sweepstakessurvey.org Open in urlscan Pro
2606:4700:20::681a:fd7 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://onetrackon.com/nlp/index.php?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&url_bnm_redirect=htt...
Effective URL:
https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472...
Submission: On October 13 via manual (October 13th 2021, 3:57:48 am UTC) from PT — Scanned from DE

Summary HTTP 111 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 14 IPs in 6 countries across 18 domains to perform 111 HTTP transactions. The main IP is 2606:4700:20::681a:fd7, located in United States and belongs to CLOUDFLARENET, US. The main domain is sweepstakessurvey.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 8th 2021. Valid for: a year.

This is the only time sweepstakessurvey.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	176.31.124.210 176.31.124.210	16276 (OVH) (OVH)
33	2606:4700:20:... 2606:4700:20::681a:5ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	139.45.197.240 139.45.197.240	9002 (RETN-AS) (RETN-AS)
1	2606:4700:303... 2606:4700:3033::ac43:aa23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
2	139.45.197.253 139.45.197.253	9002 (RETN-AS) (RETN-AS)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
6	37.48.68.71 37.48.68.71	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
29	2606:4700:20:... 2606:4700:20::681a:fd7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 7	2a02:6b8::1:119 2a02:6b8::1:119	208722 (YNDX) (YNDX)
111	14

1 176.31.124.210 (France)

ASN16276 (OVH, FR)
PTR: ns3010792.ip-176-31-124.eu

onetrackon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2606:4700:20::681a:5ab (United States)

ASN13335 (CLOUDFLARENET, US)

richsurvey.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 139.45.197.240 (United Kingdom)

ASN9002 (RETN-AS, GB)

propeller-tracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:aa23 (United States)

ASN13335 (CLOUDFLARENET, US)

tagstaticx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

itcleffaom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

in-page-push.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
itweedler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.253 (United Kingdom)

ASN9002 (RETN-AS, GB)

ugyplysh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.48.68.71 (Arnhem, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

tagdataxrt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2606:4700:20::681a:fd7 (United States)

ASN13335 (CLOUDFLARENET, US)

sweepstakessurvey.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (YNDX, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	richsurvey.site richsurvey.site	355 KB
29	sweepstakessurvey.org sweepstakessurvey.org	283 KB
9	propeller-tracking.com propeller-tracking.com	11 KB
6	tagdataxrt.com tagdataxrt.com	1 KB
5	yandex.com 2 redirects mc.yandex.com	2 KB
5	rtmark.net my.rtmark.net	3 KB
2	yandex.ru mc.yandex.ru Failed	65 KB
2	ugyplysh.com ugyplysh.com	253 B
1	itweedler.com itweedler.com	2 KB
1	googlesyndication.com pagead2.googlesyndication.com
1	googletagmanager.com www.googletagmanager.com	43 KB
1	in-page-push.net in-page-push.net	1 KB
1	itcleffaom.com itcleffaom.com	651 B
1	tagstaticx.com tagstaticx.com	20 KB
1	onetrackon.com onetrackon.com	402 B
0	google-analytics.com Failed www.google-analytics.com Failed
0	forflygonom.com Failed forflygonom.com Failed
0	google.com Failed www.google.com Failed
111	18

	Domain	Requested by
33	richsurvey.site	richsurvey.site
29	sweepstakessurvey.org	itweedler.com sweepstakessurvey.org
9	propeller-tracking.com	richsurvey.site propeller-tracking.com sweepstakessurvey.org
6	tagdataxrt.com	tagstaticx.com
5	mc.yandex.com	2 redirects sweepstakessurvey.org
5	my.rtmark.net	richsurvey.site tagstaticx.com itweedler.com sweepstakessurvey.org
2	mc.yandex.ru	www.googletagmanager.com sweepstakessurvey.org
2	ugyplysh.com	richsurvey.site
1	itweedler.com	richsurvey.site
1	pagead2.googlesyndication.com	tagstaticx.com
1	www.googletagmanager.com	richsurvey.site
1	in-page-push.net	richsurvey.site
1	itcleffaom.com	richsurvey.site
1	tagstaticx.com	richsurvey.site
1	onetrackon.com
0	www.google-analytics.com Failed	www.googletagmanager.com
0	forflygonom.com Failed
0	www.google.com Failed	richsurvey.site
111	18

This site contains links to these domains. Also see Links.

Domain
itweedler.com

Subject Issuer	Validity	Valid
onetrackon.com R3	`2021-09-27` - `2021-12-26`	3 months	crt.sh
*.richsurvey.site R3	`2021-08-16` - `2021-11-14`	3 months	crt.sh
propeller-tracking.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-05` - `2021-11-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-06` - `2022-10-05`	a year	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-11-26`	a year	crt.sh
itcleffaom.com R3	`2021-07-29` - `2021-10-27`	3 months	crt.sh
in-page-push.net R3	`2021-09-18` - `2021-12-17`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
ugyplysh.com R3	`2021-09-18` - `2021-12-17`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
tagdataxrt.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-09` - `2022-03-09`	a year	crt.sh
itweedler.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-04` - `2022-11-04`	a year	crt.sh
mc.yandex.ru Yandex CA	`2021-07-28` - `2022-01-07`	5 months	crt.sh

This page contains 1 frames:

Primary Page: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Frame ID: 1DABA5758507DE8ED886684551B27BBD
Requests: 108 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dear user

Page URL History Show full URLs

https://onetrackon.com/nlp/index.php?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&... Page URL
https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc... Page URL
https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc... Page URL
https://itweedler.com/4533056/?var=4316314&request_var=17-16499862&var3=472001066980880676 Page URL
https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d... Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

111
Requests

86 %
HTTPS

46 %
IPv6

18
Domains

18
Subdomains

14
IPs

6
Countries

786 kB
Transfer

1957 kB
Size

14
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://itweedler.com/4180207/?var=4533056&ymid=4316314

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://onetrackon.com/nlp/index.php?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&url_bnm_redirect=https://richsurvey.site/finance-survey.html Page URL
https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc Page URL
https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2 Page URL
https://itweedler.com/4533056/?var=4316314&request_var=17-16499862&var3=472001066980880676 Page URL
https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 106

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9424.I2IDslQ6NygW-OQHge-NT4hAJtBU0u23sPJ2xJOMymswrdkVJWo8BjfD7Da5FLsi.kZfDldf_5lSLHGNRHVDZCeqrovs%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9424.-COFLeWGR6vL2uOswC_btZDR9FsAicWcZEKcRLnqVIuHGwEsZlmzM2Cf-qlvkC4wv2yE-pZiLqetzLfQQ9lWoQ%2C%2C.QQxSO4eOLpK8Mmtdb8GONwrjJzo%2C

Request Chain 108

https://mc.yandex.com/watch/66423859?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D992abaac49f64fa78d7bd380f94fbd30%26s%3D472001573279510836%26z%3D4533056%26b%3D10037337%26var%3D4316314%26campaignid%3D4634920%26utm_campaign%3D4316314%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A223%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A1151823246597%3Ahid%3A101954394%3Az%3A0%3Ai%3A202101013035744%3Aet%3A1634097464%3Ac%3A1%3Arn%3A765256077%3Arqn%3A1%3Au%3A1634097464573604883%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1634097463684%3Ads%3A8%2C39%2C114%2C1%2C1%2C0%2C%2C120%2C2%2C%2C%2C%2C286%3Adsn%3A9%2C39%2C114%2C1%2C1%2C0%2C%2C122%2C1%2C%2C%2C%2C286%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1634097464%3At%3ADear%20user HTTP 302
https://mc.yandex.com/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D992abaac49f64fa78d7bd380f94fbd30%26s%3D472001573279510836%26z%3D4533056%26b%3D10037337%26var%3D4316314%26campaignid%3D4634920%26utm_campaign%3D4316314%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A223%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A1151823246597%3Ahid%3A101954394%3Az%3A0%3Ai%3A202101013035744%3Aet%3A1634097464%3Ac%3A1%3Arn%3A765256077%3Arqn%3A1%3Au%3A1634097464573604883%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1634097463684%3Ads%3A8%2C39%2C114%2C1%2C1%2C0%2C%2C120%2C2%2C%2C%2C%2C286%3Adsn%3A9%2C39%2C114%2C1%2C1%2C0%2C%2C122%2C1%2C%2C%2C%2C286%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1634097464%3At%3ADear%20user

111 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK index.php Show response
onetrackon.com/nlp/ 150 B
402 B 49ms
15ms Document
text/html 176.31.124.210
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetrackon.com/nlp/index.php?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&url_bnm_redirect=https://richsurvey.site/finance-survey.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

176.31.124.210 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3010792.ip-176-31-124.eu

Software

nginx/1.20.1 /

Resource Hash

03fab1322393e152372ab8bc87e047f0b464cb7a30b493226b7ae41f9bd0dbe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: onetrackon.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.20.1
Date: Wed, 13 Oct 2021 03:57:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

GET
H2 200 finance-survey.html Show response
richsurvey.site/ 4 KB
2 KB 74ms
43ms Document
text/html 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a2182e523221a6c3e6e665601e0cf899b59635c26492d1b060c20b07809009

Request headers

:method: GET
:authority: richsurvey.site
:scheme: https
:path: /finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://onetrackon.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://onetrackon.com/

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-type: text/html
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7D%2B5pvEDUXWnB71fwFp9bgUQtF0Zmy37aDCA5LthAnaHOH3tqyYaV0e9oFfZzhnCPqyzq3jjCAncmvUH2jo6YCh9P%2FnMdFabTpXvqKNP5kE0SI%2FsY3ScMbsmQ3xzsZR%2BjJ2YIJpaCx%2FIn%2BYClA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69d5a538cb284ec8-FRA
content-encoding: br

