urlscan.io logo urlscan.io
SecurityTrails logo

m.survey.bz Open in urlscan Pro
20.163.109.211  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://beauty.sephora.com/T/v60000018daf6fb73a9b05a66e96c569c8/b4de415be2094df60000021ef3a0bcc3/b4de415b-e209-4df6-acc8-e4...
Effective URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Submission: On February 16 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 7 domains to perform 16 HTTP transactions. The main IP is 20.163.109.211, located in Phoenix, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is m.survey.bz.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 6th 2023. Valid for: a year.
This is the only time m.survey.bz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 159.127.187.20 19137 (EPSILON-I...)
7 20.163.109.211 8075 (MICROSOFT...)
1 23.212.202.218 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 143.204.98.39 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
16 9
1    159.127.187.20 (United States)

ASN19137 (EPSILON-INTERACTIVE, US)
beauty.sephora.com
7    20.163.109.211 (Phoenix, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
m.survey.bz
1    23.212.202.218 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-202-218.deploy.static.akamaitechnologies.com
2af191213dfa8d74ef9f-edc387cd80071cb4d0920ce52f5829fe.ssl.cf2.rackcdn.com
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    143.204.98.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-39.fra50.r.cloudfront.net
d3op16id4dloxg.cloudfront.net
1    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
translate.google.com
3    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
translate.googleapis.com
1    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
7 survey.bz
m.survey.bz
181 KB
4 gstatic.com
www.gstatic.com
fonts.gstatic.com
11 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48
translate.googleapis.com — Cisco Umbrella Rank: 1072
73 KB
1 google.com
translate.google.com — Cisco Umbrella Rank: 1284
31 KB
1 cloudfront.net
d3op16id4dloxg.cloudfront.net
100 KB
1 rackcdn.com
2af191213dfa8d74ef9f-edc387cd80071cb4d0920ce52f5829fe.ssl.cf2.rackcdn.com
19 KB
1 sephora.com
beauty.sephora.com — Cisco Umbrella Rank: 650846
503 B
16 7
Domain Requested by
7 m.survey.bz m.survey.bz
3 www.gstatic.com m.survey.bz
www.gstatic.com
1 fonts.gstatic.com m.survey.bz
1 translate.googleapis.com
1 translate.google.com m.survey.bz
1 d3op16id4dloxg.cloudfront.net m.survey.bz
1 fonts.googleapis.com m.survey.bz
1 2af191213dfa8d74ef9f-edc387cd80071cb4d0920ce52f5829fe.ssl.cf2.rackcdn.com m.survey.bz
1 beauty.sephora.com 1 redirects
16 9

This site contains links to these domains. Also see Links.

Domain
translate.google.com
www.materialplus.io
privacyportal.onetrust.com
Subject Issuer Validity Valid
*.survey.bz
Go Daddy Secure Certificate Authority - G2		 2023-08-06 -
2024-09-06		 a year crt.sh
*.ssl.cf2.rackcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-24 -
2024-11-27		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Frame ID: 2D299BCA93E4CB42CC0072437257D054
Requests: 16 HTTP requests in this frame

Frame: data://truncated
Frame ID: D6CA7F9E6D4888302309B8F815637C13
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Legal Notice Consent

Page URL History Show full URLs

  1. https://beauty.sephora.com/T/v60000018daf6fb73a9b05a66e96c569c8/b4de415be2094df60000021ef3a0bcc3/b4de41... HTTP 302
    https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

16
Requests

100 %
HTTPS

56 %
IPv6

7
Domains

9
Subdomains

9
IPs

2
Countries

416 kB
Transfer

722 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://beauty.sephora.com/T/v60000018daf6fb73a9b05a66e96c569c8/b4de415be2094df60000021ef3a0bcc3/b4de415b-e209-4df6-acc8-e4a12d4fa23d?__dU__=v0G4RBKTXg2Gvf-dtDhFgyx2PTfuJRsWdK HTTP 302
    https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request U75
m.survey.bz/
Redirect Chain
  • https://beauty.sephora.com/T/v60000018daf6fb73a9b05a66e96c569c8/b4de415be2094df60000021ef3a0bcc3/b4de415b-e209-4df6-acc8-e4a12d4fa23d?__dU__=v0G4RBKTXg2Gvf-dtDhFgyx2PTfuJRsWdK
  • https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
58 KB
59 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.163.109.211 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
510a90b42c9d6474bf863f3d4f0cd669c1c329d826f743af5978602a95075539

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Fri, 16 Feb 2024 01:15:18 GMT
Server
Kestrel
Transfer-Encoding
chunked

