sweepstakessurvey.org Open in urlscan Pro
172.67.75.79 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campa...
Effective URL:
https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465...
Submission: On September 25 via manual (September 25th 2021, 6:24:44 pm UTC) from ID — Scanned from DE

Summary HTTP 99 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 17 domains to perform 99 HTTP transactions. The main IP is 172.67.75.79, located in United States and belongs to CLOUDFLARENET, US. The main domain is sweepstakessurvey.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 8th 2021. Valid for: a year.

This is the only time sweepstakessurvey.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	172.67.69.11 172.67.69.11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	139.45.197.240 139.45.197.240	9002 (RETN-AS) (RETN-AS)
1	172.67.204.132 172.67.204.132	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
2	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
3	142.250.186.78 142.250.186.78	15169 (GOOGLE) (GOOGLE)
1	37.48.68.71 37.48.68.71	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
29	172.67.75.79 172.67.75.79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 12	93.158.134.119 93.158.134.119	13238 (YANDEX) (YANDEX)
1	74.125.140.156 74.125.140.156	15169 (GOOGLE) (GOOGLE)
1	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
99	14

12 172.67.69.11 (United States)

ASN13335 (CLOUDFLARENET, US)

expensivesurvey.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 139.45.197.240 (United Kingdom)

ASN9002 (RETN-AS, GB)

propeller-tracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
beturtwiga.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.204.132 (United States)

ASN13335 (CLOUDFLARENET, US)

tagstaticx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

itcleffaom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

in-page-push.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forflygonom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.48.68.71 (Arnhem, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

tagdataxrt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 172.67.75.79 (United States)

ASN13335 (CLOUDFLARENET, US)

sweepstakessurvey.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 93.158.134.119 (Moscow, Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)
PTR: mc.yandex.ru

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.140.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wq-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	sweepstakessurvey.org sweepstakessurvey.org	293 KB
12	expensivesurvey.online expensivesurvey.online	140 KB
10	yandex.com 2 redirects mc.yandex.com	3 KB
7	propeller-tracking.com propeller-tracking.com	8 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	rtmark.net my.rtmark.net	2 KB
2	yandex.ru mc.yandex.ru Failed	65 KB
2	googletagmanager.com www.googletagmanager.com	87 KB
1	doubleclick.net stats.g.doubleclick.net	465 B
1	google.com www.google.com Failed	522 B
1	tagdataxrt.com tagdataxrt.com Failed
1	forflygonom.com forflygonom.com	325 B
1	beturtwiga.com beturtwiga.com	2 KB
1	in-page-push.net in-page-push.net	2 KB
1	itcleffaom.com itcleffaom.com	657 B
1	tagstaticx.com tagstaticx.com	19 KB
0	googlesyndication.com Failed pagead2.googlesyndication.com Failed
99	17

	Domain	Requested by
29	sweepstakessurvey.org	beturtwiga.com sweepstakessurvey.org
12	expensivesurvey.online	expensivesurvey.online
10	mc.yandex.com	2 redirects sweepstakessurvey.org mc.yandex.ru
7	propeller-tracking.com	expensivesurvey.online propeller-tracking.com sweepstakessurvey.org
3	www.google-analytics.com	www.googletagmanager.com sweepstakessurvey.org
3	my.rtmark.net	expensivesurvey.online tagstaticx.com beturtwiga.com sweepstakessurvey.org
2	mc.yandex.ru	www.googletagmanager.com
2	www.googletagmanager.com	expensivesurvey.online sweepstakessurvey.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.google.com	sweepstakessurvey.org
1	tagdataxrt.com	tagstaticx.com
1	forflygonom.com
1	beturtwiga.com	expensivesurvey.online
1	in-page-push.net	expensivesurvey.online
1	itcleffaom.com	expensivesurvey.online
1	tagstaticx.com	expensivesurvey.online
0	pagead2.googlesyndication.com Failed	tagstaticx.com
99	17

This site contains links to these domains. Also see Links.

Domain
beturtwiga.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-18` - `2022-06-17`	a year	crt.sh
propeller-tracking.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-05` - `2021-11-05`	a year	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-11-26`	a year	crt.sh
itcleffaom.com R3	`2021-07-29` - `2021-10-27`	3 months	crt.sh
in-page-push.net R3	`2021-09-18` - `2021-12-17`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
beturtwiga.com R3	`2021-07-08` - `2021-10-06`	3 months	crt.sh
forflygonom.com R3	`2021-08-10` - `2021-11-08`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2021-07-28` - `2022-01-07`	5 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Frame ID: E17E33AFEB6BC590B8CFCA1D79109052
Requests: 98 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dear user

Page URL History Show full URLs

https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e93... Page URL
https://beturtwiga.com/4533056/?var=4493500&request_var=1309_996&var3=465696401246924816 Page URL
https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b83... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

99
Requests

74 %
HTTPS

0 %
IPv6

17
Domains

17
Subdomains

14
IPs

4
Countries

639 kB
Transfer

1755 kB
Size

17
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://beturtwiga.com/4180207/?var=4533056&ymid=4493500

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2 Page URL
https://beturtwiga.com/4533056/?var=4493500&request_var=1309_996&var3=465696401246924816 Page URL
https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 88

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9407.YV49kqWFpp1vebfYVX-EaKHyhlYcBuJl2HRxymC7iT77WMm9AppW1PihXH5MZyi6.U_3Mx2Qu6NMKlEkPddVqK4_N7ck%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9407._Flj_p8V8SYGysbAzSvc_-JWtz6rETDfOTbaI24OTEg6F8Vb73hFzzmZ2b5uiOdtSlJkbcSxhXe7L4KMzKprpQ%2C%2C.ZuhmYvwdbTydzIAht__afbj9WoM%2C

Request Chain 91

https://mc.yandex.com/watch/84103558?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A212%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A864456967374%3Ahid%3A258368452%3Az%3A0%3Ai%3A20210925182435%3Aet%3A1632594276%3Ac%3A1%3Arn%3A926207027%3Arqn%3A1%3Au%3A1632594276449544005%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1632594275501%3Ads%3A13%2C32%2C99%2C0%2C0%2C0%2C%2C117%2C3%2C%2C%2C%2C264%3Adsn%3A13%2C32%2C99%2C1%2C0%2C0%2C%2C118%2C3%2C%2C%2C%2C264%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1632594276%3At%3ADear%20user HTTP 302
https://mc.yandex.com/watch/84103558/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A212%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A864456967374%3Ahid%3A258368452%3Az%3A0%3Ai%3A20210925182435%3Aet%3A1632594276%3Ac%3A1%3Arn%3A926207027%3Arqn%3A1%3Au%3A1632594276449544005%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1632594275501%3Ads%3A13%2C32%2C99%2C0%2C0%2C0%2C%2C117%2C3%2C%2C%2C%2C264%3Adsn%3A13%2C32%2C99%2C1%2C0%2C0%2C%2C118%2C3%2C%2C%2C%2C264%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1632594276%3At%3ADear%20user

99 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 finance-survey.html Show response
expensivesurvey.online/ 4 KB
2 KB 171ms
119ms Document
text/html 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 619318564e4382e079882891808b80c243c050a0d2dfc93b270cca64509a78f8

Request headers

:method: GET
:authority: expensivesurvey.online
:scheme: https
:path: /finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-type: text/html
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n9KcFn8HIZZqB9mwp8DyOz2CozXwJQ62AHIh9vpbppGKfPjXuVEXfzCzcwfaGCl540VUY1Y0KgyHVgyXzLx1t9%2F7Nkyw3DH5p2d0o4IsvFT%2FWxvhvVRNgolQv0aQWH4BP%2Fj20v9FI%2FU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69464a4b08c34108-PRG
content-encoding: br

GET
H2 200 fv.js Show response
propeller-tracking.com/ 5 KB
3 KB 55ms
15ms Script
text/javascript 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Requested by

Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: 8ff8fd5b07765b47d61fe0d2dbe2e6f1
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 rtc.js Show response
expensivesurvey.online/js/data/ 11 KB
5 KB 21ms
20ms Script
application/javascript 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/js/data/rtc.js
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e21a5fdcb464c61185f66b10a6405f01fe3a8cd639b599a5b3d2f6b5aae4c0

Request headers

:path: /js/data/rtc.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2057
cf-polished: origSize=15077
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-3ae5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IKdPO1qJRZse1QnncP%2FXoxpxcZRuSWY27jSZiz9QZOwQT3aVOvEVtG%2Bv1I4yuHvqBv31pBN%2FxHF1zkAM43alGJAtjmbTkQWx6dxyCdUWxNz1%2BUGTuvPgV%2BzUFkze0b5hhNqQAloLZSg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4be9894108-PRG
cf-bgj: minify

GET
H2 200 config.js Show response
expensivesurvey.online/js/ 89 KB
30 KB 24ms
23ms Script
application/javascript 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/js/config.js
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfb69c532ae9715264ffd1cc17caf7ce81ccbe64c87de5e73a5859f56f4f3664

Request headers

:path: /js/config.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2057
cf-polished: origSize=90958
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-1634e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6W2gVLOnK7FPKRVCbhfzwgwvzdkDUyy7d2UrE3bG25h9Nzycg6oz22uo3KeI%2F%2B3Pf1vnzyjLDhp61fE6t37jL%2BRPIYnkuyIapjk8DDACStugNl5aWzttvCoaEHNI6QmLehENs9D2WlI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4be98c4108-PRG
cf-bgj: minify

GET
H2 200 survey.css
expensivesurvey.online/css/ 20 KB
5 KB 21ms
21ms Stylesheet
text/css 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/css/survey.css
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3be03a6b2f9eac618699d1416117e4392a7e589be7ab3db8c9fa4111d147de36

Request headers

:path: /css/survey.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2057
cf-polished: origSize=20082
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-4e72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7xdlV%2BjF21hUh4jvgzw%2F0pU5r%2BFWCjpZkOMli5GQWuY84BVJoo1T%2BmIdwcby6MNZI1tb5vXRVgf80hRmayz8eLJ485%2BNCTv%2BkYJRZH%2BmFniJbLIb3NjC0QgE06RVqfIpvk5TP5t3gy8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69464a4be98a4108-PRG
cf-bgj: minify

GET
H2 200 style.css
expensivesurvey.online/css/ 33 KB
5 KB 22ms
21ms Stylesheet
text/css 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/css/style.css?v=1
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99f9a09b49183dd3f892522333092c7bed44d6dceab0a7b5caa7e973440d7509

Request headers

:path: /css/style.css?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2057
cf-polished: origSize=34029
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-84ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ymX2KT%2FncoigwFGDMiBgB5K0ksyVBm4wG14uwe8cIo8yLxqjOaSSvTP%2FJqAe%2F9n6IuVQHwcVh7J41ssG869DNVQ0dUuyRJIDfErHDlLApoeCS2GsH%2B0Rz5uhIt6yEpJnnBvzwGQtrtg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69464a4be98b4108-PRG
cf-bgj: minify

GET
H2 200 icon-survey.svg
expensivesurvey.online/img/ 3 KB
1 KB 31ms
30ms Image
image/svg+xml 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://expensivesurvey.online/img/icon-survey.svg
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64a92922801ea676a88192b928a94d9179fe23c789767bba01647c21fb289904

Request headers

:path: /img/icon-survey.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
age: 2057
etag: W/"614c69ca-c26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nspllLUnsU9bKB52rzH8d9R5cF3kKHBoGw2mTdlP4iGqAqh8jCzjGA6HuD3GabKVKNNAfAEV%2BZimyG%2Fy1TZDRemt8h5gYFhbSFwIycZ8zoHU%2BLLN8qvVlXfBQtODC1jhJY2HDmisenk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4c39d24108-PRG

GET
H2 200 survey-site.js Show response
expensivesurvey.online/js/ 3 KB
1 KB 30ms
30ms Script
application/javascript 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/js/survey-site.js
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6ce1add3a481e1df35ca5c582f7b8cc2eb19779063dd89e66f2b142ef57cf3a

Request headers

:path: /js/survey-site.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
age: 2057
etag: W/"614c69ca-b23"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMZUe5E2ujAggfDvDbEomSo1mzFDHWFtYoWv6guHQYqC5K%2BTsy5SjBmcw9t%2B47iYsYvx4ZSN6A8nWS6oNKppDvukwJoHjqXy0RWS%2B%2B1SWAh2RexubPi2Wmjk1Liuf75v5ZCBsDhrNg0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4c39d34108-PRG
cf-bgj: minify

GET
H2 200 survey.js Show response
expensivesurvey.online/js/ 272 KB
84 KB 30ms
30ms Script
application/javascript 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/js/survey.js
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/finance-survey.html?z=4493500&offer_id=2897&var=1309_996&ymid=614f6943e98e930001d370c4&utm_campaign=1309_996&utm_medium=4493500&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d58311a4350315dd51399568727b8bd320dd07fd7b067e5ba6a07e57e0e22889

Request headers

:path: /js/survey.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2057
cf-polished: origSize=278445
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-43fad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jIDJ3G088l3osw97sDJxCqmkHIGS7aftSXLtdft5m18bPvekYapkJGZIzSeuY%2F%2BU0nzG0IJk75ChO40sOmFl9LHYE6suViBwfSeP2EvgFVSaaTtXN%2FFymbDrsEiGzu7lhCJTwmToNDk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4c29c94108-PRG
cf-bgj: minify

GET
H2 200 sd-1203000.js Show response
expensivesurvey.online/js/data/ 11 KB
2 KB 30ms
30ms Script
application/javascript 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/js/data/sd-1203000.js
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa9304c359cf7a8bed1576ec071824eb615d9ae60a2a041001d8673e7c07110b

Request headers

:path: /js/data/sd-1203000.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 160
cf-polished: origSize=20494
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-500e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T3SvpTU7CsapJ68b8cHrKXoz8a72yJXfyUZRmcU5ICia2KzXcSMI6b6wkDxVxOda86nhs3L4ITxoLolkR5IAkoXku4MOGDqOxmmNdG1F%2F01hHRyieyO95X18IHTFy%2BTYag8guHA%2BsBE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4c39d44108-PRG
cf-bgj: minify

GET
H2 204 vctx Show response
propeller-tracking.com/ 0
497 B 13ms
12ms XHR
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vctx?t=82892

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 2840dc434418706a5ebf2a7d2b6128b7
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://expensivesurvey.online
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 micro.tag.min.js
expensivesurvey.online/pfe/current/ 131 KB
0 133ms
133ms Script
application/javascript 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/pfe/current/micro.tag.min.js?z=4292864&sw=/sw/sw4292864.js&var=4493500&var_3=null&ymid=1309_996&cdn=1&domain=ugyplysh.com
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /pfe/current/micro.tag.min.js?z=4292864&sw=/sw/sw4292864.js&var=4493500&var_3=null&ymid=1309_996&cdn=1&domain=ugyplysh.com
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-20bd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Sbn6r7bS7eW2uC2jjhl3vdym1qay6oMpTrevic7sq0mr9zXy6rOVdEkgqDOGvpyS4kCSONHtluw4ymqt6eUDO1hzh7K1HTYs5yVvBGGXTcOUDIlUlpkSlr57HmQ2sKlGxsH1JnPUyg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4c79f44108-PRG

POST
H2 204 vbl
propeller-tracking.com/ 0
496 B 12ms
12ms Ping
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vbl?t=82892&bid=undefined&aid=undefined