GET
H2 200 fv.js
propeller-tracking.com/ 5 KB
3 KB 50ms
14ms Script
text/javascript 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: 3a9fd44234a2c096ac154b9aedabc41e
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 rtc.js Show response
richsurvey.site/js/data/ 11 KB
5 KB 15ms
15ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/data/rtc.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e21a5fdcb464c61185f66b10a6405f01fe3a8cd639b599a5b3d2f6b5aae4c0

Request headers

:path: /js/data/rtc.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7008
cf-polished: origSize=15077
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-3ae5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHCHx9pVZ2PrxUWrounFoRQ4xapV%2BQxlpwtx5dtyyGZF3p0hwaQ7rnIHyh5MOcJbo13n4pkThNfgBPj44dbky6KNY95%2BtXrJAdIcdN5o2ccDZnVPP%2BqfWZIFmTUeqdVGA6%2FciNxLgEoyGT6z7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a5393b824ec8-FRA
cf-bgj: minify

GET
H2 200 config.js Show response
richsurvey.site/js/ 61 KB
19 KB 17ms
16ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/config.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40528342d9aad607efcd0f6c79b6e0d83722686c49b52675d2aaef948dddc103

Request headers

:path: /js/config.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 7008
etag: W/"615eace0-f5b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ELJb7VhnWrG93jd6WrIJE0eq9HjJ74Epth0EnfoGvs4dChTQnI5aZ9RvEEKwZJbRHv%2FVHjfhObxh1mWplRVst2wft802ash9VSg1Ey8TvC9CxDwkqe8mrlx8edHwXMFQFkDBFECHRyX1UHsOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a5393b834ec8-FRA
cf-bgj: minify

GET
H2 200 survey.css
richsurvey.site/css/ 19 KB
5 KB 15ms
14ms Stylesheet
text/css 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/css/survey.css
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46e82abefb7f047ffecd1a09b10868ae7f49272fb06bf2013559afd325bd75f5

Request headers

:path: /css/survey.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7008
cf-polished: origSize=19903
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-4dbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29gVcUYPLA%2Bq9EIy5MIRljN4j6z2iCJ6aBNaLZojhLLOspHwwH%2BYaePgIeeBYai%2Byc6UP2mq7Miq0sEutewCupzIqYZgObvjFozr85tEXvtVohtc5ODuULWsrW08funKRy5Gsu%2FXBPiiEEKfNg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69d5a5393b844ec8-FRA
cf-bgj: minify

GET
H2 200 style.css
richsurvey.site/css/ 33 KB
5 KB 16ms
15ms Stylesheet
text/css 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/css/style.css?v=1
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9b83e91c86f303d98ede9ff0b4700d0f68ebbd39370fa7b744b51d1e9e08135

Request headers

:path: /css/style.css?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7019
cf-polished: origSize=33802
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-840a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zxBpdQfkF7Yj%2FtXQjnOjLSZXXdifVAzobnQ%2Bi30Oel57MQQgGsGGy3TPLq4Hbwx3eM20D9Ro08bGtPaFdAt1i0nMDx1NyPZWZwPDFqQNQ3naDds0MrmisIPGyLPDGVZNNDfP1%2BcSyYKPzYmRpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69d5a5393b854ec8-FRA
cf-bgj: minify

GET
H2 200 icon-survey.svg
richsurvey.site/img/ 3 KB
1 KB 13ms
13ms Image
image/svg+xml 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/icon-survey.svg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/icon-survey.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 6991
etag: W/"615eace0-c26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZfGa1SmHzIjSlZw8ac7SL7z5ncwXRsNBUHb5ghDI1lYN65KBVuxhABKSoc9PQHUQuJNfFZRfTwxRYyQnMaV5eIa%2BffRoyokAJRLmACRL%2FmSAg5AWY7aZt1n1dvgqz3g4Xwp%2FspqSjzFFgQXv5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a5398bd64ec8-FRA

GET survey-site.js
richsurvey.site/js/ 0
0

GET
H2 200 survey.js
richsurvey.site/js/ 273 KB
85 KB 24ms
23ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/survey.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /js/survey.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 321
cf-polished: origSize=279119
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-4424f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2lXMk%2FrFRJD4CH40b8TIFOEV2Ms0mR%2B%2BoEVy4J0sisDPxaBePqD%2FsFL82ASvNlsr9Y5LBOMArCCSbtp%2BWPnQFa8Be2vp1JY9LkprD%2FILfMH%2BJFSD3f4Xxu3m319wVm2q4STMkqoJD8sKqHCJow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a5395ba24ec8-FRA
cf-bgj: minify

GET
H2 200 finance-survey.html Show response
richsurvey.site/ 4 KB
2 KB 45ms
44ms Document
text/html 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a2182e523221a6c3e6e665601e0cf899b59635c26492d1b060c20b07809009

Request headers

:method: GET
:authority: richsurvey.site
:scheme: https
:path: /finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-type: text/html
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I4IXp2ME51p9WSZDYnsXVKC%2Bc%2BXveeFD97n1tXD8%2FeX59lw6gcKUQPYNm4myTHCEHOWpBxwRNN90SE%2BoX5%2F%2FTJBGxyWVFL8bLprj33PZ29sBtqRZVkwmhndQLYz8UXSzaTRffbweekGC71y6Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69d5a5396bb84ec8-FRA
content-encoding: br

GET sd-1203000.js
richsurvey.site/js/data/ 0
0

GET
H2 204 vctx
propeller-tracking.com/ 0
492 B 13ms
13ms XHR
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vctx?t=82892

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 5fbb2ece9b5a22387e8a6ef975184eff
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://richsurvey.site
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST vbl
propeller-tracking.com/ 0
0

POST vb
propeller-tracking.com/ 0
0

GET
H2 200 fv.js Show response
propeller-tracking.com/ 5 KB
3 KB 15ms
14ms Script
text/javascript 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: ce1ce63f00b38d750dd3cd06af85246b
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 rtc.js Show response
richsurvey.site/js/data/ 11 KB
5 KB 13ms
12ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/data/rtc.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e21a5fdcb464c61185f66b10a6405f01fe3a8cd639b599a5b3d2f6b5aae4c0

Request headers

:path: /js/data/rtc.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7008
cf-polished: origSize=15077
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-3ae5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RIV1F%2FJkgilMVXx7HuRCeLIhMymnltZF8XyDTVy4tpyCsxRCIqaNu2QTKUTXXbg3eph6ZBPgUfouiDlnQ7n0T9jZzz9vphmuds0D52n%2Fi7Qf2I1Hk9Vl%2BGcL8FXtvKvQi6ozjgornS2KLrnugg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a539cc114ec8-FRA
cf-bgj: minify

GET
H2 200 config.js Show response
richsurvey.site/js/ 61 KB
19 KB 14ms
13ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/config.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40528342d9aad607efcd0f6c79b6e0d83722686c49b52675d2aaef948dddc103

Request headers

:path: /js/config.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 7008
etag: W/"615eace0-f5b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WYx2%2BvzQo1%2B4eFEgtFr378PC7wLIyI4TrLJeM5dmov9xWGBiOVDIL2BcNmpJwKdK9%2B8df7JqoU58lE6%2Bx2AjIwFJNPVIutdjSzR3qXlMv1QtddJqd1nhIg%2B7bIvYBnXCv51MzJFb8gh1AufJVw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a539cc134ec8-FRA
cf-bgj: minify

GET
H2 200 survey.css
richsurvey.site/css/ 19 KB
5 KB 15ms
15ms Stylesheet
text/css 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/css/survey.css
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46e82abefb7f047ffecd1a09b10868ae7f49272fb06bf2013559afd325bd75f5

Request headers

:path: /css/survey.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7008
cf-polished: origSize=19903
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-4dbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6aShNfi%2Fr7%2F8xs81fNtC0ijID37sfYK%2BcpCuQl23Pr6amk13wWfeUGOxCygRkXxGKGFyziQRIYIygjZNSrgiZUEpfb2sUvhbOfSHMd7NH%2Bluzg7qfXYpk6gLI28aERU0ElYCpdAmAr9z6Yvmfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69d5a539cc144ec8-FRA
cf-bgj: minify

GET
H2 200 style.css
richsurvey.site/css/ 33 KB
5 KB 13ms
13ms Stylesheet
text/css 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/css/style.css?v=1
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9b83e91c86f303d98ede9ff0b4700d0f68ebbd39370fa7b744b51d1e9e08135

Request headers

:path: /css/style.css?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7019
cf-polished: origSize=33802
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-840a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2vXVkAIqyihIanziCbf8JzaIiHuHdyCkyuCUqt1RIBA2RB0wf9QPuqTq0Ux6V2nWlCrLwbNSRwPO%2BpZe16hDJAVjBs9843v8sGeHuez2N0c000Vc2EeEDgDqWiB8GMYphVhFy4KmaeIqoeGYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69d5a539cc154ec8-FRA
cf-bgj: minify

GET
H2 200 icon-survey.svg
richsurvey.site/img/ 3 KB
1 KB 14ms
14ms Image
image/svg+xml 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/icon-survey.svg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64a92922801ea676a88192b928a94d9179fe23c789767bba01647c21fb289904

Request headers

:path: /img/icon-survey.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 6991
etag: W/"615eace0-c26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcc56rdePrquSRjrS9QBfa9DziT2erO%2FFjmb%2F5qSWIbnsnPQZ0FmCvGsGE9EZGiZNRxpHEdyUDXDmfgUbb1Np6rKbn68ulJqNTX%2FNsHTFxXahsvfzLraZmU3fPVMxGMo762dHrHHZK2TMOuKvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a539ec664ec8-FRA

GET
H2 200 survey-site.js Show response
richsurvey.site/js/ 3 KB
1 KB 16ms
16ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/survey-site.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6ce1add3a481e1df35ca5c582f7b8cc2eb19779063dd89e66f2b142ef57cf3a

Request headers

:path: /js/survey-site.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 7018
etag: W/"615eace0-b23"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cS7y8tkU6t4JcYSVTEdgphrRnJhEdNOZawyJsAQiqSdbq6TprR75YThL3p0f5mkP42nASKtG6iawhQh6%2BCb7H1WBdZdwJuykImyZYBAG5%2Bv1JEtdZPHYOaU5FKEHIHjHZm3iaXme5QLs%2F%2FO7bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a539ec734ec8-FRA
cf-bgj: minify