Redirect headers

cache-control
no-cache
content-length
0
date
Fri, 16 Feb 2024 01:15:18 GMT
location
https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
x-robots-tag
noindex
bootstrap.min.css
2af191213dfa8d74ef9f-edc387cd80071cb4d0920ce52f5829fe.ssl.cf2.rackcdn.com/lib/bootstrap-3.3.4/css/ 		115 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://2af191213dfa8d74ef9f-edc387cd80071cb4d0920ce52f5829fe.ssl.cf2.rackcdn.com/lib/bootstrap-3.3.4/css/bootstrap.min.css
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.212.202.218 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-202-218.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 01:15:18 GMT
Content-Encoding
gzip
Origin
https://mycloud.rackspace.com
Last-Modified
Wed, 17 Jun 2015 14:56:33 GMT
ETag
eedf9ee80c2faa4e1b9ab9017cdfcb88
Vary
Accept-Encoding
Content-Type
text/css
X-Timestamp
1434552992.25718
Cache-Control
public, max-age=147726
Connection
keep-alive
Accept-Ranges
bytes
X-Trans-Id
tx395bf505b0c94dca9c29c-0064ec8cd1ord1
Content-Length
19240
Expires
Sat, 17 Feb 2024 18:17:24 GMT
css2
fonts.googleapis.com/ 		2 KB
1017 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Work+Sans:wght@400;500&display=swap
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8615a11ed34069a21ce626de75f2f67f5397b20f567624a26dbf738598d8fc03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 16 Feb 2024 01:15:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 16 Feb 2024 00:58:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 16 Feb 2024 01:15:18 GMT
styles.css
m.survey.bz/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://m.survey.bz/css/styles.css?v=uc6N1jf-NjbK4JbiJ7jD4Gvtk4A
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.163.109.211 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
5eea8b9e8d781341d3bcdb743bab56189a935a64a8464cb3be1f7d29172c2eb1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 01:15:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 12 Feb 2024 10:03:10 GMT
Server
Kestrel
ETag
"uc6N1jf-NjbK4JbiJ7jD4Gvtk4A"
Transfer-Encoding
chunked
Content-Type
text/css; charset=UTF-8
Cache-Control
max-age=31536000,immutable
Connection
keep-alive
logo.svg
m.survey.bz/Content/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.survey.bz/Content/logo.svg
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.163.109.211 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
cfb479cc0e071b62dc1d8bc57ae758bbb72e3885df439b7a9db1b1b9a931ad03

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 01:15:19 GMT
Last-Modified
Mon, 12 Feb 2024 10:03:10 GMT
Server
Kestrel
ETag
"1da5d9aaecf0aac"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2476
loader.gif
m.survey.bz/Content/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.survey.bz/Content/loader.gif
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.163.109.211 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
90cec361a06297fe9f21d0581a04defe9f7a0c1b50c1bcd60d2909a2d7c46678

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 01:15:19 GMT
Last-Modified
Mon, 12 Feb 2024 10:03:10 GMT
Server
Kestrel
ETag
"1da5d9aaecf4f6f"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
19567
RelevantID4.js
d3op16id4dloxg.cloudfront.net/ 		100 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3op16id4dloxg.cloudfront.net/RelevantID4.js
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-39.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19965d1e60fcc9aa320360c85a41bb79893d277744637d078fa24b5906efb507

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 07:59:48 GMT
via
1.1 632ee301c4920b52f2463aa9e978c57e.cloudfront.net (CloudFront)
last-modified
Wed, 31 Aug 2022 03:27:05 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
age
62130
x-amz-server-side-encryption
AES256
etag
"fe199cd1c861fcd37a8d4ff9a17d5f57"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
102043
x-amz-cf-id
9NEbCjIrsqsvz1AEpKSHQDVsPgUANuX4gTUxaqOlA7BV0W8UBvJlyQ==
landing.js
m.survey.bz/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.survey.bz/js/landing.js?v=2bs1JT87hjkA0dpmoEvPgE7ylzM
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.163.109.211 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
be42d67eb5e85b01490e39d444b84a706f6c244b3656a4ee613e98db2515d8c8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 01:15:19 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 12 Feb 2024 10:03:10 GMT
Server
Kestrel
ETag
"2bs1JT87hjkA0dpmoEvPgE7ylzM"
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=UTF-8
Cache-Control
max-age=31536000,immutable
Connection
keep-alive
element.js
translate.google.com/translate_a/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
62754d2d7a0448f4555aa97a1a1ce656a8008300d748cafd7f951036f67d6bdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 01:15:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
MDPrimer-Medium.otf
m.survey.bz/Content/fonts/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m.survey.bz/Content/fonts/MDPrimer-Medium.otf?v=P8sSG2PWj7TMN4oGiFsNbHvIm2g
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/css/styles.css?v=uc6N1jf-NjbK4JbiJ7jD4Gvtk4A
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.163.109.211 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
0ca871c2a9715717ad3f1a47331214e955ff10a2ce64131920326b7a8548f5d8

