:03 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314

push.services.mozilla.com/

34.214.17.205

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.17.205:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7KQvS6/DTb8zKSZsdhodaA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bH2ASnvuotfuord8NmnK8JN0LcI=

mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)

93.158.134.119

302 Found

400 B

URL HTTP/2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
JSON data\012- , ASCII text, with very long lines (400), with no line terminators
Size
400 B (400 bytes)
Hash
f8ba39696a5c0911be9ee39b076a1502
02c93405b29533eb1aa8627d5612bd34e8587899
0581f568fb8a27ce6f0f95664da2566739d2aae7d44b1554c2837f006f752b14

HTTP Headers

GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A194%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085410%3Aet%3A1664873651%3Ac%3A1%3Arn%3A288125106%3Arqn%3A1%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C0%2C37%2C0%2C%2C0%2C%2C110%2C3%2C%2C%2C%2C252%3Ans%3A1664873649972%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
set-cookie: yandexuid=3682208501664873651; Expires=Wed, 04-Oct-2023 08:54:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3682208501664873651; Expires=Wed, 04-Oct-2023 08:54:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=420726161664873651; Path=/; SameSite=None; Secure
i=hT0xQ/OdnviDiDeuaOjv7NTPiG3dF6S03Q/M6nTUHnA2xfj2J3F/62xQNfxAzeHwq9+lfyfI681DQa/IGhxFPJYkccU=; Expires=Fri, 01-Oct-2032 08:54:10 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696409651.yrts.1664873651#1696409651.yrtsi.1664873651; Expires=Wed, 04-Oct-2023 08:54:11 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/metrika/advert.gif

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/metrika/advert.gif
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: *
etag: "633583ac-2b"
expires: Tue, 04 Oct 2022 09:54:11 GMT
accept-ranges: bytes
last-modified: Thu, 29 Sep 2022 14:38:20 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A665895257%3Arqn%3A4%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A665895257%3Arqn%3A4%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonStepChange&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A665895257%3Arqn%3A4%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(4)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A617768287%3Arqn%3A3%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A617768287%3Arqn%3A3%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonUnique&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A617768287%3Arqn%3A3%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(3)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A392051300%3Arqn%3A2%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)

93.158.134.119

200 OK

43 B

URL HTTP/2
mc.yandex.ru/watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A392051300%3Arqn%3A2%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2)
IP
93.158.134.119:0
ASN
#13238 YANDEX LLC

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

HTTP Headers

POST /watch/66423859/1?page-url=goal%3A%2F%2Fdollarsurvey.site%2FonSurveyStart&page-ref=https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2&charset=utf-8&hittoken=1664873651_3e24f5b63db3261b0596cf2174a27859896927470e4a1b6266d359b879a95ced&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A801128038153%3Ahid%3A804663220%3Az%3A0%3Ai%3A20221004085411%3Aet%3A1664873651%3Ac%3A1%3Arn%3A392051300%3Arqn%3A2%3Au%3A166487365168173745%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ans%3A1664873649972%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664873651%3At%3AConfirm%20you%E2%80%99re%20not%20a%20robot&t=gdpr(14)mc(g-3)clc(0-0-0)aw(1)rqnt(2)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 40
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 43
date: Tue, 04 Oct 2022 08:54:11 GMT
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 04-Oct-2022 08:54:11 GMT
last-modified: Tue, 04-Oct-2022 08:54:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

trc.taboola.com/socionicsurvey/trc/3/json?tim=08%3A54%3A11.234&lti=deflated&data=%7B%22id%22%3A173%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1664828479901%2C%22vi%22%3A1664873651232%2C%22cv%22%3A%2220221003-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2

151.101.85.44

200 OK

11 kB

URL HTTP/2
trc.taboola.com/socionicsurvey/trc/3/json?tim=08%3A54%3A11.234&lti=deflated&data=%7B%22id%22%3A173%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1664828479901%2C%22vi%22%3A1664873651232%2C%22cv%22%3A%2220221003-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (18924)
Size
11 kB (10902 bytes)
Hash
2678d064969969eb9e0201bf82841fe6
e19df958728d043b86a0b399fba3d8110a1b4717
604e2a83dc86b84089dde4e2f89279ee370ef1c2cc074ffbca399bafc19091ce