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: b4fcaa3869ea24b2ace017d1b5ca1d64
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://expensivesurvey.online
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 tag.js
tagstaticx.com/ 53 KB
19 KB 85ms
24ms Script
application/javascript 172.67.204.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/survey.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.204.132 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 16 Sep 2021 08:52:13 GMT
server: cloudflare
age: 4725
etag: W/"614305bd-d408"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kbuv0AMc3b0RjGfBzSSnEGIojsQJcWwTuVNJ29OIveMzmqcaRz1jq08WunCQwj7vq0EGHGQSO%2BpOsrIlDxT4MRsDfsIAJV40ZANLHAqVFkodNK9Z8L220%2B4kEeO7X7LjQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4ced5627b4-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gid.js
my.rtmark.net/ 65 B
550 B 41ms
13ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://expensivesurvey.online
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 track
itcleffaom.com/ 197 B
657 B 59ms
18ms XHR
application/json 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://itcleffaom.com/track?offer_id=2897&z=4493500&request_var=1309_996&variable2=614f6943e98e930001d370c4

Requested by

Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 619f0b4b5050ad5e48b17895b607aab2
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://expensivesurvey.online
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
content-length: 197
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 4292526
in-page-push.net/500/ 4 KB
2 KB 64ms
15ms XHR
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://in-page-push.net/500/4292526?var=4493500&ymid=1309_996

Requested by

Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 2e9b84796544b8f286aca1a7277427e9
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://expensivesurvey.online
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 en.json
expensivesurvey.online/js/comments/ 4 KB
1 KB 96ms
96ms XHR
application/json 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/js/comments/en.json
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/survey.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /js/comments/en.json
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-11c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3FmbTIYTTfdTdDGKiuVrXrYNZn5Ve9Qq%2Bdga9OxcoKAhjx00WakSAVBVJeygSY4Dawb1i1dUXd0ChLeJd%2F%2BXZAO02XAtboXaTxONcK4GhCORKFLPwK2JNT0pj3aUtXZEuhBCsisosZQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4cba2e4108-PRG

GET
H2 200 gtm.js
www.googletagmanager.com/ 121 KB
44 KB 47ms
24ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NLSFF85

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44172
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 25 Sep 2021 18:24:35 GMT

GET
H2 200 cookie-consent-1.json
expensivesurvey.online/js/dict/ 4 KB
2 KB 103ms
103ms XHR
application/json 172.67.69.11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://expensivesurvey.online/js/dict/cookie-consent-1.json?v=1
Requested by: Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /js/dict/cookie-consent-1.json?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: expensivesurvey.online
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-11dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vfyfiVSxqF7fjTHGIPgWEoDYd%2BW6qOh6VoyEE%2BCLO2H3hDi9FHkxq7vke22dVCpd0usultE76EoRRihjki4d6rCf%2F8LDKzySjIDRH2yNvFYNp78%2BFPuW7FINZ7ZzfTZD973flfoaHDM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4cba334108-PRG

GET
H2 200 / Show response
beturtwiga.com/4533056/ 2 KB
2 KB 60ms
17ms Document
text/html 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://beturtwiga.com/4533056/?var=4493500&request_var=1309_996&var3=465696401246924816

Requested by

Host: expensivesurvey.online
URL: https://expensivesurvey.online/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1f98fee28d1a8b824d25b6f5abb1d3fbe34083161cf3c211ef500df86aa0e5ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: beturtwiga.com
:scheme: https
:path: /4533056/?var=4493500&request_var=1309_996&var3=465696401246924816
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Sat, 25 Sep 2021 18:24:35 GMT
content-type: text/html; charset=utf8
x-trace-id: ca6c580f0b326ac28d804d15d074ad1d
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://sweepstakessurvey.org>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://lukomol.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: * *
set-cookie: OAID=7fbd4e7dfa88473b832a4ae7145ff724; expires=Sun, 25 Sep 2022 18:24:35 GMT; path=/; secure; SameSite=None oaidts=1632594275; expires=Sun, 25 Sep 2022 18:24:35 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip

GET
H2 200 XWPjAe43QThg6yfD07YP8K9_Bw0AFT5WZJzuJbvB06Y7wvffgYC_mJxyyidICAG1rqwdsVRR3XOid_LsEqRcZQDvOqJMpyRD_P7xckpr9u0lwdY8i1lw_iPGR8JxSnmTb5FXIvyJDcXHuBfyDEFAIQnWOdfB4hlPB_zVH-5jnkbi-Z8k9mGS2yKOVqEMwmy0hguqR...
forflygonom.com/impression/ 43 B
325 B 59ms
16ms Image
image/gif 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forflygonom.com/impression/XWPjAe43QThg6yfD07YP8K9_Bw0AFT5WZJzuJbvB06Y7wvffgYC_mJxyyidICAG1rqwdsVRR3XOid_LsEqRcZQDvOqJMpyRD_P7xckpr9u0lwdY8i1lw_iPGR8JxSnmTb5FXIvyJDcXHuBfyDEFAIQnWOdfB4hlPB_zVH-5jnkbi-Z8k9mGS2yKOVqEMwmy0hguqRWDaDx8vttY6tiv16TViQqrefr5dhoSnd5l-HtmlRH3Q6zoawBIz9cd2Zm1WppjNJJpjf29GQ6SAqvdUsAL3foWdfXBuChC5EvEBOtLNsPRd1TRFzrUzGzOBUN4u6TCb64RUUTGAoWN9xHQP_5XaOFbSI5HU8PSIO1SgU0j9hyPTyWMlr7D_XH-5L_ZIznRbqcyjLUgIfqyXRdDss5P0uwkxV67T?_z=4292526

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 9cc235e9e5cce84eb240c134122e4073
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: image/gif
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
strict-transport-security: max-age=1
timing-allow-origin: *
content-length: 43
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 analytics.js
www.google-analytics.com/ 48 KB
0 29ms
7ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLSFF85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5555
date: Sat, 25 Sep 2021 16:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 25 Sep 2021 18:52:00 GMT

GET tag.js
mc.yandex.ru/metrika/ 0
0

HEAD adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0

GET gid.js
my.rtmark.net/ 0
0

GET pix.jpg
tagdataxrt.com/ 0
0

GET version.js
tagdataxrt.com/ 0
0

GET googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

GET googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 0
0

GET googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

GET googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

GET googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ 0
0 50ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
Protocol: HTTP/1.1
Server: 37.48.68.71 Arnhem, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://expensivesurvey.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Sat, 25 Sep 2021 18:24:35 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://expensivesurvey.online
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST add
tagdataxrt.com/ir/ 0
0

GET unnamed.jpg
expensivesurvey.online/img/comments/ 0
0

GET person-1.png
expensivesurvey.online/img/comments/ 0
0

GET person-14.jpg
expensivesurvey.online/img/comments/ 0
0

GET person-2.png
expensivesurvey.online/img/comments/ 0
0

GET person-4.jpeg
expensivesurvey.online/img/comments/ 0
0

GET person-5.jpg
expensivesurvey.online/img/comments/ 0
0

GET person-6.jpg
expensivesurvey.online/img/comments/ 0
0

GET person-8.jpg
expensivesurvey.online/img/comments/ 0
0

GET person-3.png
expensivesurvey.online/img/comments/ 0
0

GET person-9.jpg
expensivesurvey.online/img/comments/ 0
0

GET person-10.jpg
expensivesurvey.online/img/comments/ 0
0

GET person-11.jpeg
expensivesurvey.online/img/comments/ 0
0

GET person-12.jpeg
expensivesurvey.online/img/comments/ 0
0

GET person-13.jpg
expensivesurvey.online/img/comments/ 0
0

POST vb
propeller-tracking.com/ 0
0

POST
H2 200 img.gif
my.rtmark.net/ 43 B
506 B 14ms
14ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=7fbd4e7dfa88473b832a4ae7145ff724

Requested by

Host: beturtwiga.com
URL: https://beturtwiga.com/4533056/?var=4493500&request_var=1309_996&var3=465696401246924816

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: https://beturtwiga.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 Primary Request sweep.html Show response
sweepstakessurvey.org/ 5 KB
2 KB 144ms
98ms Document
text/html 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Requested by: Host: beturtwiga.com
URL: https://beturtwiga.com/4533056/?var=4493500&request_var=1309_996&var3=465696401246924816
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccbecb3fc3ec810ccc204ed8d84b7e628fa6a2b572881344ba2d7cb54d9558eb