Request headers

Referer
https://m.survey.bz/css/styles.css?v=uc6N1jf-NjbK4JbiJ7jD4Gvtk4A
Origin
https://m.survey.bz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 01:15:19 GMT
Last-Modified
Mon, 12 Feb 2024 10:03:10 GMT
Server
Kestrel
ETag
"1da5d9aaecfb890"
Content-Type
font/otf
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
48016
MDPrimer-Regular.otf
m.survey.bz/Content/fonts/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m.survey.bz/Content/fonts/MDPrimer-Regular.otf?v=P8sSG2PWj7TMN4oGiFsNbHvIm2g
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/css/styles.css?v=uc6N1jf-NjbK4JbiJ7jD4Gvtk4A
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.163.109.211 Phoenix, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
255c879d72666a370e7054ba6de816d2b27e8512a867adf9998831d60ad70ea4

Request headers

Referer
https://m.survey.bz/css/styles.css?v=uc6N1jf-NjbK4JbiJ7jD4Gvtk4A
Origin
https://m.survey.bz
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 01:15:19 GMT
Last-Modified
Mon, 12 Feb 2024 10:03:10 GMT
Server
Kestrel
ETag
"1da5d9aaecfbf34"
Content-Type
font/otf
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
48180
m=el_main_css
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/ 		22 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css
Requested by
Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.rpRLSsNR814.O/am=wA/d=1/rs=AN8SPfou97LMMLEkXs-0NjG1hiUcJ1dqOg/m=el_conf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 14 Feb 2024 03:23:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
165104
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4144
x-xss-protection
0
last-modified
Sat, 15 Jul 2023 01:09:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 13 Feb 2025 03:23:35 GMT
m=el_main
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.rpRLSsNR814.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpBxECGXNvA7ITXLHWalwslFX5aRA/ 		206 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.rpRLSsNR814.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpBxECGXNvA7ITXLHWalwslFX5aRA/m=el_main
Requested by
Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.rpRLSsNR814.O/am=wA/d=1/rs=AN8SPfou97LMMLEkXs-0NjG1hiUcJ1dqOg/m=el_conf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ffc5957af6a67b8722164e3472ca2a9be7c64e2e454a69c4fb85e37bbd5e7c7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Wed, 14 Feb 2024 10:10:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
140687
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
72793
x-xss-protection
0
last-modified
Fri, 09 Feb 2024 20:11:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="rosetta"
vary
Accept-Encoding
report-to
{"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 13 Feb 2025 10:10:32 GMT
truncated
/ Frame D6CA 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31f4e4abd5d8e145d6bd5505ae3ee469f66e6aba53fcc6cf04741d0a802ebc3d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Type
text/html;charset=UTF-8
24px.svg
fonts.gstatic.com/s/i/productlogos/translate/v14/ 		6 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 13 Feb 2024 02:33:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
254535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3340
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 14:24:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 12 Feb 2025 02:33:04 GMT
googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 		910 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
Requested by
Host: m.survey.bz
URL: https://m.survey.bz/U75?I.Project=p2301982&ID=106679461&i.user1=8&smp=99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.survey.bz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Tue, 13 Feb 2024 08:42:57 GMT
x-content-type-options
nosniff
age
232342
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
910
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 22:48:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 12 Feb 2025 08:42:57 GMT
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/branding/product/2x/translate_24dp.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.qhDXWpKopYk.L.W.O/am=wA/d=0/rs=AN8SPfq5gedF4FIOWZgYyMCNZA5tU966ig/m=el_main_css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 23:35:33 GMT
x-content-type-options
nosniff
age
5986
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1842
x-xss-protection
0
last-modified
Thu, 14 Oct 2021 09:08:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 14 Feb 2025 23:35:33 GMT