HTTP Headers

GET /socionicsurvey/trc/3/json?tim=08%3A54%3A11.234&lti=deflated&data=%7B%22id%22%3A173%2C%22ii%22%3A%22%2Fcaptcha1.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1664828479901%2C%22vi%22%3A1664873651232%2C%22cv%22%3A%2220221003-23-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22btv%22%3A%220%22%2C%22bu%22%3A%22https%3A%2F%2Fdollarsurvey.site%2Fcaptcha1.html%3Futm_content%3Dzd_public_v2%22%2C%22vpi%22%3A%22%2Fcaptcha1.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1280%2C%22sh%22%3A1002%2C%22bw%22%3A1280%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A939%2C%22dw%22%3A1280%2C%22dh%22%3A939%2C%22qs%22%3A%22%3Futm_content%3Dzd_public_v2%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A9%2C%22uim%22%3A%22thumbnails-a%3Aabp%3D0%22%2C%22uip%22%3A%22null_null_Horizontal%20widget%22%2C%22orig_uip%22%3A%22null_null_Horizontal%20widget%22%2C%22cd%22%3A389%2C%22mw%22%3A0%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fcaptcha1.html%2Cnull_null_Horizontal%20widget%3Dthumbnails-a%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:11 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873652.681549,VS0,VE235
vary: Accept-Encoding
x-vcl-time-ms: 235
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/userx.20221003-23-RELEASE.es6.js

151.101.85.44

200 OK

5.4 kB

URL HTTP/2
cdn.taboola.com/libtrc/userx.20221003-23-RELEASE.es6.js
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (17842)
Size
5.4 kB (5399 bytes)
Hash
acdae16fe2932657252fce877251ad2f
a32cf1cacb37aa15e8e4bb0daced8aa17778c1e6
d2318a36c86a1ffd751e4668de220b379de9c2bc45d15a30d2169a6dc4753be9

HTTP Headers

GET /libtrc/userx.20221003-23-RELEASE.es6.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 74Oyd+YzaF0KzSJI5TwkiBMuw8VLv9X/+7Eq7er8yGHx/jTe5WiojOY5eOYmdLvqsvl1p6e9DEM=
x-amz-request-id: Y8K4EZ24TMJR8EY8
x-amz-replication-status: COMPLETED
last-modified: Mon, 03 Oct 2022 20:10:39 GMT
etag: "7183e64b9ee17201f50d997800bd537d"
x-amz-version-id: a0U9IweTK7Sd_KH5FMrKJF5ImQLd_3CT
content-type: application/javascript; charset=utf-8
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
via: 1.1 varnish
age: 72
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 12
x-timer: S1664873652.018978,VS0,VE0
cache-control: private,max-age=14400
vary: Accept-Encoding
abp: 97
content-length: 5399
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg

151.101.85.44

200 OK

30 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
30 kB (30148 bytes)
Hash
f46d522b4f8651c567d5cd840dc9118f
9faf8658ae02bb010dde46e5ddc597b44601dbf6
cefc85b3a8795af5f67c319cd903cbe7a7927f1998c2c8535d722c7532d9540b

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 353731689933732867918532423341708278778,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 353731689933732867918532423341708278778,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "5714076aa615214c5ded5af150bd53d7"
expiration: expiry-date="Sat, 03 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Wed, 03 Aug 2022 14:13:25 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 222
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 4246570
x-served-by: cache-iad-kjyo7100118-IAD, cache-iad-kcgs7200176-IAD, cache-lga21932-LGA, cache-iad-kjyo7100101-IAD, cache-bma1624-BMA
x-cache: HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 2, 1
x-timer: S1664873652.045337,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/8b2c3629b48c223ef378e079bb16dcda.jpg
x-vcl-time-ms: 1
content-length: 30148
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg

151.101.85.44

200 OK

24 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
24 kB (23972 bytes)
Hash
c6b9a07f712b8e42f3b1490937ce683a
4d033c539617b21626f78e2028e67cfce4dd9e79
6be913c9513bbed66c5c457726e3ad2569014de5a17c9f7c0967967bfe073667

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 595260562278860826721960044480358324270,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 595260562278860826721960044480358324270,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
etag: "913240a374db67dfa42ece5ffd824aba"
expiration: expiry-date="Fri, 26 Aug 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 26 Jul 2022 14:11:12 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 442
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 3705103
x-served-by: cache-iad-kiad7000081-IAD, cache-iad-kjyo7100087-IAD, cache-lga21928-LGA, cache-iad-kcgs7200069-IAD, cache-bma1624-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 1, 1
x-timer: S1664873652.045488,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//buzzghana.com/wp-content/uploads/2015/11/portman1.jpg
x-vcl-time-ms: 1
content-length: 23972
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png

151.101.85.44

200 OK

31 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
31 kB (30810 bytes)
Hash
a98af7b5490e32d3b26f95aa96da5317
b86f99b51df55ff72557d1aa76bde7e9c19e3dd0
50f1405dd4b5dc84c9dd966b8b6c76084e70bcaac76e0c4d3151ccab21e7e0d8