Request headers

:method: GET
:authority: sweepstakessurvey.org
:scheme: https
:path: /sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-type: text/html
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bpyrdm41qYey%2BYGQbBlbtUiBQ9cgcAxciDMDBGb9yeFaTM7slbxyunkmT9u%2FaH89xYV2GA181AeRJo%2F7zWRuHO0f4bfqXrhZ9tZbFtlK1x6dcbh7exKSjIdpBRGIS4z8cE%2F9kfs2hQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69464a4e3a9f27bc-PRG
content-encoding: br

GET
H2 200 fv.js Show response
propeller-tracking.com/ 5 KB
3 KB 13ms
12ms Script
text/javascript 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Requested by

Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: 955391953b3f22c41199745cf24e89b6
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 rtc.js Show response
sweepstakessurvey.org/js/data/ 11 KB
5 KB 20ms
20ms Script
application/javascript 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/data/rtc.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e21a5fdcb464c61185f66b10a6405f01fe3a8cd639b599a5b3d2f6b5aae4c0

Request headers

:path: /js/data/rtc.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3791
cf-polished: origSize=15077
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-3ae5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aej4miEj3CwtvEtOl7%2Fr6jBgXGMzbvzl2BReKykEBPxPb%2Ft3cz9PYQ2zCytYFd5QTDZF7QKz7g0Pxje64x8ZdJz%2F4%2BrCMP%2FE%2FL4v68Ukg%2BN6PCN2aXWrFxHlKFd0ulx%2F6QXaX%2F2etw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4eeb1027bc-PRG
cf-bgj: minify

GET
H2 200 config.js Show response
sweepstakessurvey.org/js/ 89 KB
30 KB 26ms
25ms Script
application/javascript 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/config.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfb69c532ae9715264ffd1cc17caf7ce81ccbe64c87de5e73a5859f56f4f3664

Request headers

:path: /js/config.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3791
cf-polished: origSize=90958
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-1634e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nfjtsbuYhA1DCxAtI9PWJWg2kaMvFvCq%2BBkDdGLV5PmQocha%2BxiVj8OX2%2BBFqIbsc6ZgLFvuaPHIc3iZW0%2FI0to4nIUVwUuAdlsrzvjbyRffPxP8JrGH7hMUn9hHm9Z6xHf1%2BBDeQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4eeb1127bc-PRG
cf-bgj: minify

GET
H2 200 survey.css
sweepstakessurvey.org/css/ 20 KB
5 KB 24ms
24ms Stylesheet
text/css 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/css/survey.css
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3be03a6b2f9eac618699d1416117e4392a7e589be7ab3db8c9fa4111d147de36

Request headers

:path: /css/survey.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3790
cf-polished: origSize=20082
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-4e72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3T0vmFhLTw3ub69jyAXeamNobe8jBfSfnMOAoR1hzgBJz0sKn%2FCjTBYJcpUVjsEUO7NFuTfub95dK3qcRLipxS3btHP0PrGOmaAOMba4w1mOOBqEZ9M0TPBCfmgHKFbOK2VZmeYblQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69464a4eeb1427bc-PRG
cf-bgj: minify

GET
H2 200 sweep.css
sweepstakessurvey.org/css/ 8 KB
2 KB 25ms
24ms Stylesheet
text/css 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/css/sweep.css
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d34f1ba37b2092afa50914fb76348ab3d443b72cbdfafc78b229720501b41d87

Request headers

:path: /css/sweep.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3790
cf-polished: origSize=7886
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-1ece"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otIjJEmqFCioACkgTXNRsGvz3lC3ZH4K4Nt5fepCoKK07N3tK8660OfON1J4iBJ09QXw93LzkXDSSnFa76o8KPmcfp7qUmmg5H6aaoixcGjqawkTgTYeimpHXBioh49StfS6xxmbaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69464a4eeb1527bc-PRG
cf-bgj: minify

GET
H2 200 box_c.png
sweepstakessurvey.org/img/sweep/ 4 KB
4 KB 20ms
20ms Image
image/png 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/sweep/box_c.png
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cff9cd1c5becb5c7fc4332898e6e98066be2e9f389abc54db50836d660a03809

Request headers

:path: /img/sweep/box_c.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
age: 3790
etag: "614c69ca-ef0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkK6muvgBVgXdk%2FsmATtzfZyqcmVtRnH%2BFdicqMjmr8mrIg%2Fp%2B%2BdG%2FcrH8p8mIBBDJLL14%2FMK50cqZy6%2FZxGyz9AJORUF%2Fw%2FxQLdCZhpnCQIgB7gV7B%2F15ogvdYrr3xQqN9snoDnCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69464a4f3b3d27bc-PRG
content-length: 3824

GET
H2 200 survey.js Show response
sweepstakessurvey.org/js/ 272 KB
84 KB 25ms
25ms Script
application/javascript 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/survey.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d58311a4350315dd51399568727b8bd320dd07fd7b067e5ba6a07e57e0e22889

Request headers

:path: /js/survey.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3790
cf-polished: origSize=278445
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-43fad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jX9dEhNCBA0LdhpckNHRynilsJCzdrrRhunghKg76v%2FBJoUSIbJ58aYgeB8hDlA2pRKHVSpvzmDR9jtVfW5qzLWkrZEE8mxTFOk5lcwP1Y6T4e3Wy3HCw4G83bCUTLOd82F3%2F2EgJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4f0b2527bc-PRG
cf-bgj: minify

GET
H2 200 sweep.js Show response
sweepstakessurvey.org/js/ 2 KB
830 B 27ms
26ms Script
application/javascript 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/sweep.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34b85cd1b30b56624555b19f2091ce88f865af29882cba4b763516a89fbd7aa0

Request headers

:path: /js/sweep.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
age: 3790
etag: W/"614c69ca-617"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hUr2uShFxy6Y5N2wFLISW%2BGXucwjBGLybD0BcGChBiEGudynUvBrp8q1EWNz0YZui3wSWN62E31fF4chEvJJ%2FLq%2FzVzEA4zn8kjG7xunouX6JhKBCtS6HLYBJC%2B88UlNvYUQirpIVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4f2b2e27bc-PRG
cf-bgj: minify

GET
H2 204 vctx Show response
propeller-tracking.com/ 0
496 B 13ms
13ms XHR
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vctx?t=82892

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 891b511e5a7b468360cea1742b0c8f5d
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 204 vbl
propeller-tracking.com/ 0
496 B 12ms
12ms Ping
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vbl?t=82892&bid=undefined&aid=undefined

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: bbdb948dcc6fbe1dbbacfac0ae58c117
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 sd-999901.js Show response
sweepstakessurvey.org/js/data/ 4 KB
2 KB 20ms
20ms Script
application/javascript 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/data/sd-999901.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7d6f3f5f3e6052d69d3a32d218da607bc1eae6c633ff1481c5ca2c6f52e1718

Request headers

:path: /js/data/sd-999901.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3790
cf-polished: origSize=7502
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-1d4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGW6jnnTIfCb3TcUhUq7IorLBTfHuJpDX%2BfYd1%2FrPcU8zubhob5wdBRhL7%2BJrmMZ6N9%2BAVjOJ4rbeZtEL4KnIE1L0vdkkPZRDkcBn%2FkgKRQxxe3yQHoSI6f%2BtMuia6mr3JGVRJi%2BdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69464a4f3b3e27bc-PRG
cf-bgj: minify

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
548 B 13ms
12ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

f699cef5bf1ca0d7a41e6eb6b640708be924069ad972ab414ebf56c65d2ea725

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 tokens10k.png
sweepstakessurvey.org/img/sweep/ 65 KB
65 KB 19ms
19ms Image
image/png 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/sweep/tokens10k.png
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cb3f101f3327f07baf3bcd509372a6058d871da12ae0661771a5c7c339fff36