Verdicts & Comments Add Verdict or Comment

227 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| RVIDPrivacy string| _RVIDCaptureString object| _extraDataPoints object| captureObject string| __xe1913148__ number| _hpd object| PluginDetect string| userAgent boolean| isIE boolean| isWin boolean| isMac boolean| is_iPhone boolean| is_iPod boolean| isLinux boolean| isAndroid boolean| isOpera boolean| isChrome boolean| isSafari boolean| isFF boolean| isAOL number| counter object| body1 number| jsver object| BrowserDetect string| propertyString1 object| RVIDFlash string| hasRIF function| sha256 string| imperiumOriginalSurvey string| imperiumOriginalCookie function| sendLogMessageAsync function| createRVIDXMLHttpRequest function| setHoPoDetection function| tochar function| rvidPing function| setRVIDDataReadyAndSubmitForm function| callRVIDNow function| addValue function| addCapValue function| getOS function| checkIframes function| getSilverlightVersion function| getSilverlightMajorVersion function| detectSilverlight function| detectDirector function| getDirectorVersion function| getWindowsMediaVersion function| detectWindowsMedia function| isFlip4MacInstalled function| Flip4MacVersion function| getFlashInfo function| canDetectNavigatorPlugins function| detectPlugin function| getAllPlugins function| createScriptTag function| getJavascriptVersion function| BrowserInfo function| Get_Cookie function| Set_Cookie function| GetFontSize function| getTimeZoneDiff function| getJavaScriptBuild function| getBrowserBuild function| getNetMeetingBuild function| getServicePack function| getUserLanguage function| getSystemLanguage function| detectGecko function| getGeckoBuildDateToInt function| getConnectionType function| supportsDHTML function| supportsXMLHttpRequest function| supportsXML function| getAolVersion function| isEmailCrawler function| canUploadFile function| persistentCookies function| sessionCookies function| ExpireCookie_ function| addToCapture function| getBrowserTime function| getBrowserTimeMS function| getJavaEnabled function| getDataPoints function| rvidFreezeSetProp function| AddScriptTag function| checkTime function| checkTimeTime function| getDateTime function| createDiv function| createSol function| writeRIF function| setRIF1 function| setRIF2 function| getRIF1 function| readRIF function| rifStatusCheck function| createField function| createRVIDField function| createOutputFields function| getScore function| IsPageTranslated function| executeService function| isPropStringValid function| LogWarningForAnyMissingRequestPars function| LogWarningForMissingRequestPar function| getFunctionHash function| ImperiumXhrPost function| ImperiumGetValue function| isSSLv3MigratedClient function| getCNprintLegacyHash function| getCNprintLegacy function| getCNprintHash function| getWebGLRenderer function| getWebGLDataHash function| Get_CookieRIF3 function| Set_CookieRIF3 function| Expire_CookieRIF3 function| setRIF3 function| getRIF3 function| isMobile function| isMobile1 function| inIframe function| featDetectBrowser function| _pluginContains function| checkForAutomatedBrowserProps function| notificationPermissions function| isNotificationPermissionsOverridden function| keyboardLayoutMapSize function| mediaDevicesConstraintsCount function| _supportsBluetooth function| storageManagerDetails function| _userAgentClientHints function| _accelDetect function| _gyroDetect function| getAudioSampleRate function| mediaDeviceGroups function| _detectPrivacyMode function| getAllMimeTypes function| rvidDevToolsOpen object| relevantID object| jstz number| RVIDTrack string| RVIDClientID object| C object| ZZZ object| MobileOSArray object| MobileType object| isThisMobile object| browserobject number| pluginsArrayCounter number| namesCounter object| ma number| RVIDReady function| UAParser boolean| IsTesting boolean| DEBUG function| getParameterByName function| getRandomSuffixForRequestId function| toIsoString function| RVIDResponseComplete object| imperium object| sentryUaParser object| sentry object| sentryLanding function| googleTranslateElementInit function| _DumpException object| default_tr object| _F_toggles string| MSG_TRANSLATE string| MSG_CANCEL string| MSG_CLOSE function| MSGFUNC_PAGE_TRANSLATED_TO function| MSGFUNC_TRANSLATED_TO string| MSG_GENERAL_ERROR string| MSG_LEARN_MORE function| MSGFUNC_POWERED_BY string| MSG_TRANSLATE_PRODUCT_NAME string| MSG_TRANSLATION_IN_PROGRESS function| MSGFUNC_TRANSLATE_PAGE_TO function| MSGFUNC_VIEW_PAGE_IN string| MSG_RESTORE string| MSG_SSL_INFO_LOCAL_FILE string| MSG_SSL_INFO_SECURE_PAGE string| MSG_SSL_INFO_INTRANET_PAGE string| MSG_SELECT_LANGUAGE function| MSGFUNC_TURN_OFF_TRANSLATION function| MSGFUNC_TURN_OFF_FOR string| MSG_ALWAYS_HIDE_AUTO_POPUP_BANNER string| MSG_ORIGINAL_TEXT string| MSG_FILL_SUGGESTION string| MSG_SUBMIT_SUGGESTION string| MSG_SHOW_TRANSLATE_ALL string| MSG_SHOW_RESTORE_ALL string| MSG_SHOW_CANCEL_ALL string| MSG_TRANSLATE_TO_MY_LANGUAGE function| MSGFUNC_TRANSLATE_EVERYTHING_TO string| MSG_SHOW_ORIGINAL_LANGUAGES string| MSG_OPTIONS string| MSG_TURN_OFF_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_SUGGESTION string| MSG_ALT_ACTIVITY_HELPER_TEXT string| MSG_USE_ALTERNATIVES string| MSG_DRAG_TIP string| MSG_CLICK_FOR_ALT string| MSG_DRAG_INSTUCTIONS string| MSG_SUGGESTION_SUBMITTED string| MSG_MANAGE_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_AND_CONTRIBUTE_ACTIVITY_HELPER_TEXT string| MSG_ORIGINAL_TEXT_NO_COLON string| MSG_LANGUAGE_UNSUPPORTED string| MSG_LANGUAGE_TRANSLATE_WIDGET string| MSG_RATE_THIS_TRANSLATION string| MSG_FEEDBACK_USAGE_FOR_IMPROVEMENT string| MSG_FEEDBACK_SATISFIED_LABEL string| MSG_FEEDBACK_DISSATISFIED_LABEL string| MSG_TRANSLATION_NO_COLON function| _exportVersion function| _getCallbackFunction function| _exportMessages function| _loadJs function| _loadCss function| _isNS function| _setupNS object| google object| closure_lm_798461