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 505357209565147916781037331362602449736,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 505357209565147916781037331362602449736,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "282cd69788ab3f951d3140d064dbecda"
last-modified: Mon, 01 Aug 2022 01:03:43 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: bdecf1ee8168d11fd098f0eefba2bba8
x-envoy-upstream-service-time: 113
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 4061429
x-served-by: cache-iad-kjyo7100125-IAD, cache-iad-kcgs7200066-IAD, cache-sna10725-LGB, cache-iad-kjyo7100160-IAD, cache-bma1624-BMA
x-cache: MISS, MISS, HIT, HIT, HIT
x-cache-hits: 0, 0, 1, 1, 1
x-timer: S1664873652.045358,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/f7cc53820b8026cc2281ac55f7d70184.png
x-vcl-time-ms: 2
content-length: 30810
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg

151.101.85.44

200 OK

24 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
24 kB (23988 bytes)
Hash
c6591f478b0c784e34f37424b444cb98
91a642ba9e655c6ed44992d4fcd090b39e705a9a
c6f66e0209b76477f5b39ee08bf58f47b7cc9662d6199f3b1eb8e83107b8daa7

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 365624821007675099561087980638275804902,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 365624821007675099561087980638275804902,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "3f4f5a8d22193737c642b3f7e46c63e4"
expiration: expiry-date="Fri, 16 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 16 Aug 2022 06:18:54 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 155
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb203
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 2297032
x-served-by: cache-iad-kcgs7200076-IAD, cache-iad-kjyo7100126-IAD, cache-bur-kbur8200087-BUR, cache-iad-kcgs7200103-IAD, cache-bma1624-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1664873652.131570,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/87160bea0dc54a07f5e9871bb33c8f1f.jpg
x-vcl-time-ms: 1
content-length: 23988
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg

151.101.85.44

200 OK

32 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
32 kB (31602 bytes)
Hash
8d977c117f0720f82418788a2c096377
9a548edf739243d496728a5d01d64dcadac28d26
057732d31e4b89203a3e048fadf0040ed2536ac2079feecdd5d5a87d53364bd7

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 554978713124100936179217900433612326464,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 554978713124100936179217900433612326464,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "a610f0cf2d8043b2ed59d0a040f2f215"
last-modified: Tue, 30 Aug 2022 10:52:20 GMT
req-referer: https://technology.inquirer.net/
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: ea8aa2ca53e502db6091107aed79ba45
x-envoy-upstream-service-time: 246
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 1744649
x-served-by: cache-iad-kcgs7200118-IAD, cache-iad-kcgs7200057-IAD, cache-bur-kbur8200101-BUR, cache-iad-kcgs7200149-IAD, cache-bma1624-BMA
x-cache: HIT, HIT, HIT, HIT, HIT
x-cache-hits: 1, 1, 1, 1, 1
x-timer: S1664873652.137337,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/937bb3b795aedd81a2ea52bd73e7fcf5.jpg
x-vcl-time-ms: 2
content-length: 31602
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg

151.101.85.44

200 OK

36 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
36 kB (35954 bytes)
Hash
786ff2b86b7235ba55a726436715dae4
2b56f864705f0c0817e5afea7658d35ab3fa0cf1
8e921f193fac3bbe7398ed90de742dda83b714332d07b310e34ff125806c5d93

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 336213556022377362283590561039274049214,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 336213556022377362283590561039274049214,351865785165949093008023078421511818851,29ecf9b93bbf306179626feeda1fab70
etag: "824a7c0fb3089ec954f7e68e6f4e0bff"
expiration: expiry-date="Thu, 29 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 29 Aug 2022 16:09:40 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 125
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 1774619
x-served-by: cache-iad-kjyo7100056-IAD, cache-iad-kcgs7200150-IAD, cache-chi-klot8100031-CHI, cache-iad-kcgs7200021-IAD, cache-bma1624-BMA
x-cache: MISS, HIT, MISS, HIT, HIT
x-cache-hits: 0, 1, 0, 1, 1
x-timer: S1664873652.138233,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/30de36884b20f9f40856ed7076fab5f3.jpg
x-vcl-time-ms: 1
content-length: 35954
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png

151.101.85.44

200 OK

16 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
16 kB (16266 bytes)
Hash
6264aae2a1e00efd09584de42ac877fc
13f2d4516db5c88b89baaa4e549e5cd14581d882
4d4b644a295a5c90df79f305b6ce5609e2b03d7533e35f6ccff4c41b90aaa392