Request headers

:path: /img/sweep/tokens10k.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
age: 3789
etag: "614c69ca-1043e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VCKoo6CwvNmTDoYeQqixyw%2Fvq%2BC2HClvBVNgnrOOsOLfrgN5ZZMdIlsglaZ%2BpHLEw7qbg%2FsXif%2BB6lHHAAiRgP%2FZO6ZZNVNzkqHGUWWF78v3hQKuLOXqaSBgi82KZLA33jCqFZuXHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69464a4f9b7427bc-PRG
content-length: 66622

GET
H2 200 en-sweep.json Show response
sweepstakessurvey.org/js/comments/ 5 KB
1 KB 104ms
104ms XHR
application/json 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/comments/en-sweep.json
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/survey.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b799b20264b97b575e4c6cd9aa8dbc1723fc9de24f6ba796e4afb8c41909d42

Request headers

:path: /js/comments/en-sweep.json
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-12fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6204qGE4E7D1ErMEwIzythxEaiv4oRQOCYjBRd4i7fsicMDx8fYdQ48lwgbqoYESCAr%2Bw4HwaDbIM9%2BHARtr2TlIjlBX%2Fkxht6mZwlaFrbjh92YkiMWcwBvVxvDtNf9%2FjaA8kQ3paA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4f9b7927bc-PRG

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 121 KB
43 KB 16ms
16ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NLSFF85

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

229df64651171a2635ecd4060ddc8be8709e6cbbd188d520e2f35a1541453a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44172
x-xss-protection: 0
last-modified: Sat, 25 Sep 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 25 Sep 2021 18:24:35 GMT

GET
H2 200 cookie-consent-1.json Show response
sweepstakessurvey.org/js/dict/ 4 KB
2 KB 100ms
99ms XHR
application/json 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/dict/cookie-consent-1.json?v=1
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e76bbe806b385849442561f6e3f5a4a33008004c3f9c35c2fcfeb099a140dcff

Request headers

:path: /js/dict/cookie-consent-1.json?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: W/"614c69ca-11dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sR%2B0CYIuL%2BlPXHGZW2g8aLdFGL6dz5Nsu03ZQMG7P%2BBBrurcFKTRS2NZTl2L17%2FYtcTjWb8L%2Bry%2BKmL%2F2pO2rzEzuMiVjJPcrZYL24VXnn4n96vmZkfts%2Fatnm1lQMoSNnAbCPML7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69464a4f9b8227bc-PRG

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 35ms
13ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLSFF85

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 5555
date: Sat, 25 Sep 2021 16:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sat, 25 Sep 2021 18:52:00 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 191 KB
65 KB 35ms
35ms Script
application/javascript 93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLSFF85

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

8ce174fc34969d02274382ec6da5a274b254802c3814de6971de6ec349c7dd6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
content-encoding: br
last-modified: Sat, 25 Sep 2021 10:27:39 GMT
etag: "614ecf6b-1031a"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 66330
expires: Sat, 25 Sep 2021 19:24:35 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
465 B 45ms
16ms XHR
text/plain 74.125.140.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-174297796-1&cid=899303540.1632594276&jid=1139037355&gjid=1747163016&_gid=1965348557.1632594276&_u=YGBAgEABAAAAAE~&z=1136825552

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.140.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wq-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 25 Sep 2021 18:24:35 GMT
content-type: text/plain
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 14ms
13ms Image
image/gif 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j93&a=1867374175&t=pageview&_s=1&dl=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&ul=en-us&de=UTF-8&dt=Dear%20user&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEAB~&jid=1139037355&gjid=1747163016&cid=899303540.1632594276&tid=UA-174297796-1&_gid=1965348557.1632594276&gtm=2wg9m0NLSFF85&z=932469798

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 24 Sep 2021 23:45:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 67170
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 unnamed.jpg
sweepstakessurvey.org/img/comments/ 1 KB
2 KB 23ms
22ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/unnamed.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59

Request headers

:path: /img/comments/unnamed.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3789
content-length: 1378
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-562"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZNjJDAOakeA2WVEii9A3S8Yi4so2G7t3ahZ3wQG1u9ar4QarrtkJt9zdwWJnoW9WgtX4RSgq8nO4vOHBNsyHLkbRAP6XoB1QCwU3KYJ8EQrWBtBl1KK55AQBJa9uoX3EAURVQqsNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504bf727bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-1.jpg
sweepstakessurvey.org/img/comments/ 4 KB
4 KB 24ms
22ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-1.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a106ad9f340c7bafdd365ea1ad24b9336c304b1e72653eb58e84b5604471030

Request headers

:path: /img/comments/person-sweep-1.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3789
content-length: 3900
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-f3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mht3Qn5zuVBUNH%2FRE0zB%2BWQrI5jzTJaqpqpstcZotPBtl%2BeKurULMbrtqwlbuPXFu%2F%2BCZDBtd1GjLW6xH52OD5Zsvvgsn3bQjSOCzh%2Bv%2FOWyPLWYQXzUcqn7n5owgMIRzROOvWz1aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504bfa27bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-2.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 22ms
19ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-2.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c39b4bfbcc6aa147547ca922c4f80350b48dbfa59cbd5176f44373e3b20f3567

Request headers

:path: /img/comments/person-sweep-2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3789
content-length: 1042
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-412"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16i9YmbAJD5E6M%2BpVQT7BvU3YgsR6zdeSr0XqKCuCeqCk5bnw5g1BqiaALjRS%2F%2FcP4GPcu%2BSYNDsUFaJUEOlWu3X4Qye4euINfg9LE5pj6kmBIUXpDfIJ29f1tILMXPkBszQ8k7r%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504bfe27bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-3.jpg
sweepstakessurvey.org/img/comments/ 1 KB
2 KB 23ms
20ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-3.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5d70c3abf95aecc84bcc1b1f9fc25848e690852071169bf57522fd671550291

Request headers

:path: /img/comments/person-sweep-3.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3789
content-length: 1063
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-427"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EtLygXae51Kj4q3xX%2BM6KbG6DUKTfPZpsG%2BamugHKA%2FoxPep9a3f88etG4hOCSjNYsnx7PLc%2FHvR6tHLkbuCH55ELEuf%2BSE%2BVV16wdYfblFizSpG2f1nE4UlwQLBrWxk%2Fq0EVYZTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504bff27bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-4.jpg
sweepstakessurvey.org/img/comments/ 4 KB
4 KB 23ms
20ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-4.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0038f9d5f6fe1ce8fe1bf1cc7256f05e16c11d27041739c55918b823744753c

Request headers

:path: /img/comments/person-sweep-4.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 3694
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-e6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5y0T1wuE2AiuYG3rWXkuUIPrI846r1PAoJJ%2BHWkNMicdkG%2F9fbSLDAysQwuUGUoYT6EyW9YQEglTBodj0lM8D4CTByA7s3h43cdGruCe2K1qouYwfdDODBXEJl7n1qthBrgCOLwe8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504c0127bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-5.jpg
sweepstakessurvey.org/img/comments/ 3 KB
3 KB 24ms
21ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-5.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64e47fb0b1dc439d03463c15a7977d88988a4d3f7d563e3d772cc9ca8d41e414

Request headers

:path: /img/comments/person-sweep-5.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 3268
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-cc4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKdjGWBbRcvAvazBsJMHPtI2xbwtWb%2FgnnZdrONq%2BNIrydT1zfb5rQiObwEclNeQB5IvBh9xXiB%2Fg7m0jZ1k%2F5GrQ7N11fV9CY7xyiAydiBKxYosupDkFBlTWjaKR6dF3jEzkyaTNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504c0327bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-6.jpg
sweepstakessurvey.org/img/comments/ 10 KB
10 KB 23ms
21ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-6.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92aaaee44b9c6f7f69cd778106927274a9c6f0fec665555be6b020d220207fb6

Request headers

:path: /img/comments/person-sweep-6.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 10400
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-28a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jcngz26gqakzIeoUsfTiCs1xqN9M7ayN3clpVc4u0VrsKlVMtifWnK3jdPwFH6Un7dS85g05iAfE7ufldSEgFxWZLTsI%2BA3VwcKvWsXPIF%2FN6JtF4xqYdP%2BQKBwO8dnZm8E4CVW7aA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504c0427bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-7.jpg
sweepstakessurvey.org/img/comments/ 11 KB
11 KB 24ms
22ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-7.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5afe11e79d5ce7715f2dd2a291c3841d7abc1a62ac89002214f9562f6f58865b