GET
H2 200 survey.js Show response
richsurvey.site/js/ 273 KB
85 KB 27ms
27ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/survey.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3affea23599e52b0e73d8f71a35aa360d91ddea761519c7ac24e0828b1f54f1

Request headers

:path: /js/survey.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 321
cf-polished: origSize=279119
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-4424f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jG7wtXB3CUrW2%2Ba4EQsdRPGC2WLpELXOrp3czmdNt3p9uXsve7q7zcxLbtyKe1gYbYbboKo2uepwWAb8OT3%2FJIOgQilFJM6DWevHmBZMkx4Ulxg8CkBpn44u%2Bpf4hnaWjZTYyl%2BDL1%2BDhnwKaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a539ec5e4ec8-FRA
cf-bgj: minify

GET
H2 204 vctx Show response
propeller-tracking.com/ 0
492 B 13ms
13ms XHR
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vctx?t=82892

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: aa57d988858cd6ea70f2ad29862417a6
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://richsurvey.site
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 sd-1203000.js Show response
richsurvey.site/js/data/ 11 KB
2 KB 15ms
15ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/data/sd-1203000.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acc9ce307870076d09114bcf3310a4217d59a87228bde2f3cc2248c9e70e880b

Request headers

:path: /js/data/sd-1203000.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2349
cf-polished: origSize=20453
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-4fe5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKLelQJlJt5I8PIgtTC8S4xMzHbYiEVwQJKlTX9dBPFSRybsBNtovqITjsY1jHzepx4BH2JFEuotksziyS4jP36UPzmdD16aRzH%2Fapcg5W43Ib1P%2Fs8zrsa1%2FViAyD7jpOjvx14JRY8rDIqfzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a539ec7b4ec8-FRA
cf-bgj: minify

POST
H2 204 vbl
propeller-tracking.com/ 0
492 B 13ms
12ms Ping
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vbl?t=82892&bid=undefined&aid=undefined

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: 829757cb3cb8775045d7ac7f2bdc6890
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://richsurvey.site
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 micro.tag.min.js Show response
richsurvey.site/pfe/current/ 131 KB
34 KB 50ms
50ms Script
application/javascript 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/pfe/current/micro.tag.min.js?z=4292861&sw=/sw/sw4292861.js&var=4316314&var_3=null&ymid=17-16499862&cdn=1&domain=ugyplysh.com
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ce5b70f4867cc996d2cc6d4b6627e68490349fc6f7f1896b4983f02baba7a28

Request headers

:path: /pfe/current/micro.tag.min.js?z=4292861&sw=/sw/sw4292861.js&var=4316314&var_3=null&ymid=17-16499862&cdn=1&domain=ugyplysh.com
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-20bd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qryYfMQCKrzmyscCSPD5pPJmedvnCyGu4dd%2BmKOODf7Js9Br06qeiQlBvszzk%2BujXut9eMRdor%2FbO7KYxC%2FlY0OEa34LO4HkBQ2%2F%2BJvbzsq6bnlhlsLy6bfq3GlG7t%2FbHpxTRazgtYjPjdJLg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53a0ca94ec8-FRA

GET
H2 200 tag.js Show response
tagstaticx.com/ 55 KB
20 KB 44ms
15ms Script
application/javascript 2606:4700:3033::ac43:aa23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tagstaticx.com/tag.js
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/js/survey.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:aa23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7424b5901f26958fbef94e9764daca7c46871c608036a63876686b32c6fbb818

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 12 Oct 2021 14:30:19 GMT
server: cloudflare
age: 5089
etag: W/"61659bfb-da74"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2FxiEK2Fa1Ca3Y2QeHhm7pud9w%2BHDz3OV2obJICRhc86V1yL9Fa77kHodUYnb26dZ4EMmNdnbfmRS%2FvqvliKZximHGlkmcsKtginAhjfB%2F9KEpobh1DN9OkbmWzaS8Rfz1Y380XnS2C3B233qA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53a6c1e5caa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
544 B 51ms
14ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b952956339f1af976214b42dec4486a651ae18f7acdd6e228b5cdbb45e09fe88

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://richsurvey.site
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 track
itcleffaom.com/ 196 B
651 B 55ms
15ms XHR
application/json 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://itcleffaom.com/track?offer_id=2186&z=4316314&request_var=17-16499862&variable2=4b62a3zuqoc6obcc

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 042a935e0fe84827c8cf7db5af654b5e
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://richsurvey.site
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
content-length: 196
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 4292525
in-page-push.net/500/ 1 KB
1 KB 178ms
138ms XHR
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://in-page-push.net/500/4292525?var=4316314&ymid=17-16499862

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 3f8db9249d45d067a5fadd4a3d8ca62e
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://richsurvey.site
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 en.json Show response
richsurvey.site/js/comments/ 4 KB
1 KB 42ms
41ms XHR
application/json 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/comments/en.json
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/js/survey.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7c2c70cfaa456cac0e5585bb38e5484496b7ebf2a42881ddbef7fa6a39cecd3

Request headers

:path: /js/comments/en.json
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-11c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yW6%2BChJ5Eo095Oiq5kHn23HExo5IWBGagof0cF%2BRJarGU5hYMJ9CvnrIbdXNLGT4GV9ptpVNsvGPJ5%2FKHw2Z4lQ6MZvi%2BKcsbOZ69iOWdfDps2qPrBKXFX02KZmad80HZRX0p69D2X8bDGyISg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53a5cf34ec8-FRA

GET
H2 200 gtm.js
www.googletagmanager.com/ 120 KB
43 KB 75ms
22ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NLSFF85

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43850
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 13 Oct 2021 03:57:43 GMT

GET
H2 200 cookie-consent-1.json Show response
richsurvey.site/js/dict/ 4 KB
2 KB 39ms
39ms XHR
application/json 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://richsurvey.site/js/dict/cookie-consent-1.json?v=1
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e76bbe806b385849442561f6e3f5a4a33008004c3f9c35c2fcfeb099a140dcff

Request headers

:path: /js/dict/cookie-consent-1.json?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-11dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AuchlVymFeiP94f3UAuHA5J0AaDnOW2OwQITR7l3HwmE1uWBnU9Hn57U7yDbAiHnF45rRKmlUvxAMtv%2FUmxQwjSr2C1nCeRq1gO6EM0a0N1EFvhOPHpcV2xU8zIyuy4PePRJW20ekJqbE2oT6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53a5cf64ec8-FRA

POST
H2 200 zone
ugyplysh.com/ 0
253 B 66ms
14ms Ping
text/plain 139.45.197.253
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ugyplysh.com/zone?pub=0&zone_id=4292861&is_mobile=false&domain=richsurvey.site&var=4316314&ymid=17-16499862&var_3=null&action=prerequest

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/pfe/current/micro.tag.min.js?z=4292861&sw=/sw/sw4292861.js&var=4316314&var_3=null&ymid=17-16499862&cdn=1&domain=ugyplysh.com

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.253 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: 59c468f9f6502c86f8368068b7075dac
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-origin: https://richsurvey.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0

GET
H2 200 unnamed.jpg
richsurvey.site/img/comments/ 1 KB
2 KB 13ms
13ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/unnamed.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/unnamed.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2056
content-length: 1378
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-562"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyhuGXbxAA4oqpG%2B6QRVYN2XWjKkmRNCLh%2FNRttvLzNDJ1d%2Bizszj3nXY%2BbahXXMvJssrkpeFtLDSWQvviw9K1oHp2q4%2FdApODTWF%2F4aNKro0NONtCw6J2%2Bawt01qn7rZfq6KiNksevtizd7cA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53aad454ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-1.png
richsurvey.site/img/comments/ 6 KB
7 KB 14ms
14ms Image
image/png 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-1.png
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-1.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 2056
etag: "615eace0-19b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iq8Fldlf9bCcgXOFs1drx2MZFKGnEhBEwKubtjo7IOEnPg5gog6KHlJdNc7ui5Ie0%2BaB9ocqF1a1z1IZhgXy%2Bi%2Fh0m2gib7rPRW5t7QS08midghqHM8wYFABWiGUrfuit2OYCVjwuuApGfEmOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69d5a53aad464ec8-FRA
content-length: 6577

GET
H2 200 person-14.jpg
richsurvey.site/img/comments/ 5 KB
6 KB 17ms
17ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-14.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-14.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 5392
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-1510"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4VZnJuNQpeK1hnvltmbU5n31VcAHHePY%2BlDRI7i%2F%2B7c4i4oFobxXWKXGyzcu2GrMtHocHiz8Gr7YkXnt%2F2dXy5OuxNVrSj%2BpGDPfWaN26BhfAERwFbfnNwnOY29Z3wPGySrU4y9UHfxhTcBrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53aad474ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-2.png
richsurvey.site/img/comments/ 6 KB
7 KB 20ms
19ms Image
image/png 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-2.png
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-2.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 2290
etag: "615eace0-191c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4%2BafJvvFCuhVyGVpuMPyE7uTFpvP9mxbOtvVMzhMgAoSA4BBUin4IcqmuxiaqE0FCo8q44EDE9EOOYUiCu1MIETUqUAKulMbUqyxzc7PN%2BO1LYFCwLDpwixLEevDiZsPdQpSYf5f18QSz4eog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69d5a53acd5e4ec8-FRA
content-length: 6428