HTTP Headers

GET /taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 397904652904529804999342732080284249541,612558585418111780582903095364650663529,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 397904652904529804999342732080284249541,612558585418111780582903095364650663529,29ecf9b93bbf306179626feeda1fab70
etag: "1767dbb367a50c903999accedd0082f5"
last-modified: Tue, 16 Aug 2022 15:15:50 GMT
status: 200 OK
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: a065afa9f4b5d1472e31128ea805a982
x-envoy-upstream-service-time: 2949
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 1875300
x-served-by: cache-iad-kjyo7100154-IAD, cache-iad-kcgs7200071-IAD, cache-chi-kigq8000032-CHI, cache-iad-kjyo7100041-IAD, cache-bma1624-BMA
x-cache: MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1664873652.138599,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/h_417,w_500,c_fill,g_xy_center,x_509,y_176/https%3A//i.pinimg.com/originals/ae/ed/00/aeed00cb8169f73fdbf1e6796cf37732.png
x-vcl-time-ms: 1
content-length: 16266
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg

151.101.85.44

200 OK

24 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
24 kB (24182 bytes)
Hash
9c62383b00d20d8baa2a60b5e16af13d
3586299f74bcfc8f3a35b37dcb5b11e290658fd3
27d0b0ad534db2a78d0aebd4cb8adf6ae0ac44ed647d0037d744e19c2c0336ff

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 398954946340191402030755089796314689703,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 398954946340191402030755089796314689703,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "578fcf1aa0e82d269450626bed14a905"
expiration: expiry-date="Thu, 01 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 01 Aug 2022 15:50:23 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 241
x-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 3442993
x-served-by: cache-iad-kiad7000125-IAD, cache-iad-kiad7000103-IAD, cache-bur-kbur8200071-BUR, cache-iad-kjyo7100050-IAD, cache-bma1624-BMA
x-cache: HIT, HIT, MISS, HIT, HIT
x-cache-hits: 1, 1, 0, 1, 1
x-timer: S1664873652.141221,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/026e9831d4d6a422c01cea23c5c9a106.jpg
x-vcl-time-ms: 1
content-length: 24182
X-Firefox-Spdy: h2

trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A10.727&type=usage&msg=rtus&llvl=2&id=670&cv=20221003-23-RELEASE&lt=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D

141.226.228.48

204 No Content

0 B

URL HTTP/2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A10.727&type=usage&msg=rtus&llvl=2&id=670&cv=20221003-23-RELEASE&lt=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socionicsurvey/log/2/debug?tim=08%3A54%3A10.727&type=usage&msg=rtus&llvl=2&id=670&cv=20221003-23-RELEASE&lt=deflated&file=rtus.js&method=injectRtus&position=default&extraData=%7B%7D HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:12 GMT
x-fastly-to-nlb-rtt: 21227
access-control-allow-credentials: true
X-Firefox-Spdy: h2

trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=6190&cv=20221003-23-RELEASE&lt=deflated&pct=1

141.226.228.48

204 No Content

0 B

URL HTTP/2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=6190&cv=20221003-23-RELEASE&lt=deflated&pct=1
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Invalid%20container%20provided%20for%20request%20null_null_Below%20Article%20-%20360x640%20(null)!&llvl=2&id=6190&cv=20221003-23-RELEASE&lt=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:12 GMT
x-fastly-to-nlb-rtt: 21227
access-control-allow-credentials: true
X-Firefox-Spdy: h2

trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=2369&cv=20221003-23-RELEASE&lt=deflated&pct=1

141.226.228.48

204 No Content

0 B

URL HTTP/2
trc-events.taboola.com/socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=2369&cv=20221003-23-RELEASE&lt=deflated&pct=1
IP
141.226.228.48:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socionicsurvey/log/2/debug?tim=08%3A54%3A11.230&type=error&msg=Didn%27t%20manage%20to%20find%20TRC%20container%20for%20R-Box%20with%20ID%20taboola-below-article---360x640%20(retry%3D1)%20(Document%20is%20Ready)!&llvl=2&id=2369&cv=20221003-23-RELEASE&lt=deflated&pct=1 HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:12 GMT
x-fastly-to-nlb-rtt: 21227
access-control-allow-credentials: true
X-Firefox-Spdy: h2

images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg

151.101.85.44

200 OK

14 kB

URL HTTP/2
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
RIFF (little-endian) data, Web/P image\012- data
Size
14 kB (13874 bytes)
Hash
889bb9240883413b69cd91f848149041
0c0e5874abd662ace7ad9dae2f2edd8b4d3aa832
a46b116cc9b481a3e3239818ff44f004ae9a3d51d9cf568d7b4cc76cb271212f