Request headers

:path: /img/comments/person-sweep-7.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 10884
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-2a84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4Qa8EWk5hOf7AlHrJzJCIWYXwTJhH6zE6cCToFgoz6QGlukK%2FqLXfO3EyYWSb4cMuQNB%2BIFO6krQ67wsnD56sL2OB03ZBgJRvuHVwL43LepM88w%2Fc%2B6Nx8Sdb%2Fy7ilZ58Hbsq9k7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504c0527bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-8.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 25ms
22ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-8.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed7ea3a5c85d0ba010c783b9599441ba28fb4333cf1ef534f6ec07b5d81e7fd8

Request headers

:path: /img/comments/person-sweep-8.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 1182
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-49e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ob4Ub5L7R2AfElTdYU8%2BfTMjWo123UeRkuKJs85t8GHoyW4LXeypk%2FE1FhGzdAEMzVJIbdO3hSTTlx%2FWYmBw9mKJTXcBN1C6IpldQnaJDsRrVNXrKQXCLmGEz6SEexHNNlEXH0KRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504c0627bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-9.jpg
sweepstakessurvey.org/img/comments/ 12 KB
12 KB 25ms
22ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-9.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccfcb58ee86d9df13807286e232dd153f04c84527fd80d5efc2212157cb6386e

Request headers

:path: /img/comments/person-sweep-9.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 11871
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-2e5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AdCLa5hvPksW5wnnRL2V%2FXfWbgV2Zg6V%2BMVBCrVRiuWgDNFLE7jRP0VpOPteY7%2FtXSvkmkhhLcATulviz366KCIp%2FC88EkPUnrD%2ByugeW8htCne7vvFAbKU2QC%2FFYMWYzdEurA5kTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a504c0727bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-10.jpg
sweepstakessurvey.org/img/comments/ 11 KB
11 KB 33ms
30ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-10.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 271e2dabe37ae76b27d28edfeaf49c9a4135f62dd24a3c0ff3387ea9354841f1

Request headers

:path: /img/comments/person-sweep-10.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 10828
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-2a4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1fS7bCKj8L5vTXre2cqc2TKYF8K80RrB1a8fGvGsSj538Nfz18V42D%2Fbq6dlvZx%2FmE0pzG4n%2Bpfep8LgzfpuhAjwWhXBbOqw9FGms5LC5etdPD8X6hgfu8w0ut7ru9gu1N%2BldygdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a505c1b27bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-11.jpg
sweepstakessurvey.org/img/comments/ 10 KB
11 KB 31ms
29ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-11.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d020381e094ab0ae1556c751f9c4af6498cf12989cd9c3605ca91b856cb5951

Request headers

:path: /img/comments/person-sweep-11.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3788
content-length: 10636
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-298c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDd6jP7oSxzyvBr%2B0eQiT85O2qyLq74xV2OZzXf9Fjd258b9eYwuDtNLZOyMcSyAK%2B17t9ROlZATRszA2ni%2BAraJ7AXu874vuVHmBQ%2FlaPtmY2l9B2qVDpVXdyd6JohJSn%2BjOe1%2F1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a505c1c27bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-12.jpg
sweepstakessurvey.org/img/comments/ 11 KB
11 KB 32ms
30ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-12.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65e9048c6b09381baa8056de19ad758b2a302dbbc3fb1cdb509e414ed73c69b8

Request headers

:path: /img/comments/person-sweep-12.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3787
content-length: 11188
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-2bb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHN9YRoimLWblGinuxy4mDsIi3QKCMRB6oCm27Cdzc7MzED%2FlAZi6Z9fN275AsWXHzUp2NU3IDz3WlYF8E5Br%2BXg%2Frquovvju3cGVymPT34UAZJSzg168zC3TVS%2BMB1lOhesBiGTXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a505c1d27bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-13.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 32ms
30ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-13.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f442be1fc6ab7aa64035207cedeff057625371b7a58d551fda451acee6b4f58

Request headers

:path: /img/comments/person-sweep-13.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3787
content-length: 1110
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-456"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytrMYz0WMGyIpoSpRxl62vDlxR5vNKox6rOun7ZUHqkE0jIHuBjo%2BoQ4JnSBxtGXKlCtUK34yXXdperKPUSJ2GdqfZoZ2Ewn5PQpIbcUu%2BOkh%2BZ2R%2B3Hjbr%2BV9hSm4mJd2bHyY21rA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a505c1f27bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-14.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 34ms
32ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-14.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 174659ceb240363f2d31a6fd392f108ad714a592b0dc3192d1051c42237bf8b8

Request headers

:path: /img/comments/person-sweep-14.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3787
content-length: 1146
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-47a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E3ln8HVUJnLaiZOPlLOuuTdWLnGiOfn2O0KoFhUFk%2FDLqqwYhi57FQkFZy%2BuHYrnIxyyJ2jrANfaSHm8mEmPkfTmEFUATto73LYdk7XbW3E4NWqXR%2FRZ6Df3%2FVm1E9OxvireJvQedw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a505c2027bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-15.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 33ms
31ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-15.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f739552ded4074fa25475c5a5ed9c49dc0a769e791e9916b5d8bcbc044f8818a

Request headers

:path: /img/comments/person-sweep-15.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3787
content-length: 1067
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-42b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=690UjReiglMy2GnCbATejCTwyt9KsiV8wnzSkVirYcZM5UPzwaJM0W1xXG%2Bt9cOiSwJfPDE8GVVm2VScjbUqGs8eDq40hNti%2BtZnV4n%2B0z23yz8D%2Fftw2ngA4ShXfPygBDEJBGNNVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a505c2127bc-PRG
cf-bgj: h2pri

GET
H2 200 person-sweep-16.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 32ms
31ms Image
image/jpeg 172.67.75.79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-16.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=7fbd4e7dfa88473b832a4ae7145ff724&s=465696747448971273&z=4533056&b=10037337&var=4493500&campaignid=4634920&utm_campaign=4493500&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15f660e8aec56d65e9da4efcd552984e5a623c25b8484c3efbdfa7567bdab17d

Request headers

:path: /img/comments/person-sweep-16.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
cookie: _ga=GA1.2.899303540.1632594276; _gid=GA1.2.1965348557.1632594276; _dc_gtm_UA-174297796-1=1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3787
content-length: 1208
last-modified: Thu, 23 Sep 2021 11:49:30 GMT
server: cloudflare
etag: "614c69ca-4b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6VW8G29D02QL6X%2FtI9jAMtwybXqxKeKEZyW6jhkTLOpGz%2BX%2F%2Bywpwk%2BkdMCb2y1MuTv7ULrJjc%2FZGWGirL3bn2xgY9k5IJ6%2B8ppcRYXK2tuv72oW%2Bopy5BRP9B0oAPo0gsRaSIvHTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69464a505c2427bc-PRG
cf-bgj: h2pri

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9407.YV49kqWFpp1vebfYVX-EaKHyhlYcBuJl2HRxymC7iT77WMm9AppW1PihXH5MZyi6.U_3Mx2Qu6NMKlEkPddVqK4_N7ck%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9407._Flj_p8V8SYGysbAzSvc_-JWtz6rETDfOTbaI24OTEg6F8Vb73hFzzmZ2b5uiOdtSlJkbcSxhXe7L4KMzKprpQ%2C%2C.ZuhmYvwdbTydzIAht__afbj9WoM%2C

75 B
75 B

35ms
35ms

Image
text/html

93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9407._Flj_p8V8SYGysbAzSvc_-JWtz6rETDfOTbaI24OTEg6F8Vb73hFzzmZ2b5uiOdtSlJkbcSxhXe7L4KMzKprpQ%2C%2C.ZuhmYvwdbTydzIAht__afbj9WoM%2C

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:36 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9407._Flj_p8V8SYGysbAzSvc_-JWtz6rETDfOTbaI24OTEg6F8Vb73hFzzmZ2b5uiOdtSlJkbcSxhXe7L4KMzKprpQ%2C%2C.ZuhmYvwdbTydzIAht__afbj9WoM%2C
date: Sat, 25 Sep 2021 18:24:36 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 32ms
31ms Image
image/gif 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-174297796-1&cid=899303540.1632594276&jid=1139037355&_u=YGBAgEABAAAAAE~&z=266478408

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
112 B 35ms
35ms Image
image/gif 93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 25 Sep 2021 18:24:35 GMT
last-modified: Sat, 25 Sep 2021 10:27:39 GMT
etag: "614ecf6b-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Sat, 25 Sep 2021 19:24:35 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/84103558/
Redirect Chain

https://mc.yandex.com/watch/84103558?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff72...
https://mc.yandex.com/watch/84103558/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff...

331 B
413 B

35ms
35ms

XHR
application/json

93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/84103558/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A212%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A864456967374%3Ahid%3A258368452%3Az%3A0%3Ai%3A20210925182435%3Aet%3A1632594276%3Ac%3A1%3Arn%3A926207027%3Arqn%3A1%3Au%3A1632594276449544005%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1632594275501%3Ads%3A13%2C32%2C99%2C0%2C0%2C0%2C%2C117%2C3%2C%2C%2C%2C264%3Adsn%3A13%2C32%2C99%2C1%2C0%2C0%2C%2C118%2C3%2C%2C%2C%2C264%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1632594276%3At%3ADear%20user

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

09c9224503c52aa2ac12051d5d935e76710b980c00f53ba019301ed42224bcda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:36 GMT
x-content-type-options: nosniff
last-modified: Sat, 25-Sep-2021 18:24:36 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 331
x-xss-protection: 1; mode=block
expires: Sat, 25-Sep-2021 18:24:36 GMT

Redirect headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:36 GMT
last-modified: Sat, 25-Sep-2021 18:24:36 GMT
location: /watch/84103558/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A212%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A864456967374%3Ahid%3A258368452%3Az%3A0%3Ai%3A20210925182435%3Aet%3A1632594276%3Ac%3A1%3Arn%3A926207027%3Arqn%3A1%3Au%3A1632594276449544005%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1632594275501%3Ads%3A13%2C32%2C99%2C0%2C0%2C0%2C%2C117%2C3%2C%2C%2C%2C264%3Adsn%3A13%2C32%2C99%2C1%2C0%2C0%2C%2C118%2C3%2C%2C%2C%2C264%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1632594276%3At%3ADear%20user
strict-transport-security: max-age=31536000
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sat, 25-Sep-2021 18:24:36 GMT

POST
H2 200 1 Show response
mc.yandex.com/watch/84103558/ 43 B
73 B 35ms
35ms XHR
image/gif 93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/84103558/1?page-url=goal%3A%2F%2Fsweepstakessurvey.org%2Fnotification_permission&page-ref=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&browser-info=ar%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A1%3Als%3A864456967374%3Ahid%3A258368452%3Az%3A0%3Ai%3A20210925182436%3Aet%3A1632594276%3Ac%3A1%3Arn%3A47036481%3Arqn%3A2%3Au%3A1632594276449544005%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Aeu%3A1%3Ans%3A1632594275501%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C561%2C561%2C1%2C%3Adsn%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C561%2C561%2C1%2C%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1632594276%3At%3ADear%20user

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:36 GMT
last-modified: Sat, 25-Sep-2021 18:24:36 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 25-Sep-2021 18:24:36 GMT

POST
H2 204 vbri
propeller-tracking.com/ 0
496 B 12ms
12ms Ping
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vbri?t=82892&bid=undefined&aid=undefined&tp=2183.699999809265

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: a85f1c424fcb9d14531545a0e9221421
pragma: no-cache
date: Sat, 25 Sep 2021 18:24:37 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 200 84103558 Show response
mc.yandex.com/webvisor/ 43 B
145 B 35ms
35ms XHR
image/gif 93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/84103558?wmode=0&wv-part=1&wv-hit=258368452&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&rn=532515146&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1632594278%3Aw%3A1600x1200%3Av%3A660%3Az%3A0%3Ai%3A20210925182438%3Au%3A1632594276449544005%3Avf%3A25rt5xty9edhsiwjn9%3Awe%3A1%3Ati%3A2%3Ast%3A1632594278

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:38 GMT
last-modified: Sat, 25-Sep-2021 18:24:38 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 25-Sep-2021 18:24:38 GMT

POST
H2 200 84103558 Show response
mc.yandex.com/webvisor/ 43 B
73 B 70ms
69ms XHR
image/gif 93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/84103558?wmode=0&wv-part=1&wv-hit=258368452&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&rn=254900121&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1632594278%3Aw%3A1600x1200%3Av%3A660%3Az%3A0%3Ai%3A20210925182438%3Au%3A1632594276449544005%3Avf%3A25rt5xty9edhsiwjn9%3Awe%3A1%3Ati%3A2%3Ast%3A1632594278

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:38 GMT
last-modified: Sat, 25-Sep-2021 18:24:38 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 25-Sep-2021 18:24:38 GMT

POST
H2 200 84103558 Show response
mc.yandex.com/webvisor/ 43 B
176 B 35ms
35ms XHR
image/gif 93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/84103558?wmode=0&wv-part=2&wv-hit=258368452&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&rn=1046423133&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1632594280%3Aw%3A1600x1200%3Av%3A660%3Az%3A0%3Ai%3A20210925182440%3Au%3A1632594276449544005%3Avf%3A25rt5xty9edhsiwjn9%3Awe%3A1%3Ati%3A2%3Ast%3A1632594280

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:40 GMT
last-modified: Sat, 25-Sep-2021 18:24:40 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 25-Sep-2021 18:24:40 GMT

POST
H2 200 84103558 Show response
mc.yandex.com/webvisor/ 43 B
145 B 35ms
35ms XHR
image/gif 93.158.134.119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/84103558?wmode=0&wv-part=3&wv-hit=258368452&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D7fbd4e7dfa88473b832a4ae7145ff724%26s%3D465696747448971273%26z%3D4533056%26b%3D10037337%26var%3D4493500%26campaignid%3D4634920%26utm_campaign%3D4493500%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&rn=95269994&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1632594282%3Aw%3A1600x1200%3Av%3A660%3Az%3A0%3Ai%3A20210925182442%3Au%3A1632594276449544005%3Avf%3A25rt5xty9edhsiwjn9%3Awe%3A1%3Ati%3A2%3Ast%3A1632594282

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.158.134.119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

mc.yandex.ru

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 25 Sep 2021 18:24:42 GMT
last-modified: Sat, 25-Sep-2021 18:24:42 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sat, 25-Sep-2021 18:24:42 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Domain: my.rtmark.net
URL: https://my.rtmark.net/gid.js

Domain: tagdataxrt.com
URL: https://tagdataxrt.com/pix.jpg?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

Domain: tagdataxrt.com
URL: https://tagdataxrt.com/version.js?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Domain: tagdataxrt.com
URL: https://tagdataxrt.com/ir/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/unnamed.jpg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-1.png

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-14.jpg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-2.png

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-4.jpeg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-5.jpg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-6.jpg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-8.jpg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-3.png

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-9.jpg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-10.jpg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-11.jpeg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-12.jpeg

Domain: expensivesurvey.online
URL: https://expensivesurvey.online/img/comments/person-13.jpg

Domain: propeller-tracking.com
URL: https://propeller-tracking.com/vb?t=82892&bid=undefined&aid=undefined&tp=495.59999990463257