1 Cookies

Domain/Path Name / Value
beauty.sephora.com/ Name: hConversionEventId
Value: AQEAAZQF2gAmdjYwMDAwMDE4ZC1hZjZmLWI3M2EtOWIwNS1hNjZlOTZjNTY5YzjaACRiNGRlNDE1Yi1lMjA5LTRkZjYtMDAwMC0wMjFlZjNhMGJjYzPaACRhM2JlYmU3ZS1kNzc1LTRkYzItOTdlMC0yMWZjM2ZmMTY2Y2Tp6q8M9YvdhF9yQOo8F7ScLQXFe2GeNp5tsUXs-ug4NA

1 Console Messages

Source Level URL
Text
other warning URL: https://d3op16id4dloxg.cloudfront.net/RelevantID4.js
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2af191213dfa8d74ef9f-edc387cd80071cb4d0920ce52f5829fe.ssl.cf2.rackcdn.com
beauty.sephora.com
d3op16id4dloxg.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
m.survey.bz
translate.google.com
translate.googleapis.com
www.gstatic.com
143.204.98.39
159.127.187.20
20.163.109.211
23.212.202.218
2a00:1450:4001:800::2003
2a00:1450:4001:810::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::200a
0ca871c2a9715717ad3f1a47331214e955ff10a2ce64131920326b7a8548f5d8
19965d1e60fcc9aa320360c85a41bb79893d277744637d078fa24b5906efb507
255c879d72666a370e7054ba6de816d2b27e8512a867adf9998831d60ad70ea4
31f4e4abd5d8e145d6bd5505ae3ee469f66e6aba53fcc6cf04741d0a802ebc3d
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
510a90b42c9d6474bf863f3d4f0cd669c1c329d826f743af5978602a95075539
5eea8b9e8d781341d3bcdb743bab56189a935a64a8464cb3be1f7d29172c2eb1
62754d2d7a0448f4555aa97a1a1ce656a8008300d748cafd7f951036f67d6bdc
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
71ca2652e2b3ffd3c0ec966958604714ce6c7af01d961b44adc438518eb58cb3
8615a11ed34069a21ce626de75f2f67f5397b20f567624a26dbf738598d8fc03
90cec361a06297fe9f21d0581a04defe9f7a0c1b50c1bcd60d2909a2d7c46678
ab5c23a05e39deed14d9d8262b0dce9f024f86105a27196cad37d14a3f516e09
be42d67eb5e85b01490e39d444b84a706f6c244b3656a4ee613e98db2515d8c8
cfb479cc0e071b62dc1d8bc57ae758bbb72e3885df439b7a9db1b1b9a931ad03
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
ffc5957af6a67b8722164e3472ca2a9be7c64e2e454a69c4fb85e37bbd5e7c7a