HTTP Headers

GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg HTTP/1.1
Host: images.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 382388442081793375627107603736449493769,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 382388442081793375627107603736449493769,364438333597438504035334861318629113620,29ecf9b93bbf306179626feeda1fab70
etag: "ae76fed43ef41e2a9ca3d179390b0e44"
expiration: expiry-date="Fri, 09 Sep 2022 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 09 Aug 2022 09:22:02 GMT
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 132
x-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb802
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
age: 4034557
x-served-by: cache-iad-kiad7000022-IAD, cache-iad-kiad7000061-IAD, cache-chi-klot8100115-CHI, cache-iad-kcgs7200038-IAD, cache-bma1624-BMA
x-cache: HIT, MISS, MISS, HIT, MISS
x-cache-hits: 1, 0, 0, 1, 0
x-timer: S1664873652.138471,VS0,VE102
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_417%2Cw_500%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/GETTY_IMAGES/SKP/914969436__CsY68w3r.jpg
x-vcl-time-ms: 102
content-length: 13874
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
4e5b1c18b41c244135794b09f34ef8c0
954b38d1eca6896a15c88cae2ebd5b791d32cc91
459d21039ffbad3ea5274c2d0df28e4b684bcbc6c306b0ae7d977aa782b8dffe

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3583
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:12 GMT
Last-Modified: Tue, 04 Oct 2022 07:54:29 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314

dnacdn.net/dna

178.250.0.157

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=rqxN1V80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk15endUY0FJMk9GMEVGQVhyT0JOcGk; expires=Sun, 29 Oct 2023 08:54:12 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 274579
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive

dnacdn.net/dna

178.250.0.157

200 OK

632 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
632 B (632 bytes)
Hash
3ad67097b0491e7472eaeaffb2a84993
f56d4058780cc49b108d37d13fc4349847022d4c
0611c188f7ef32a9c1074b8ebb68c2a9fd1c7d292481b1a222e0764622108355

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=rqxN1V80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk15endUY0FJMk9GMEVGQVhyT0JOcGk
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw; expires=Sun, 29 Oct 2023 08:54:12 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 397608
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18266
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 08:54:12 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4858 bytes)
Hash
6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 39446
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5504 bytes)
Hash
6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 37493
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8308 bytes)
Hash
59c6121e6f6cb833939e12585aca131e
5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df
88b8a458ad437bf40d154b21d844ba56530ae05c2f42b417cfb0e6cffcb294e5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4f5077e-59b1-4f52-bd32-a57c373ce2f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 35cc0acc-ac90-4f36-a976-c61c34cfe4fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqNXG3mIAMFujg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5722-112061742493dd5255c3fb00;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VeeA3FQIKbAt5xmPr99k9gQjGbbwrRLM1lFYWaVIO3TCVM19GUKJaA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:57:01 GMT
age: 39431
etag: "5cc38c9cfe6a2ade7a1d8ee272c4eda47c35f5df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

dollarsurvey.site/js/survey.js?v=13

172.67.71.163

200 OK

102 kB

URL HTTP/2
dollarsurvey.site/js/survey.js?v=13
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
102 kB (102048 bytes)
Hash
b5716a2f44fcd886687c81477878ffbc
e3a6bd2d3f2ea863c57ef03cdc35fe5e29afa563
1f3019e5bf5e07b7f8a5253ac9e80ee68a284ebf73c1df168e6d1a2c03f3f5ae

HTTP Headers

GET /js/survey.js?v=13 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-4a180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ncV17H616yFjY%2FijEUMykMB6kLp8kz%2FzjZoGOVQ%2Bwpy0wwBAcbxEV94ULBWkPBFu6Uv8OAZsAwY8qkQyQTfq7Mpyn1DwW86VXvIT1RqfO6049GqQCcHOZt1yKBESuHvujfZM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9cc480b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

dollarsurvey.site/js/taboola.js

172.67.71.163

200 OK

6.8 kB

URL HTTP/2
dollarsurvey.site/js/taboola.js
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1167), with no line terminators
Size
6.8 kB (6809 bytes)
Hash
85e9c1c05cfc18f2d7a7d958a8fb9d16
ee5e85e8e28567cf90345cf122eb8b0c32e4a76f
eec6de908684e113c494b607bac67a30f8bf068632b962790de6fcdc8b53c98d

HTTP Headers

GET /js/taboola.js HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-48f"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eb3FVMjjfTgcdhOsnnCO3tej6aYQadV%2BCVMmdxHQ68DY3X1JelEmjygcMNh7wRM59bhkOydpABTGxC3OuCGVTi2tF3EvQC%2B9VW5RSBEemi0tNjx5lsN2mueLgpUs7p%2FHp8lg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9cc4a0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
e433fcb50acece9e71308bea3cae2176
2c0f6555dac211dede365146a74683d1e9dfd861
f857ceb2aa56ca52b06507625e2e52a4b27ff34f21fdd32a20048e9abf9a66b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2260
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:12 GMT
Last-Modified: Tue, 04 Oct 2022 08:16:32 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9917 bytes)
Hash
d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 39498
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
e433fcb50acece9e71308bea3cae2176
2c0f6555dac211dede365146a74683d1e9dfd861
f857ceb2aa56ca52b06507625e2e52a4b27ff34f21fdd32a20048e9abf9a66b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2260
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:12 GMT
Last-Modified: Tue, 04 Oct 2022 08:16:32 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 314

gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://dollarsurvey.site
server-processing-duration-in-ticks: 368554
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

trc.taboola.com/socionicsurvey/log/3/explore?route=AM:IL:V&lti=deflated&ri=e8380e8bb0838b7f34c8d5713c6149ce&sd=v2_ee4dcbe383319507d005ca4a8eb6403c_6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33_1664873651_1664873651_CNawjgYQrbZYGKC4z5G6MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33&pi=/captcha1.html&wi=2979729064176134672&pt=text&vi=1664873651232&li=rbox-t2m&lt=deflated&tim=08%3A54%3A12.357&id=2174&llvl=2&cv=20221003-23-RELEASE&

151.101.85.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/socionicsurvey/log/3/explore?route=AM:IL:V&lti=deflated&ri=e8380e8bb0838b7f34c8d5713c6149ce&sd=v2_ee4dcbe383319507d005ca4a8eb6403c_6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33_1664873651_1664873651_CNawjgYQrbZYGKC4z5G6MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33&pi=/captcha1.html&wi=2979729064176134672&pt=text&vi=1664873651232&li=rbox-t2m&lt=deflated&tim=08%3A54%3A12.357&id=2174&llvl=2&cv=20221003-23-RELEASE&
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /socionicsurvey/log/3/explore?route=AM:IL:V&lti=deflated&ri=e8380e8bb0838b7f34c8d5713c6149ce&sd=v2_ee4dcbe383319507d005ca4a8eb6403c_6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33_1664873651_1664873651_CNawjgYQrbZYGKC4z5G6MCABKAEwogE434cMQJ6XEEj5qNkDUN6lI1gAYABo_9iV8p6d99_dAXAA&ui=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33&pi=/captcha1.html&wi=2979729064176134672&pt=text&vi=1664873651232&li=rbox-t2m&lt=deflated&tim=08%3A54%3A12.357&id=2174&llvl=2&cv=20221003-23-RELEASE& HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:12 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873653.785486,VS0,VE83
x-vcl-time-ms: 83
X-Firefox-Spdy: h2

cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png

151.101.85.44

200 OK

254 B

URL HTTP/2
cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
PNG image data, 12 x 12, 8-bit gray+alpha, non-interlaced\012- data
Size
254 B (254 bytes)
Hash
dfa7b52c86e56bd67fa4002f6ed19854
7df722645482433c2b5c8d8ab4272a9874592f27
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

HTTP Headers

GET /libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: c3AK0F63Rmz1U+ZkwDZRH6hJiJRTGpZB8kTBPWz0vwbg9siBxtMOH8aEqr1NtVeNHtLhLAVUR9E=
x-amz-request-id: 4JKSR0YA3KVH073N
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
content-type: image/png
server: AmazonS3
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
age: 4998
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 775
x-timer: S1664873653.054370,VS0,VE0
cache-control: private,max-age=31536000
abp: 97
content-length: 254
X-Firefox-Spdy: h2

trc.taboola.com/socionicsurvey/log/3/bulk?route=AM%3AIL%3AV&lti=deflated&bulkSize=1

151.101.85.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/socionicsurvey/log/3/bulk?route=AM%3AIL%3AV&lti=deflated&bulkSize=1
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /socionicsurvey/log/3/bulk?route=AM%3AIL%3AV&lti=deflated&bulkSize=1 HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 5651
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873653.040604,VS0,VE86
x-vcl-time-ms: 86
X-Firefox-Spdy: h2

trc.taboola.com/socionicsurvey/log/3/visible?route=AM%3AIL%3AV&lti=deflated

151.101.85.44

204 No Content

0 B

URL HTTP/2
trc.taboola.com/socionicsurvey/log/3/visible?route=AM%3AIL%3AV&lti=deflated
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /socionicsurvey/log/3/visible?route=AM%3AIL%3AV&lti=deflated HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 8095
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
content-type: image/gif
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: https://dollarsurvey.site
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
x-served-by: cache-bma1624-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1664873653.079380,VS0,VE83
x-vcl-time-ms: 83
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
b43e3e9cdad5efad05577946fe4b3f06
c1d7dd2fcc933aeb0ee32c520cc252667f5eb6c2
ee93a7579b92a4eff610e9ff201c8afe63e04e2aadebabb10a2ddb1dbe2b9518