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
my.rtmark.net/	1970-01-20 06:15:30	Name: ID Value: 9193156f8d7546dba0904d0700371eed
beturtwiga.com/	1970-01-20 06:15:30	Name: OAID Value: 7fbd4e7dfa88473b832a4ae7145ff724
beturtwiga.com/	1970-01-20 06:15:30	Name: oaidts Value: 1632594275
.sweepstakessurvey.org/	1970-01-20 15:01:06	Name: _ga Value: GA1.2.899303540.1632594276
.sweepstakessurvey.org/	1970-01-19 21:31:20	Name: _gid Value: GA1.2.1965348557.1632594276
.sweepstakessurvey.org/	1970-01-19 21:29:54	Name: _dc_gtm_UA-174297796-1 Value: 1
.sweepstakessurvey.org/	1970-01-20 06:15:30	Name: _ym_uid Value: 1632594276449544005
.sweepstakessurvey.org/	1970-01-20 06:15:30	Name: _ym_d Value: 1632594276
.mc.yandex.com/	1970-01-19 21:29:54	Name: sync_cookie_csrf Value: 1610134418fake
.sweepstakessurvey.org/	1970-01-19 21:31:06	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-19 21:29:54	Name: sync_cookie_csrf Value: 758114423fake
.yandex.com/	1970-01-20 06:15:30	Name: yandexuid Value: 9228797901632594276
.yandex.com/	1970-01-20 06:15:30	Name: yuidss Value: 9228797901632594276
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1242731791632594276
.yandex.com/	1970-01-23 13:05:54	Name: i Value: zq1uBEG2ux0ZwKmUfpbYgzacCyzhjm7tS9hIYpCat509ipOI/ZYgeEqsC85U9F+jKY5X2BhAviWDU9Htdiq2JCV26ew=
.yandex.com/	1970-01-20 06:15:30	Name: ymex Value: 1664130276.yrts.1632594276#1664130276.yrtsi.1632594276
.sweepstakessurvey.org/	1970-01-19 21:29:56	Name: _ym_visorc Value: w

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
intervention	error	URL: https://expensivesurvey.online/js/survey.js Message: Blocked attempt to show a 'beforeunload' confirmation panel for a frame that never had a user gesture since its load. https://www.chromestatus.com/feature/5082396709879808
deprecation	warning	URL: https://tagstaticx.com/tag.js Message: RTP data channels are no longer supported. The "RtpDataChannels" constraint is currently ignored, and may cause an error at a later date.
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9407._Flj_p8V8SYGysbAzSvc_-JWtz6rETDfOTbaI24OTEg6F8Vb73hFzzmZ2b5uiOdtSlJkbcSxhXe7L4KMzKprpQ%2C%2C.ZuhmYvwdbTydzIAht__afbj9WoM%2C Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beturtwiga.com
expensivesurvey.online
forflygonom.com
in-page-push.net
itcleffaom.com
mc.yandex.com
mc.yandex.ru
my.rtmark.net
pagead2.googlesyndication.com
propeller-tracking.com
stats.g.doubleclick.net
sweepstakessurvey.org
tagdataxrt.com
tagstaticx.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
expensivesurvey.online
mc.yandex.ru
my.rtmark.net
pagead2.googlesyndication.com
propeller-tracking.com
tagdataxrt.com
www.google.com
139.45.195.8
139.45.197.237
139.45.197.238
139.45.197.240
142.250.184.232
142.250.185.196
142.250.186.78
172.67.204.132
172.67.69.11
172.67.75.79
37.48.68.71
74.125.140.156
93.158.134.119
09c9224503c52aa2ac12051d5d935e76710b980c00f53ba019301ed42224bcda
15f660e8aec56d65e9da4efcd552984e5a623c25b8484c3efbdfa7567bdab17d
174659ceb240363f2d31a6fd392f108ad714a592b0dc3192d1051c42237bf8b8
1f98fee28d1a8b824d25b6f5abb1d3fbe34083161cf3c211ef500df86aa0e5ed
229df64651171a2635ecd4060ddc8be8709e6cbbd188d520e2f35a1541453a3c
271e2dabe37ae76b27d28edfeaf49c9a4135f62dd24a3c0ff3387ea9354841f1
2cb3f101f3327f07baf3bcd509372a6058d871da12ae0661771a5c7c339fff36
34b85cd1b30b56624555b19f2091ce88f865af29882cba4b763516a89fbd7aa0
3b799b20264b97b575e4c6cd9aa8dbc1723fc9de24f6ba796e4afb8c41909d42
3be03a6b2f9eac618699d1416117e4392a7e589be7ab3db8c9fa4111d147de36
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5afe11e79d5ce7715f2dd2a291c3841d7abc1a62ac89002214f9562f6f58865b
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
619318564e4382e079882891808b80c243c050a0d2dfc93b270cca64509a78f8
64a92922801ea676a88192b928a94d9179fe23c789767bba01647c21fb289904
64e47fb0b1dc439d03463c15a7977d88988a4d3f7d563e3d772cc9ca8d41e414
65e9048c6b09381baa8056de19ad758b2a302dbbc3fb1cdb509e414ed73c69b8
7f442be1fc6ab7aa64035207cedeff057625371b7a58d551fda451acee6b4f58
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
8ce174fc34969d02274382ec6da5a274b254802c3814de6971de6ec349c7dd6c
92aaaee44b9c6f7f69cd778106927274a9c6f0fec665555be6b020d220207fb6
99f9a09b49183dd3f892522333092c7bed44d6dceab0a7b5caa7e973440d7509
9a106ad9f340c7bafdd365ea1ad24b9336c304b1e72653eb58e84b5604471030
9d020381e094ab0ae1556c751f9c4af6498cf12989cd9c3605ca91b856cb5951
a0038f9d5f6fe1ce8fe1bf1cc7256f05e16c11d27041739c55918b823744753c
aa9304c359cf7a8bed1576ec071824eb615d9ae60a2a041001d8673e7c07110b
bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f
c39b4bfbcc6aa147547ca922c4f80350b48dbfa59cbd5176f44373e3b20f3567
c5d70c3abf95aecc84bcc1b1f9fc25848e690852071169bf57522fd671550291
c7d6f3f5f3e6052d69d3a32d218da607bc1eae6c633ff1481c5ca2c6f52e1718
ccbecb3fc3ec810ccc204ed8d84b7e628fa6a2b572881344ba2d7cb54d9558eb
ccfcb58ee86d9df13807286e232dd153f04c84527fd80d5efc2212157cb6386e
cff9cd1c5becb5c7fc4332898e6e98066be2e9f389abc54db50836d660a03809
d34f1ba37b2092afa50914fb76348ab3d443b72cbdfafc78b229720501b41d87
d58311a4350315dd51399568727b8bd320dd07fd7b067e5ba6a07e57e0e22889
d8e21a5fdcb464c61185f66b10a6405f01fe3a8cd639b599a5b3d2f6b5aae4c0
dfb69c532ae9715264ffd1cc17caf7ce81ccbe64c87de5e73a5859f56f4f3664
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ce1add3a481e1df35ca5c582f7b8cc2eb19779063dd89e66f2b142ef57cf3a
e76bbe806b385849442561f6e3f5a4a33008004c3f9c35c2fcfeb099a140dcff
ed7ea3a5c85d0ba010c783b9599441ba28fb4333cf1ef534f6ec07b5d81e7fd8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f699cef5bf1ca0d7a41e6eb6b640708be924069ad972ab414ebf56c65d2ea725
f739552ded4074fa25475c5a5ed9c49dc0a769e791e9916b5d8bcbc044f8818a
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

sweepstakessurvey.org Open in urlscan Pro 172.67.75.79 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

99 Requests

74 %HTTPS

0 %IPv6

17 Domains

17 Subdomains

14 IPs

4 Countries

639 kBTransfer

1755 kBSize

17 Cookies

1 Outgoing links

Page URL History

Redirected requests

99 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sweepstakessurvey.org Open in urlscan Pro
172.67.75.79 Public Scan

Screenshot
Live screenshot

Full Image

99
Requests

74 %
HTTPS

0 %
IPv6

17
Domains

17
Subdomains

14
IPs

4
Countries

639 kB
Transfer

1755 kB
Size

17
Cookies

99 HTTP transactions
0 data transactions