GET
H2 200 person-4.jpeg
richsurvey.site/img/comments/ 3 KB
3 KB 16ms
15ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-4.jpeg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-4.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 2709
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-a95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g4RNVvcNqqw0T24%2B%2BTKNLGAWFYXs2VdvwSljCxsN4UTGTYGC6FRvepPG3AaYDxrL%2FK7kAvnecBGN50N04O3Amtd1J8KP1OwdjNf5jQtaASMZj7Z3nozhO1g67Ri1nG9RrGXWlolc%2FgZmahGz6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53acd614ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-5.jpg
richsurvey.site/img/comments/ 4 KB
5 KB 18ms
17ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-5.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-5.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 4333
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-10ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3T4AuZz%2Bm3uKhOYBrWLp24WoTv3SzaqRN7rmHSepCz%2B24%2BvxpEIz0AUodHLygYpKdTnnbUrgSpdfxkihO3MultRGeEgNpQqYd1r5LyS2GgX5unU2Jbj08mOXsX3wuh6WnU3aZTyV%2F6N3qCmalw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53acd634ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-6.jpg
richsurvey.site/img/comments/ 4 KB
5 KB 16ms
16ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-6.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-6.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 4392
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-1128"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fcs03tpoAiwpnQEwpt%2BJpYwsnTUfgaHR5sau2tlnYhd1gwwsQMAGQNYI2gIPWitahNNwbZ4tE11vVIsIG3FvDsrQJ%2BQAx0NiHsS0howAQrK43SamK66O6tBBpd0svJULoU8EiAqLp7RCu%2FFcFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53acd654ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-8.jpg
richsurvey.site/img/comments/ 6 KB
6 KB 14ms
14ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-8.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-8.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 5748
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-1674"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2F8bi5H4bo6HVIVofvtcAdh6bMfXqa%2B3lvPW%2By5SDkgDzbmwa1ce07ThZhvizMjuxuTFP8mH9JHqaWJ8bqA5uZpQVNvj7s0Kxc3cv8IyuhdOm%2B6hqx2JNkT%2FkAm2MQther9ok6fxuavVHJTirg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53aed874ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-3.png
richsurvey.site/img/comments/ 7 KB
8 KB 14ms
13ms Image
image/png 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-3.png
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-3.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 2290
etag: "615eace0-1cc8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYmxVs%2Ftg4UWDeRk8SwMSjXzoVcsJoIZUwlYp7lIzdR8kVIy0ZL5pf5%2BP%2FgNRLerIdY3qgzL15Kjet6dL2iv%2FeWOnvEDPzCfy5pfVnzOA9Sr7VBA%2FXDXQ9v5iUOChFj18nWSafAM6%2FHzLoWVdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69d5a53aed8a4ec8-FRA
content-length: 7368

GET
H2 200 person-9.jpg
richsurvey.site/img/comments/ 5 KB
5 KB 21ms
21ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-9.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-9.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 5190
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-1446"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=15vKxePWxF%2BtrBHHOOWZYf0jsF6MlJyski7p2K506XGrpvlz1KjMgmNoce%2BMH9clZ%2FO03wLK0AhSdHDt8uF%2FcgAfiEJ2jHhKoksMfvtW%2BJodUoQWsYDhrrOj09zHX1TduOYHOPxTG%2FmVnfIyJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53aed8d4ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-10.jpg
richsurvey.site/img/comments/ 6 KB
6 KB 14ms
13ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-10.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-10.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 6178
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-1822"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OISoANjzboPDYhaJs7z0CVv8EbdGZ6J1QiIxISe0Im3N4QfFahJnorw9H7LA5GJN2GdbqdEgqQu0OnQ31HJowAh4u4EFQNF%2FTLbqZjZaWpeSd%2FUZ3AEAb1M2YBGjcUv7cUhwDmb2rhfd7B%2FysQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53afda34ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-11.jpeg
richsurvey.site/img/comments/ 4 KB
4 KB 20ms
19ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-11.jpeg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-11.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 4175
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-104f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TkNtR71RYhM8rVSl84xa5Zv0TvuutF35lPvE6uKoQGVOAgYEUWYROWNvgON2sxQWopY1KpzX4Z3kqOA0AnKdtVnrqdp9Tfa7MtG6VtD%2Blgk8vHyPLZxdTf0f6lpsI5LpIBGGuyTVcdF8lwVbRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53afda44ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-12.jpeg
richsurvey.site/img/comments/ 3 KB
4 KB 15ms
15ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-12.jpeg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-12.jpeg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2290
content-length: 3519
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-dbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SKh4Ih8INS%2F%2B93G%2FHoOh26dRLxlsVLSsuZHxLn7P5r7KOMchmeabN4r1Q8D1l8UAkBOYDkS939Xs9sRR2hlGHPxFGCJvrSjww477OiH8iszeUSPPPpAUk3deorBxC5TaYNkBYkd5vdEOYlPvUw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53b0da84ec8-FRA
cf-bgj: h2pri

GET
H2 200 person-13.jpg
richsurvey.site/img/comments/ 3 KB
3 KB 11ms
11ms Image
image/jpeg 2606:4700:20::681a:5ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://richsurvey.site/img/comments/person-13.jpg
Requested by: Host: richsurvey.site
URL: https://richsurvey.site/finance-survey.html?z=4316314&offer_id=2186&var=17-16499862&ymid=4b62a3zuqoc6obcc&utm_campaign=17-16499862&utm_medium=4316314&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:5ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /img/comments/person-13.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: richsurvey.site
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2337
content-length: 3172
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-c64"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GRy%2Fx%2BhUyREU%2FG8e4spLdFSy2bqE9wF6nR8a7eCR7AdT8%2BIfizngHydPJEY%2F9E9F9INxPstCu0y%2BjC8mQ2PjPxn2oRx72ThDyNf5q%2BXO3eor2Akf8z3bGvS6mocWxM7QDsDjMHogjN3IoHYTfA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53b0dad4ec8-FRA
cf-bgj: h2pri

HEAD
H2 200 adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 0
0 54ms
30ms Fetch
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
etag: 16312097996353707024
vary: Accept-Encoding, Origin
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Wed, 13 Oct 2021 03:57:43 GMT

GET
H2 200 gid.js
my.rtmark.net/ 65 B
544 B 39ms
12ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://richsurvey.site
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 200
OK pix.jpg
tagdataxrt.com/ 28 B
620 B 55ms
13ms Fetch
image/jpeg 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/pix.jpg?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Arnhem, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 13 Oct 2021 03:57:43 GMT
Server: nginx/1.19.10
Etag: 0630e796-9acb-457e-a834-34908852a0c5
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: image/jpeg
Access-Control-Allow-Origin: https://richsurvey.site
Access-Control-Expose-Headers: ETag
Cache-Control: private, must-revalidate, proxy-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 28

GET version.js
tagdataxrt.com/ 0
0

GET googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

GET googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 0
0

GET googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

GET googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

GET googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 0
0

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/ir/ 0
0 53ms
15ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
Protocol: HTTP/1.1
Server: 37.48.68.71 Arnhem, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://richsurvey.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 13 Oct 2021 03:57:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://richsurvey.site
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/ir/ 0
425 B 15ms
14ms Fetch 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/ir/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Arnhem, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 13 Oct 2021 03:57:43 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://richsurvey.site
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 0

OPTIONS
H/1.1 200
OK add
tagdataxrt.com/log/ 0
0 40ms
13ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
Protocol: HTTP/1.1
Server: 37.48.68.71 Arnhem, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://richsurvey.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 13 Oct 2021 03:57:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://richsurvey.site
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK add
tagdataxrt.com/log/ 12 B
485 B 16ms
16ms Fetch
application/json 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/log/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
Requested by: Host: tagstaticx.com
URL: https://tagstaticx.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Arnhem, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: application/json;charset=utf-8

Response headers

Date: Wed, 13 Oct 2021 03:57:43 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://richsurvey.site
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 12

POST add
tagdataxrt.com/time_visit/ 0
0

GET
H2 200 /
itweedler.com/4533056/ 2 KB
2 KB 55ms
17ms Document
text/html 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://itweedler.com/4533056/?var=4316314&request_var=17-16499862&var3=472001066980880676

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: itweedler.com
:scheme: https
:path: /4533056/?var=4316314&request_var=17-16499862&var3=472001066980880676
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Wed, 13 Oct 2021 03:57:43 GMT
content-type: text/html; charset=utf8
x-trace-id: 303019f2b83ccb9a6aee0fdd8f5f2838
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://sweepstakessurvey.org>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://lukomol.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: * *
set-cookie: OAID=992abaac49f64fa78d7bd380f94fbd30; expires=Thu, 13 Oct 2022 03:57:43 GMT; path=/; secure; SameSite=None oaidts=1634097463; expires=Thu, 13 Oct 2022 03:57:43 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip

GET qsDDY31uP6Ih_REFk2bNeA4jhOuI1yxjvuCxQvcNovKTmuxRo1stoM9nOQ4S2FY_echgRZX9ydwrDb-HcPAZaLj25DROAzIN0uuaRRpfrxKiB1YH8_PRWETgShYc5uj9-QktO-LQ_QLqaIBVSiwF9uWXENzC2JTHPSDyw7FyDHuvlL-SolWQxljJxLLBFwqnbqA5r...
forflygonom.com/impression/ 0
0

GET
H2 200 gid.js
my.rtmark.net/ 65 B
543 B 16ms
15ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4292861&checkDuplicate=true&ymid=17-16499862&var=4316314

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/pfe/current/micro.tag.min.js?z=4292861&sw=/sw/sw4292861.js&var=4316314&var_3=null&ymid=17-16499862&cdn=1&domain=ugyplysh.com

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://richsurvey.site
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 zone
ugyplysh.com/ 0
0 42ms
14ms Fetch
application/json 139.45.197.253
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ugyplysh.com/zone?pub=0&zone_id=4292861&is_mobile=false&domain=richsurvey.site&var=4316314&ymid=17-16499862&var_3=null&action=settings

Requested by

Host: richsurvey.site
URL: https://richsurvey.site/pfe/current/micro.tag.min.js?z=4292861&sw=/sw/sw4292861.js&var=4316314&var_3=null&ymid=17-16499862&cdn=1&domain=ugyplysh.com

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.253 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: b9828c19e0b7f90611b467ece5236f46
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://richsurvey.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 737

GET analytics.js
www.google-analytics.com/ 0
0

GET tag.js
mc.yandex.ru/metrika/ 0
0

POST etag
tagdataxrt.com/ 0
0

OPTIONS
H/1.1 200
OK etag
tagdataxrt.com/ 0
0 14ms
14ms Preflight 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://tagdataxrt.com/etag?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a
Protocol: HTTP/1.1
Server: 37.48.68.71 Arnhem, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://richsurvey.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx/1.19.10
Date: Wed, 13 Oct 2021 03:57:43 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://richsurvey.site
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

POST vb
propeller-tracking.com/ 0
0

POST
H2 200 img.gif
my.rtmark.net/ 43 B
504 B 14ms
13ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=992abaac49f64fa78d7bd380f94fbd30

Requested by

Host: itweedler.com
URL: https://itweedler.com/4533056/?var=4316314&request_var=17-16499862&var3=472001066980880676

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: https://itweedler.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 Primary Request sweep.html Show response
sweepstakessurvey.org/ 5 KB
2 KB 162ms
114ms Document
text/html 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Requested by: Host: itweedler.com
URL: https://itweedler.com/4533056/?var=4316314&request_var=17-16499862&var3=472001066980880676
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49ea263f6631a4e77a422f737bc3a3f2781eeff7aac04dac30189a7da14a0df8

Request headers

:method: GET
:authority: sweepstakessurvey.org
:scheme: https
:path: /sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-type: text/html
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M18LMZ%2F1vhVFEaSdF8QVQE8VxBq4FyuoKJt0I2Pz%2Bg3lHxdy1gXRle2bWiVUUgpvnDNZ9PcH6jZ7JKebK779Z90Mgc9VO2tyQRK92%2Fmu%2BGRfG1QOe2VxZoHKZ8q3dExSmrmyEnWl%2FSb24SZ3wa2Rp4oWtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69d5a53c5cc1f91b-MXP
content-encoding: br

GET
H2 200 fv.js Show response
propeller-tracking.com/ 5 KB
3 KB 14ms
13ms Script
text/javascript 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Requested by

Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: fa2e089054675241641fe2e13ffddbac
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 rtc.js Show response
sweepstakessurvey.org/js/data/ 11 KB
5 KB 23ms
22ms Script
application/javascript 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/data/rtc.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8e21a5fdcb464c61185f66b10a6405f01fe3a8cd639b599a5b3d2f6b5aae4c0

Request headers

:path: /js/data/rtc.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 608
cf-polished: origSize=15077
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-3ae5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kAlJgN4SVRkI2afD81T%2FjlLCEJ7NFfeAy8qH7%2B3i1h6UnUMjz3kqxrn7nxs0CWThpwKSHCLpfD6BQNRo%2B4cccv04iwAZq04rPPthMtabkhN4GTrGADDwLzLMrMR29DvuN0q7S6iKA9H4NMab2N3P3qD%2FnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a53d2d0ef91b-MXP
cf-bgj: minify

GET
H2 200 config.js Show response
sweepstakessurvey.org/js/ 61 KB
19 KB 25ms
24ms Script
application/javascript 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/config.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40528342d9aad607efcd0f6c79b6e0d83722686c49b52675d2aaef948dddc103

Request headers

:path: /js/config.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 608
etag: W/"615eace0-f5b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dskkqgN9pVPNCLqL7rylOyu3GWrcTQ6CgiflC75uKDsguT2Hm%2FpTEnNHObIy1RLEUahGe5UBWSB2h7QsSzyQXtOW0ZcecgmS%2BMJnml47xUqjhqKKpTSW2737GuKSKOJRZk2dF7ljjmfgYMtkUJ9QOKBOpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53d2d0ff91b-MXP
cf-bgj: minify

GET
H2 200 survey.css
sweepstakessurvey.org/css/ 19 KB
5 KB 24ms
23ms Stylesheet
text/css 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/css/survey.css
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46e82abefb7f047ffecd1a09b10868ae7f49272fb06bf2013559afd325bd75f5

Request headers

:path: /css/survey.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 608
cf-polished: origSize=19903
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-4dbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYJy9%2FP6CuvEBesjMLzf2nZ4uXIWUOnyD0P8SnBKNZbVoasZLgqwqTQ4yCCDMpeYsTOSQs6nv3oEyosQt8KsWVUwuiCMz%2BPbwji5t2D8v36BUry85eVTzCnsCeLqbIE4Y6W3CWFdTZQQSCsoy3XorKBing%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69d5a53d2d10f91b-MXP
cf-bgj: minify

GET
H2 200 sweep.css
sweepstakessurvey.org/css/ 8 KB
2 KB 23ms
23ms Stylesheet
text/css 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/css/sweep.css
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85d24acd503fccbf47e3ce8a567cac7f9dca11e78ae1344e85d8d817b9300cc4

Request headers

:path: /css/sweep.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 608
cf-polished: origSize=7884
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-1ecc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txLFdJSAAZmwIzx2DOeY%2Fzz%2BqhZB%2BgEOVz0u2Bf9%2FFFS%2F6yuQyIVqjiLCixe9qzL59KFz5ryhYJGKCge5nSs%2F6gT5Av5CtXYniK%2BiPq9YnGqMPCq1zc3PesMHwmH%2B2RzKjogjdsQaghZJyRzsuoIJXkR%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 69d5a53d2d11f91b-MXP
cf-bgj: minify

GET
H2 200 box_c.png
sweepstakessurvey.org/img/sweep/ 4 KB
4 KB 30ms
30ms Image
image/png 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/sweep/box_c.png
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cff9cd1c5becb5c7fc4332898e6e98066be2e9f389abc54db50836d660a03809

Request headers

:path: /img/sweep/box_c.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 607
etag: "615eace0-ef0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5HiwQYHUXV7TBmM3ijxcu66IUVh4%2FUnGXzR0rqVMfAzHIc%2F0clJSGhs0fsF9V2SzPHBGpy7VODTxXgziSH8r5U0vpr7BcAWauzTKhs4162ToMTqTWVjdRnd8GFnqgsaV%2FzF2ifJSsHTYXyFa7LMwikMaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69d5a53d6d23f91b-MXP
content-length: 3824

GET
H2 200 survey.js Show response
sweepstakessurvey.org/js/ 273 KB
85 KB 31ms
30ms Script
application/javascript 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/survey.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3affea23599e52b0e73d8f71a35aa360d91ddea761519c7ac24e0828b1f54f1

Request headers

:path: /js/survey.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 608
cf-polished: origSize=279119
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-4424f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQehjWfPMt%2F%2FdBwW9dYb6mO8halVtollHdk%2Fwu1h%2FaYukEMGdJY857sonBEwoMA0vE6Ebgu81Ve2zbtMk%2B1SM0EP8a7Pz49mW%2FFdwg3iR6QzJdy1F2whxzdmVOwv9rB7uRqONzwnwinDLl1qlotv3C4s6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a53d5d1cf91b-MXP
cf-bgj: minify

GET
H2 200 sweep.js Show response
sweepstakessurvey.org/js/ 2 KB
844 B 22ms
22ms Script
application/javascript 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/sweep.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34b85cd1b30b56624555b19f2091ce88f865af29882cba4b763516a89fbd7aa0

Request headers

:path: /js/sweep.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 608
etag: W/"615eace0-617"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrwRYZXzVaLODoiwBIunX%2B7MX9QsrhGXyM%2Ft5VXjWFzaeomCkSskRTJIf212q4GHERkGL8w9hr%2BR3wka9Y%2F1ntAZSbsjWnAe%2FxPg6loTZf7nvjAeJHcqUgofQUzjK9MjQhb1708MwQjpHXzkV84ZgngIMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53d5d1ff91b-MXP
cf-bgj: minify

GET
H2 204 vctx Show response
propeller-tracking.com/ 0
496 B 13ms
13ms XHR
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vctx?t=82892

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 36b57d2ce98866160dee78e40ae473de
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 204 vbl
propeller-tracking.com/ 0
496 B 13ms
13ms Ping
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vbl?t=82892&bid=undefined&aid=undefined

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: 7c33613c0085c53ff1e800856e87f709
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 sd-999901.js Show response
sweepstakessurvey.org/js/data/ 4 KB
2 KB 30ms
30ms Script
application/javascript 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/data/sd-999901.js
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7d6f3f5f3e6052d69d3a32d218da607bc1eae6c633ff1481c5ca2c6f52e1718

Request headers

:path: /js/data/sd-999901.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 607
cf-polished: origSize=7502
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-1d4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ki7SP1E4wCnoBNvC9K%2FQdOMTUzaEMWV0H49xoV7cdHOdhohnbOUqZNYmd0F%2BlZUVjkk4R65YZKpKBzdx6e0VTalGg%2BE%2FkJ1E4Tb8uU9Jhby93QnQCAqn%2BjXJt7vAcd%2FlP5ol5E%2BytRfEe%2Ba0%2FDHS9wp6EA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 69d5a53d6d24f91b-MXP
cf-bgj: minify

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
547 B 13ms
13ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/survey.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b952956339f1af976214b42dec4486a651ae18f7acdd6e228b5cdbb45e09fe88

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 tokens10k.png
sweepstakessurvey.org/img/sweep/ 65 KB
65 KB 28ms
28ms Image
image/png 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/sweep/tokens10k.png
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cb3f101f3327f07baf3bcd509372a6058d871da12ae0661771a5c7c339fff36

Request headers

:path: /img/sweep/tokens10k.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:43 GMT
cf-cache-status: HIT
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
age: 606
etag: "615eace0-1043e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E4FNdPIJMed%2FGvTLLXhJiBs%2FgE03KMOkpdrpoDrqC84P5CBjDqfHpUFDzKWCSIw1DYBRumQ0rZNcWbPsMRfEJWDDfStJOJA6cBMSGMBFqRV%2F2I9V2QiCYA2EHXtS5BQ%2F2Kl8CZu6UIa9R2gd69aLfppngw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69d5a53ddd43f91b-MXP
content-length: 66622

GET
H2 200 en-sweep.json Show response
sweepstakessurvey.org/js/comments/ 5 KB
1 KB 117ms
117ms XHR
application/json 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/comments/en-sweep.json
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/survey.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b799b20264b97b575e4c6cd9aa8dbc1723fc9de24f6ba796e4afb8c41909d42

Request headers

:path: /js/comments/en-sweep.json
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-12fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvV5WlF3NmwZiuyWhWyeT%2F8ynKegGRTxh6Sd3GajKy2RIOlMO8%2B1a5ct9dv17n6Na64gBmfW%2Bcu8qxMNAFZnl%2BH0Ofm1fOxle7UzJoi0kcJiG7TDmGlgvZFekck7m8ux1x9OLcQs6DTtbGPHp%2FFCbx%2F4XA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53ddd45f91b-MXP

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 191 KB
65 KB 193ms
92ms Script
application/javascript 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

8ce174fc34969d02274382ec6da5a274b254802c3814de6971de6ec349c7dd6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
content-encoding: br
last-modified: Tue, 12 Oct 2021 15:49:43 GMT
etag: "61658467-1031a"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 66330
expires: Wed, 13 Oct 2021 04:57:44 GMT

GET
H2 200 cookie-consent-1.json Show response
sweepstakessurvey.org/js/dict/ 4 KB
2 KB 105ms
105ms XHR
application/json 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sweepstakessurvey.org/js/dict/cookie-consent-1.json?v=1
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/js/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e76bbe806b385849442561f6e3f5a4a33008004c3f9c35c2fcfeb099a140dcff

Request headers

:path: /js/dict/cookie-consent-1.json?v=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: application/json, text/plain, */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: application/json, text/plain, */*
Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: W/"615eace0-11dd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qlrtXKUD7c9uiINlZ%2F3qh9%2F49puSa5mlra1mtGhI97aU2E2SfRFhbTCSGhHHiPp72T2%2Fg%2Bc9FE8aUzB6S%2F42PVnG0jObwr5JRJu%2FaILWPTKcSagzC8bBTbMQDAfZRNMlHwWYkMVewrvhaAKmt%2Fyh9%2B7R3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69d5a53ddd46f91b-MXP

GET
H2 200 unnamed.jpg
sweepstakessurvey.org/img/comments/ 1 KB
2 KB 23ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/unnamed.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59

Request headers

:path: /img/comments/unnamed.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 607
content-length: 1378
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-562"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ht%2FrQgt2qiQb31aQY5WnMv9tLNFTdXRfUvowDcIqSNp%2B4WMJmhEw5zy6WGPtzKIgHqLbp37E6kSrbwZjA0uX4WM68M6IErX73lZ%2F8EOfQeMaK4n0gi2gTui42gNtH731y0LBksNAzWk1vf9x8fie5tcgTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eada8f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-1.jpg
sweepstakessurvey.org/img/comments/ 4 KB
4 KB 23ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-1.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a106ad9f340c7bafdd365ea1ad24b9336c304b1e72653eb58e84b5604471030

Request headers

:path: /img/comments/person-sweep-1.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 607
content-length: 3900
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-f3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3dTqFgJUZB6cHPjMXgbB%2FUi82EzrKURA4%2Bq%2BdwO730aGdzApaBcttpZH8keG71z%2B9Lsf0xMMCdnBQFfaXuiV%2F0AKunUhYTj4ejPetsn%2BJ9SAddWg03zolHbcPMjPd%2BnCrv1zNz9Jya%2FGTImt6iBy1i3Q1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eada9f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-2.jpg
sweepstakessurvey.org/img/comments/ 1 KB
2 KB 24ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-2.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c39b4bfbcc6aa147547ca922c4f80350b48dbfa59cbd5176f44373e3b20f3567

Request headers

:path: /img/comments/person-sweep-2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 607
content-length: 1042
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-412"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPgWsxGXs9NDSZVrDO0S9t8q%2BdNu418hTMmOHb%2BHHLWRfQHCLU41Po%2FIcB7plVeXc3eft55Et%2BopJjYSkcAp%2FYFdrYi4vcDTj6aa%2BjGBxujnla1xu4obHq0cCg%2BSPEBPZUMfLXgLu7kQLF%2F2bpshlWiaAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadaaf91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-3.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 24ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-3.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5d70c3abf95aecc84bcc1b1f9fc25848e690852071169bf57522fd671550291

Request headers

:path: /img/comments/person-sweep-3.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 607
content-length: 1063
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-427"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dClK9TmNf7HCWG%2BPIEy7%2FgRRPGoELv%2F2jGLI4hxDJOLKf5azv0Btdq1kaiKL2jDr88%2Bq5YD28%2Fo0z4dtUr3%2B2jJRPr2vMfocv53j9klxZnc61GlMMmig4Pi%2FGOu9sovW7Mn1CJmOMM5KY6s5ASC4C6%2BoGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadabf91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-4.jpg
sweepstakessurvey.org/img/comments/ 4 KB
4 KB 24ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-4.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0038f9d5f6fe1ce8fe1bf1cc7256f05e16c11d27041739c55918b823744753c

Request headers

:path: /img/comments/person-sweep-4.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 607
content-length: 3694
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-e6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z9jsCWAPpuRrXTxSpCGoG8kikJIKS859waG0KGtxFwONi6F5V4rhKVqrXvD0C09YScTrZR5xp6yCYzjYG2RESQVrcJPeNDmO%2FLcPU3akseAr%2FvdoJ8gDfAR962CZjadgROTnlYQfssmkLMqlifSUcjDGyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadadf91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-5.jpg
sweepstakessurvey.org/img/comments/ 3 KB
4 KB 25ms
24ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-5.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64e47fb0b1dc439d03463c15a7977d88988a4d3f7d563e3d772cc9ca8d41e414

Request headers

:path: /img/comments/person-sweep-5.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 607
content-length: 3268
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-cc4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5hiYcHwR7mxSeWkyO7rlmOAG%2BXjD5QZ%2BNEG7UGDztxYKzUhElaPou6Bky3H2icwdedte%2B45BMWPqF%2B5BPfyVfA%2BW770n7I7vqIO8LZkpZPUJiHrkeFENhG0KV7bDD7bfSiJbvWxy2sKN1fPPQlZK3cQ1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadaff91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-6.jpg
sweepstakessurvey.org/img/comments/ 10 KB
11 KB 25ms
23ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-6.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92aaaee44b9c6f7f69cd778106927274a9c6f0fec665555be6b020d220207fb6

Request headers

:path: /img/comments/person-sweep-6.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 10400
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-28a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eoeo%2BuLhjEn6nrKwSnrc8Qy013eOUSzA5wUcjQR3nAJ2TzC6Tw2kE8d2ueBtmxvqHv8aUOLpw47O8zFKxYb56yYYuzY65fXsvZJ2Pn4Pr%2FgRbSsngjqK3hDCHj1vFdoSGRH33YDgnVYC0ThA0muoS7Nk%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadb0f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-7.jpg
sweepstakessurvey.org/img/comments/ 11 KB
11 KB 23ms
23ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-7.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5afe11e79d5ce7715f2dd2a291c3841d7abc1a62ac89002214f9562f6f58865b

Request headers

:path: /img/comments/person-sweep-7.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 10884
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-2a84"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HtkAXxQPMCQFyqAncVDpPFabi%2BupxQ7%2BYFoFzHQQ%2BUny8Copy6SQ2rZ%2F1JM3Y%2BGrs6f7rbiqAKrx7Oj2HLNa7gxWmb32su2l5TZtfb6QoWG7lQn%2B4vZaJ0z3tHGcG0dYOmvfwvK1REOOvQ4J6juOv%2FYGew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadbff91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-8.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 24ms
24ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-8.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed7ea3a5c85d0ba010c783b9599441ba28fb4333cf1ef534f6ec07b5d81e7fd8

Request headers

:path: /img/comments/person-sweep-8.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 1182
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-49e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j99wwLiDJqDIC9i%2BYC0xZaITn%2BTq8I3BOcA9yw8e4Aj6v53HQb1I5%2Bef0bcSUXNIXqCXsz8Wza%2BoIMt9UCq6%2Fmfp%2Fz60Y%2FnYinsWmk8FvZVFykvsCl3K46uhNqAiCtz1UBeenIx%2BAYy%2B1DEpeGVWFCkT4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadbef91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-9.jpg
sweepstakessurvey.org/img/comments/ 12 KB
12 KB 25ms
25ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-9.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccfcb58ee86d9df13807286e232dd153f04c84527fd80d5efc2212157cb6386e

Request headers

:path: /img/comments/person-sweep-9.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 11871
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-2e5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q8f%2FUei5ipodcAe4nnaWU9GPqRLc7XdOlpKCZMLhG9FTTzOooK%2FbVUyl81%2FJ8bLrzKs09s42UqU4G3%2BP3NRe3%2BZVM8iC%2FZdXGE8O8hV4fORYqtxz9LXD4adlF5jSc7EWICnfp6jN70v1WENbrOKVBSBzow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eadc0f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-10.jpg
sweepstakessurvey.org/img/comments/ 11 KB
11 KB 22ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-10.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 271e2dabe37ae76b27d28edfeaf49c9a4135f62dd24a3c0ff3387ea9354841f1

Request headers

:path: /img/comments/person-sweep-10.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 10828
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-2a4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EuxahTyBGSWgHLCyqJ7hWEUmjsqOwt3MshPlTww2V2%2FvCWnrAC7VloGGV8e6QyxeUGQZ2Gcb4lerBCfpHlcdxH3eBN2uhGylzCi3jOasEgJBtco4oRci0sOzEJqCgqgccBjNwVN8Qcnpt4U4jy6KRpQi6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eddd5f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-11.jpg
sweepstakessurvey.org/img/comments/ 10 KB
11 KB 23ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-11.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d020381e094ab0ae1556c751f9c4af6498cf12989cd9c3605ca91b856cb5951

Request headers

:path: /img/comments/person-sweep-11.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 10636
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-298c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eskdLH0lpglXNFbchQtxXQDUTwzDu4dC2UDAwHitXVptxeuM0LoeNb2I%2BueQbsJ0JH4usEc%2FQUQtfAlN1f5FC4Z54Q1H4CTK4q7dgAQz%2FDeuP0J2aetpcTtmW2l5fKRSvHFu9Ze0hVLue47VdQyCbhkoeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eddd6f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-12.jpg
sweepstakessurvey.org/img/comments/ 11 KB
11 KB 22ms
22ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-12.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65e9048c6b09381baa8056de19ad758b2a302dbbc3fb1cdb509e414ed73c69b8

Request headers

:path: /img/comments/person-sweep-12.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 11188
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-2bb4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHOtDVUNnTIPRXrXUNaagToEXC4u8ccXjedYARanoKKugOqUgjJB91xDRGrMdOkvQ79GO%2FlHcqvTT81qg%2F6jK9gN16A8DF6Qyb4Co4bKjl3iZp3E7SdjCzug8L6cweUuWJ3cSCbOr%2B7gbhzAQdLOXXBlNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eddd7f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-13.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 23ms
23ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-13.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f442be1fc6ab7aa64035207cedeff057625371b7a58d551fda451acee6b4f58

Request headers

:path: /img/comments/person-sweep-13.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 1110
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-456"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nDVdp68X67WlJNotUiATF0MjgYwOSIG5mvPN0MAb8moNXhtNcIgI8ijhmwIRut6Rnn9LUPT6KrTOGGrWrCsjswV%2Ba6CALLbKIITzR1KqqDNXxiWE9JzytJD%2FkWATNJac48wqi8TMW0bTmRzRAZ4IHAAbig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eddd8f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-14.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 24ms
24ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-14.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 174659ceb240363f2d31a6fd392f108ad714a592b0dc3192d1051c42237bf8b8

Request headers

:path: /img/comments/person-sweep-14.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 1146
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-47a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lpAsRxyVgqxweUto6%2F2neryy0T9pSIAA021Ye1m1W2QWt3U4N6HXoZzK3uf4%2BBErEpvwDMjVYs28ZvU2XOK2aUV1rTc60HiIPSnB0Tb78HWsfG1V6BSi4hQVEJtSn0DiZb%2F7AeEI3O1dZw%2FEULus%2Fr3%2B3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53eddd9f91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-15.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 24ms
23ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-15.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f739552ded4074fa25475c5a5ed9c49dc0a769e791e9916b5d8bcbc044f8818a

Request headers

:path: /img/comments/person-sweep-15.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 1067
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-42b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h8gVpxkRcaW0I0P3WCEpBBiZ3Qv0%2Fq4Rq1baZSDqjIQngmk6ALzyltMpCAOt%2BB1x9pzk7x093AIkroL0pKuEF3sgllukqbSCo%2BOg8bL7B4s350EN8r6ZH44UEw4I8UoszmmC1X9NrqYXKTMQ9kemCxDHhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53edddaf91b-MXP
cf-bgj: h2pri

GET
H2 200 person-sweep-16.jpg
sweepstakessurvey.org/img/comments/ 1 KB
1 KB 25ms
24ms Image
image/jpeg 2606:4700:20::681a:fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sweepstakessurvey.org/img/comments/person-sweep-16.jpg
Requested by: Host: sweepstakessurvey.org
URL: https://sweepstakessurvey.org/sweep.html?survey_id=999901&comments=en-sweep&geo=DE&oaid=992abaac49f64fa78d7bd380f94fbd30&s=472001573279510836&z=4533056&b=10037337&var=4316314&campaignid=4634920&utm_campaign=4316314&utm_medium=4533056&utm_source=zd_4634920&utm_term=10037337&utm_content=zd_public_v2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15f660e8aec56d65e9da4efcd552984e5a623c25b8484c3efbdfa7567bdab17d

Request headers

:path: /img/comments/person-sweep-16.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: sweepstakessurvey.org
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 606
content-length: 1208
last-modified: Thu, 07 Oct 2021 08:16:32 GMT
server: cloudflare
etag: "615eace0-4b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hfmk28OBhH0MWtA%2B1C76lyxQWBeb%2FC5VRf%2BNCo2%2Fi%2Bea4c5kbbz8tpsg2L%2Bzz3stiy84rgu9PFfRQRmVtNuIDExMKbZqGcwGOnnuHBPmGlXj%2BcK8TLp5oGf6s4QBG%2BC%2FqanlO4aqXPeRieSvSseiN0P6mw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69d5a53edddbf91b-MXP
cf-bgj: h2pri

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9424.I2IDslQ6NygW-OQHge-NT4hAJtBU0u23sPJ2xJOMymswrdkVJWo8BjfD7Da5FLsi.kZfDldf_5lSLHGNRHVDZCeqrovs%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9424.-COFLeWGR6vL2uOswC_btZDR9FsAicWcZEKcRLnqVIuHGwEsZlmzM2Cf-qlvkC4wv2yE-pZiLqetzLfQQ9lWoQ%2C%2C.QQxSO4eOLpK8Mmtdb8GONwrjJzo%2C

75 B
75 B

49ms
49ms

Image
text/html

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9424.-COFLeWGR6vL2uOswC_btZDR9FsAicWcZEKcRLnqVIuHGwEsZlmzM2Cf-qlvkC4wv2yE-pZiLqetzLfQQ9lWoQ%2C%2C.QQxSO4eOLpK8Mmtdb8GONwrjJzo%2C

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9424.-COFLeWGR6vL2uOswC_btZDR9FsAicWcZEKcRLnqVIuHGwEsZlmzM2Cf-qlvkC4wv2yE-pZiLqetzLfQQ9lWoQ%2C%2C.QQxSO4eOLpK8Mmtdb8GONwrjJzo%2C
date: Wed, 13 Oct 2021 03:57:44 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
112 B 49ms
49ms Image
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 03:57:44 GMT
last-modified: Tue, 12 Oct 2021 15:49:43 GMT
etag: "61658467-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Wed, 13 Oct 2021 04:57:44 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/66423859/
Redirect Chain

https://mc.yandex.com/watch/66423859?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D992abaac49f64fa78d7bd380f94fbd3...
https://mc.yandex.com/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D992abaac49f64fa78d7bd380f94fb...

331 B
440 B

50ms
50ms

XHR
application/json

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D992abaac49f64fa78d7bd380f94fbd30%26s%3D472001573279510836%26z%3D4533056%26b%3D10037337%26var%3D4316314%26campaignid%3D4634920%26utm_campaign%3D4316314%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A223%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A1151823246597%3Ahid%3A101954394%3Az%3A0%3Ai%3A202101013035744%3Aet%3A1634097464%3Ac%3A1%3Arn%3A765256077%3Arqn%3A1%3Au%3A1634097464573604883%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1634097463684%3Ads%3A8%2C39%2C114%2C1%2C1%2C0%2C%2C120%2C2%2C%2C%2C%2C286%3Adsn%3A9%2C39%2C114%2C1%2C1%2C0%2C%2C122%2C1%2C%2C%2C%2C286%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1634097464%3At%3ADear%20user

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

0fde678ce8bac82bff7220a1e729330a333c1986cbd700e935fbced878a195ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Oct 2021 03:57:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 13-Oct-2021 03:57:44 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 331
x-xss-protection: 1; mode=block
expires: Wed, 13-Oct-2021 03:57:44 GMT

Redirect headers

pragma: no-cache
date: Wed, 13 Oct 2021 03:57:44 GMT
last-modified: Wed, 13-Oct-2021 03:57:44 GMT
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fsweepstakessurvey.org%2Fsweep.html%3Fsurvey_id%3D999901%26comments%3Den-sweep%26geo%3DDE%26oaid%3D992abaac49f64fa78d7bd380f94fbd30%26s%3D472001573279510836%26z%3D4533056%26b%3D10037337%26var%3D4316314%26campaignid%3D4634920%26utm_campaign%3D4316314%26utm_medium%3D4533056%26utm_source%3Dzd_4634920%26utm_term%3D10037337%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A25rt5xty9edhsiwjn9%3Afp%3A223%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A660%3Acn%3A1%3Adp%3A0%3Als%3A1151823246597%3Ahid%3A101954394%3Az%3A0%3Ai%3A202101013035744%3Aet%3A1634097464%3Ac%3A1%3Arn%3A765256077%3Arqn%3A1%3Au%3A1634097464573604883%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1634097463684%3Ads%3A8%2C39%2C114%2C1%2C1%2C0%2C%2C120%2C2%2C%2C%2C%2C286%3Adsn%3A9%2C39%2C114%2C1%2C1%2C0%2C%2C122%2C1%2C%2C%2C%2C286%3Awv%3A2%3Aadb%3A2%3Arqnl%3A1%3Ati%3A2%3Ast%3A1634097464%3At%3ADear%20user
strict-transport-security: max-age=31536000
access-control-allow-origin: https://sweepstakessurvey.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Wed, 13-Oct-2021 03:57:44 GMT

POST
H2 204 vbri
propeller-tracking.com/ 0
496 B 40ms
39ms Ping
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vbri?t=82892&bid=undefined&aid=undefined&tp=2205.5999999046326

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=82892&cb=12724596

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: 0cbfffaf9031c5963d433fb75ba55a62
pragma: no-cache
date: Wed, 13 Oct 2021 03:57:45 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sweepstakessurvey.org
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: richsurvey.site
URL: https://richsurvey.site/js/survey-site.js

Domain: richsurvey.site
URL: https://richsurvey.site/js/data/sd-1203000.js

Domain: propeller-tracking.com
URL: https://propeller-tracking.com/vbl?t=82892&bid=undefined&aid=undefined

Domain: propeller-tracking.com
URL: https://propeller-tracking.com/vb?t=82892&bid=undefined&aid=undefined&tp=174.19999980926514

Domain: tagdataxrt.com
URL: https://tagdataxrt.com/version.js?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Domain: www.google.com
URL: https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Domain: tagdataxrt.com
URL: https://tagdataxrt.com/time_visit/add?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

Domain: forflygonom.com
URL: https://forflygonom.com/impression/qsDDY31uP6Ih_REFk2bNeA4jhOuI1yxjvuCxQvcNovKTmuxRo1stoM9nOQ4S2FY_echgRZX9ydwrDb-HcPAZaLj25DROAzIN0uuaRRpfrxKiB1YH8_PRWETgShYc5uj9-QktO-LQ_QLqaIBVSiwF9uWXENzC2JTHPSDyw7FyDHuvlL-SolWQxljJxLLBFwqnbqA5rtoi_fiFkUHEW35rkcN2z4LmtYr-zuVVpvvubaYSBq10FehVRRDrPMt10Odhdmgpyc-RIH0ufaHTH5q9-XkgNDXlFfcutQtoIOTuUQs1JarAJWcrrNPvX4CF2c9ixx4508Bpwm9FQbVpqIQ5VN0wiESlZlV_p5SBJWMraD8X49DemWtt-qkNGHgLwWV9A3yTudiGAXTua46bVT-1gtujpNCEaH_K12C1Mw==?_z=4292525

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Domain: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Domain: tagdataxrt.com
URL: https://tagdataxrt.com/etag?cid=eacf36da-c06d-4d71-90cc-88e30cd4240a

Domain: propeller-tracking.com
URL: https://propeller-tracking.com/vb?t=82892&bid=undefined&aid=undefined&tp=405.09999990463257

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
my.rtmark.net/	1970-01-20 06:40:33	Name: ID Value: 29d4b38b26404a20b13c25111bfcea17
itweedler.com/	1970-01-20 06:40:33	Name: OAID Value: 992abaac49f64fa78d7bd380f94fbd30
itweedler.com/	1970-01-20 06:40:33	Name: oaidts Value: 1634097463
.sweepstakessurvey.org/	1970-01-20 06:40:33	Name: _ym_uid Value: 1634097464573604883
.sweepstakessurvey.org/	1970-01-20 06:40:33	Name: _ym_d Value: 1634097464
.mc.yandex.com/	1970-01-19 21:54:58	Name: sync_cookie_csrf Value: 2122014634fake
.sweepstakessurvey.org/	1970-01-19 21:56:09	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-19 21:54:58	Name: sync_cookie_csrf Value: 372706706fake
.yandex.com/	1970-01-20 06:40:33	Name: yandexuid Value: 5269880141634097464
.yandex.com/	1970-01-20 06:40:33	Name: yuidss Value: 5269880141634097464
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 2068725931634097464
.yandex.com/	1970-01-23 13:30:57	Name: i Value: jQ8vNZFNvWcsCYXG0CAHH52MhrcHH7rIvOdpeZgn87tYji54e7xruuuXwsK/YL2XkwzuWyBnwwAcQuvbEAcB4gfq2tg=
.yandex.com/	1970-01-20 06:40:33	Name: ymex Value: 1665633464.yrts.1634097464#1665633464.yrtsi.1634097464
.sweepstakessurvey.org/	1970-01-19 21:54:59	Name: _ym_visorc Value: b

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	warning	URL: https://tagstaticx.com/tag.js Message: RTP data channels are no longer supported. The "RtpDataChannels" constraint is currently ignored, and may cause an error at a later date.
intervention	error	URL: https://richsurvey.site/js/survey.js Message: Blocked attempt to show a 'beforeunload' confirmation panel for a frame that never had a user gesture since its load. https://www.chromestatus.com/feature/5082396709879808
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9424.-COFLeWGR6vL2uOswC_btZDR9FsAicWcZEKcRLnqVIuHGwEsZlmzM2Cf-qlvkC4wv2yE-pZiLqetzLfQQ9lWoQ%2C%2C.QQxSO4eOLpK8Mmtdb8GONwrjJzo%2C Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

forflygonom.com
in-page-push.net
itcleffaom.com
itweedler.com
mc.yandex.com
mc.yandex.ru
my.rtmark.net
onetrackon.com
pagead2.googlesyndication.com
propeller-tracking.com
richsurvey.site
sweepstakessurvey.org
tagdataxrt.com
tagstaticx.com
ugyplysh.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
forflygonom.com
mc.yandex.ru
propeller-tracking.com
richsurvey.site
tagdataxrt.com
www.google-analytics.com
www.google.com
139.45.195.8
139.45.197.237
139.45.197.238
139.45.197.240
139.45.197.253
176.31.124.210
2606:4700:20::681a:5ab
2606:4700:20::681a:fd7
2606:4700:3033::ac43:aa23
2a00:1450:4001:808::2008
2a00:1450:4001:809::2002
2a02:6b8::1:119
37.48.68.71
03fab1322393e152372ab8bc87e047f0b464cb7a30b493226b7ae41f9bd0dbe8
0fde678ce8bac82bff7220a1e729330a333c1986cbd700e935fbced878a195ae
15f660e8aec56d65e9da4efcd552984e5a623c25b8484c3efbdfa7567bdab17d
174659ceb240363f2d31a6fd392f108ad714a592b0dc3192d1051c42237bf8b8
271e2dabe37ae76b27d28edfeaf49c9a4135f62dd24a3c0ff3387ea9354841f1
2cb3f101f3327f07baf3bcd509372a6058d871da12ae0661771a5c7c339fff36
34b85cd1b30b56624555b19f2091ce88f865af29882cba4b763516a89fbd7aa0
3b799b20264b97b575e4c6cd9aa8dbc1723fc9de24f6ba796e4afb8c41909d42
40528342d9aad607efcd0f6c79b6e0d83722686c49b52675d2aaef948dddc103
4200f94af9e21196c339a50a85d3d50c769e8655857fdaf67df6e99678b9ad59
46e82abefb7f047ffecd1a09b10868ae7f49272fb06bf2013559afd325bd75f5
49ea263f6631a4e77a422f737bc3a3f2781eeff7aac04dac30189a7da14a0df8
4ce5b70f4867cc996d2cc6d4b6627e68490349fc6f7f1896b4983f02baba7a28
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5afe11e79d5ce7715f2dd2a291c3841d7abc1a62ac89002214f9562f6f58865b
64a92922801ea676a88192b928a94d9179fe23c789767bba01647c21fb289904
64e47fb0b1dc439d03463c15a7977d88988a4d3f7d563e3d772cc9ca8d41e414
65e9048c6b09381baa8056de19ad758b2a302dbbc3fb1cdb509e414ed73c69b8
7424b5901f26958fbef94e9764daca7c46871c608036a63876686b32c6fbb818
7f442be1fc6ab7aa64035207cedeff057625371b7a58d551fda451acee6b4f58
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
85d24acd503fccbf47e3ce8a567cac7f9dca11e78ae1344e85d8d817b9300cc4
8ce174fc34969d02274382ec6da5a274b254802c3814de6971de6ec349c7dd6c
92aaaee44b9c6f7f69cd778106927274a9c6f0fec665555be6b020d220207fb6
9a106ad9f340c7bafdd365ea1ad24b9336c304b1e72653eb58e84b5604471030
9d020381e094ab0ae1556c751f9c4af6498cf12989cd9c3605ca91b856cb5951
a0038f9d5f6fe1ce8fe1bf1cc7256f05e16c11d27041739c55918b823744753c
a1a2182e523221a6c3e6e665601e0cf899b59635c26492d1b060c20b07809009
acc9ce307870076d09114bcf3310a4217d59a87228bde2f3cc2248c9e70e880b
b7c2c70cfaa456cac0e5585bb38e5484496b7ebf2a42881ddbef7fa6a39cecd3
b952956339f1af976214b42dec4486a651ae18f7acdd6e228b5cdbb45e09fe88
b9b83e91c86f303d98ede9ff0b4700d0f68ebbd39370fa7b744b51d1e9e08135
bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f
c39b4bfbcc6aa147547ca922c4f80350b48dbfa59cbd5176f44373e3b20f3567
c5d70c3abf95aecc84bcc1b1f9fc25848e690852071169bf57522fd671550291
c7d6f3f5f3e6052d69d3a32d218da607bc1eae6c633ff1481c5ca2c6f52e1718
ccfcb58ee86d9df13807286e232dd153f04c84527fd80d5efc2212157cb6386e
cff9cd1c5becb5c7fc4332898e6e98066be2e9f389abc54db50836d660a03809
d3affea23599e52b0e73d8f71a35aa360d91ddea761519c7ac24e0828b1f54f1
d8e21a5fdcb464c61185f66b10a6405f01fe3a8cd639b599a5b3d2f6b5aae4c0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ce1add3a481e1df35ca5c582f7b8cc2eb19779063dd89e66f2b142ef57cf3a
e76bbe806b385849442561f6e3f5a4a33008004c3f9c35c2fcfeb099a140dcff
ed7ea3a5c85d0ba010c783b9599441ba28fb4333cf1ef534f6ec07b5d81e7fd8
f739552ded4074fa25475c5a5ed9c49dc0a769e791e9916b5d8bcbc044f8818a

sweepstakessurvey.org Open in urlscan Pro 2606:4700:20::681a:fd7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

111 Requests

86 %HTTPS

46 %IPv6

18 Domains

18 Subdomains

14 IPs

6 Countries

786 kBTransfer

1957 kBSize

14 Cookies

1 Outgoing links

Page URL History

Redirected requests

111 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sweepstakessurvey.org Open in urlscan Pro
2606:4700:20::681a:fd7 Public Scan

Screenshot
Live screenshot

Full Image

111
Requests

86 %
HTTPS

46 %
IPv6

18
Domains

18
Subdomains

14
IPs

6
Countries

786 kB
Transfer

1957 kB
Size

14
Cookies

111 HTTP transactions
0 data transactions