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3374
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 08:54:13 GMT
Last-Modified: Tue, 04 Oct 2022 07:57:59 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 312

gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

178.250.2.146

200 OK

8.8 kB

URL HTTP/2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type
data
Size
8.8 kB (8807 bytes)
Hash
ba08148514c5fe621e08c47feb3e64e3
7ac60fa210eadf7b6357feba48d85d2b23415b4f
25c93465db75b372eac58429093c1dfe8388f9c804d8e9a8d6b9c614e1e957a3

HTTP Headers

GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-crto-bundle: qZyXiF9pJTJCVGNHRkswdnRSa1RNOG9YWmlSVSUyRlZHYXlvVXdqRUtjdVBsTDFiam5OJTJCTnFRd1FVNjQ1TldzMXFCZVdlaDE3aDluN1puVUdzdk9sS0dIbGtTJTJCcmZEOTJlR1lEUXRDd3JQbyUyRmtyWDZzZ1NmMnRsWGtGRndrcm5VZ1BFbG14ZHFyM0d0S0xkcWdORGV4aFp2eVVScERnJTNEJTNE
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://dollarsurvey.site
server-processing-duration-in-ticks: 1463946
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

cdn.taboola.com/scripts/cds-pips.js

151.101.85.44

200 OK

923 B

URL HTTP/2
cdn.taboola.com/scripts/cds-pips.js
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (2312), with no line terminators
Size
923 B (923 bytes)
Hash
26cdd3fcc80c31abb5e56a5be502737e
a6a67fd2591deaa331e11376972b2dd06616242a
ac58c61fa356670a0b14838061e474db061cc73d27cd8495d6a80499e1ec340e

HTTP Headers

GET /scripts/cds-pips.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: w6fgNIMZM2fENM2mjLHAxJhEvZ7OhJ+orh5+d/mAuz+tqM7fgRp+7Y73K8+rKM3qB+G/FeTtVqo=
x-amz-request-id: 158FK1E03H5TYFXQ
x-amz-replication-status: COMPLETED
last-modified: Thu, 15 Sep 2022 14:11:45 GMT
etag: "8cbcf8a5c724c32aa9be09d14a4c624d"
x-amz-version-id: NrP0zRqJgdqCAFOGjLJOgaX1BFZQx8TJ
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:13 GMT
via: 1.1 varnish
age: 3077
x-served-by: cache-bma1624-BMA
x-cache: HIT
x-cache-hits: 3370
x-timer: S1664873654.991182,VS0,VE0
vary: Accept-Encoding
abp: 97
cache-control: private, max-age=3600
content-length: 923
X-Firefox-Spdy: h2

pips.taboola.com/

151.101.85.44

200 OK

4 B

URL HTTP/2
pips.taboola.com/
IP
151.101.85.44:0
ASN
#54113 FASTLY

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
6c3e226b4d4795d518ab341b0824ec29
eef19c54306daa69eda49c0272623bdb5e2b341f
fb329000228cc5a24c264c57139de8bf854fc86fc18bf1c04ab61a2b5cb4b921

HTTP Headers

GET / HTTP/1.1
Host: pips.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Varnish
retry-after: 0
access-control-allow-methods: GET
access-control-allow-origin: https://dollarsurvey.site
accept-ranges: bytes
date: Tue, 04 Oct 2022 08:54:14 GMT
via: 1.1 varnish
x-served-by: cache-bma1663-BMA
x-cache: HIT
x-cache-hits: 0
cache-control: no-store
content-length: 4
X-Firefox-Spdy: h2

cds.taboola.com/?uid=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33

141.226.224.32

204 No Content

0 B

URL HTTP/2
cds.taboola.com/?uid=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33
IP
141.226.224.32:0
ASN
#200478 Taboola.com ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?uid=6913db25-eb14-4369-a33c-f5f89e0baab1-tucta357a33 HTTP/1.1
Host: cds.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Tue, 04 Oct 2022 08:54:14 GMT
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2

ag.gbc.criteo.com/newidsd

185.235.84.122

200 OK

0 B

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
185.235.84.122:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 100259
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=72&r=2&j=TRC.getRTUS HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 579299
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

dollarsurvey.site/js/config.js?v=7

172.67.71.163

200 OK

0 B

URL HTTP/2
dollarsurvey.site/js/config.js?v=7
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/config.js?v=7 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-1085d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U7l5tsJG%2F61egaby0YCzJjBluPe41KNqG2%2F6rE3C%2FcTjlruygKJELiYZjRs7cVQiX%2BPqEVoOW3qE4lWlXYvaSmvc8slxDfg5xYleD0%2BFpo7QrjxuJ4EoktaDav3EO2GMaZm6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc380b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw&idsd=30310835,1546669770&cw=1&rtusCallerId=72&lsw=1

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw&idsd=30310835,1546669770&cw=1&rtusCallerId=72&lsw=1
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sid/json?origin=rtus&domain=dollarsurvey.site&sn=FirefoxSyncframe&so=0&topUrl=dollarsurvey.site&info=f35Isl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3dWWlFPZEVkQjFleE50bXNnaFg4Uk83cTJyZCUyRjJoTWloUkhXVkRmY3NUVw&idsd=30310835,1546669770&cw=1&rtusCallerId=72&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1189238
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

dollarsurvey.site/captcha1.html?utm_content=zd_public_v2

172.67.71.163

200 OK

0 B

URL HTTP/2
dollarsurvey.site/captcha1.html?utm_content=zd_public_v2
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /captcha1.html?utm_content=zd_public_v2 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/html
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXHTTQ8ESbcZuuk3P%2FJbRAhVB%2BW3nD8hVR14xeZXHtkxDSFimLfRSzNJxa7ItIZp5wn6%2B712R6C3SdXnAm2DpjAQWVqAZtWoCQfzNISiTaTMEWfxEcTgG6zrQBAEJmg3d9TO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0fb1d920b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

dollarsurvey.site/favicon.ico

172.67.71.163

200 OK

0 B

URL HTTP/2
dollarsurvey.site/favicon.ico
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: image/x-icon
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
etag: W/"633acffa-47e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6801
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6bncnlOo3LNta962yxooX3SWMQgevhAC2JH1VO0mCj1MRprp%2FQOk9yd9gYVgkLy84jglkioKbFpR0ps%2FkHlqXd6PkfOpI%2F4Gwl7R1K8ijfA1N6OIc2QxoUTgkukPCInHX08"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754cb0fda89f0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

dollarsurvey.site/js/dict/cookie-consent-1.json?v=1

172.67.71.163

200 OK

0 B

URL HTTP/2
dollarsurvey.site/js/dict/cookie-consent-1.json?v=1
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/dict/cookie-consent-1.json?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/json
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-168d"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BK4B7k7Pg%2F7jPH%2B2DNb6duHqZB4dzYPNb0rQx%2BNR8AKac8%2BPhqeyKViMOemAnM3j3%2FK3XJz0WxxFhQcGq87hggsUCoUFv5l0InhllzRcqjojsEhUMhCOG6ZAwXTB8Rv%2BDK8U"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0fcaf4d0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

dollarsurvey.site/css/captcha.css

172.67.71.163

200 OK

0 B

URL HTTP/2
dollarsurvey.site/css/captcha.css
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/captcha.css HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/css
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-1554"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R0xYnWTLYRnBdlQOTalGaGo6OChtH2h0XZBzbzV6y5gjlUtascAR%2FU%2FAdZlDlnT8TQBAeB0SXjc6eHXv25RpCzhbOYWw6OXqUKpFWGD1pFjKa72EF8CphpSBw3m%2FhPigucam"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc3c0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

gem.gbc.criteo.com/newidsd

178.250.6.239

200 OK

0 B

URL HTTP/2
gem.gbc.criteo.com/newidsd
IP
178.250.6.239:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:12 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 98286
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/syncframe?origin=rtus&topUrl=dollarsurvey.site
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /syncframe?origin=rtus&topUrl=dollarsurvey.site HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:11 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=cb4becf7-e4c8-42c5-babc-f94189c8020a; expires=Sun, 29 Oct 2023 08:54:11 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 694121
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2

dollarsurvey.site/captcha1.html

172.67.71.163

200 OK

0 B

URL HTTP/2
dollarsurvey.site/captcha1.html
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /captcha1.html HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: text/html
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FqO6cSh8CEFGkG5KMIA6%2BUHvDoOJi2vCJHG2GBYo7nEGikz830XtL%2BYCNUbgFsawKEflD6SgMMKMq%2FHQacxqQRC4ThOIOL%2FI2QNeDb00tkVCfVZfZ6HFN1rUAiE8Res%2FS1Hw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f85ada0b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

dollarsurvey.site/js/data/rtc.js?v=1

172.67.71.163

200 OK

0 B

URL HTTP/2
dollarsurvey.site/js/data/rtc.js?v=1
IP
172.67.71.163:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/data/rtc.js?v=1 HTTP/1.1
Host: dollarsurvey.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 08:54:10 GMT
content-type: application/javascript
last-modified: Mon, 03 Oct 2022 12:05:14 GMT
vary: Accept-Encoding
etag: W/"633acffa-3a65"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2770
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROEFC04nBpLaGS3KB2HL6aoEzOImAm9hhxsI1v1vKFzPxWxuFjMt3aZKqXxal6VyOgOv9i8e72tt%2BeTCcheBl3gJn5WXojB8kVfk6%2BM0DoVzLJgTkqpoPJKTMlsGisQbmRu7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754cb0f9bc350b06-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations