urlscan.io logo urlscan.io
SecurityTrails logo

ww7.macdonalds-survey.ca Open in urlscan Pro
199.59.243.227  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.secure.macdonalds-survey.ca/
Effective URL: http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
Submission: On October 28 via automatic, source certstream-suspicious — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 1 countries across 9 domains to perform 23 HTTP transactions. The main IP is 199.59.243.227, located in United States and belongs to AMAZON-02, US. The main domain is ww7.macdonalds-survey.ca.
This is the only time ww7.macdonalds-survey.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 172.233.219.123 63949 (AKAMAI-LI...)
1 1 72.52.178.23 32244 (LIQUIDWEB)
4 199.59.243.227 16509 (AMAZON-02)
1 142.250.80.100 15169 (GOOGLE)
1 142.251.40.162 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2600:3c02:1::... 63949 (AKAMAI-LI...)
1 2600:9000:251... 16509 (AMAZON-02)
7 172.67.153.236 13335 (CLOUDFLAR...)
2 172.67.134.204 13335 (CLOUDFLAR...)
2 172.67.135.143 13335 (CLOUDFLAR...)
23 9
1    172.233.219.123 (Chicago, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: viridian02.parklogic.com
www.secure.macdonalds-survey.ca
1    72.52.178.23 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: lb01.parklogic.com
ww99.macdonalds-survey.ca
4    199.59.243.227 (United States)

ASN16509 (AMAZON-02, US)
ww7.macdonalds-survey.ca
1    142.250.80.100 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f4.1e100.net
www.google.com
1    142.251.40.162 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net
partner.googleadservices.com
3    2607:f8b0:4006:80c::200e (United States)

ASN15169 (GOOGLE, US)
syndicatedsearch.goog
2    2600:3c02:1::2d4f:f4d1 (Atlanta, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
parking3.parklogic.com
1    2600:9000:2510:3a00:12:baaf:c600:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.jscaddy.com
7    172.67.153.236 (United States)

ASN13335 (CLOUDFLARENET, US)
de.vour.io
2    172.67.134.204 (United States)

ASN13335 (CLOUDFLARENET, US)
ipua.io
2    172.67.135.143 (United States)

ASN13335 (CLOUDFLARENET, US)
algenid.com
Apex Domain
Subdomains		 Transfer
7 vour.io
de.vour.io — Cisco Umbrella Rank: 544826
4 KB
6 macdonalds-survey.ca
www.secure.macdonalds-survey.ca
ww99.macdonalds-survey.ca
ww7.macdonalds-survey.ca
43 KB
3 syndicatedsearch.goog
syndicatedsearch.goog — Cisco Umbrella Rank: 3282
721 B
2 algenid.com
algenid.com — Cisco Umbrella Rank: 607685
1 KB
2 ipua.io
ipua.io — Cisco Umbrella Rank: 568681
2 KB
2 parklogic.com
parking3.parklogic.com — Cisco Umbrella Rank: 137188
3 KB
1 jscaddy.com
cdn.jscaddy.com — Cisco Umbrella Rank: 200022
17 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 5125
271 B
1 google.com
www.google.com — Cisco Umbrella Rank: 3
54 KB
23 9
Domain Requested by
7 de.vour.io cdn.jscaddy.com
4 ww7.macdonalds-survey.ca ww7.macdonalds-survey.ca
3 syndicatedsearch.goog www.google.com
2 algenid.com cdn.jscaddy.com
2 ipua.io cdn.jscaddy.com
2 parking3.parklogic.com ww7.macdonalds-survey.ca
parking3.parklogic.com
1 cdn.jscaddy.com parking3.parklogic.com
1 partner.googleadservices.com www.google.com
1 www.google.com ww7.macdonalds-survey.ca
1 ww99.macdonalds-survey.ca 1 redirects
1 www.secure.macdonalds-survey.ca 1 redirects
23 11

This site contains no links.

Subject Issuer Validity Valid
*.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.googleadservices.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
syndicatedsearch.goog
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.parklogic.com
Sectigo RSA Domain Validation Secure Server CA		 2024-01-20 -
2025-02-19		 a year crt.sh
cdn.jscaddy.com
Amazon RSA 2048 M02		 2024-09-27 -
2025-10-27		 a year crt.sh
vour.io
WE1		 2024-10-27 -
2025-01-25		 3 months crt.sh
ipua.io
WE1		 2024-10-13 -
2025-01-11		 3 months crt.sh
algenid.com
WE1		 2024-10-11 -
2025-01-09		 3 months crt.sh

This page contains 3 frames:

Primary Page: http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
Frame ID: A20E506FC85DE57B3630D564382C7D0B
Requests: 8 HTTP requests in this frame

Frame: https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol123%2Cpid-bodis-gcontrol495%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol186&client=dp-bodis30_3ph&r=m&hl=en&ivt=1&rpbu=http%3A%2F%2Fww7.macdonalds-survey.ca%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D15%26utid%3D31004697577&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2532472597119778&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717107&format=r3&nocache=5441730159952003&num=0&output=afd_ads&domain_name=ww7.macdonalds-survey.ca&v=3&bsl=8&pac=0&u_his=1&u_tz=-420&dt=1730159952004&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&uio=-&cont=rs&drt=0&jsid=caf&nfp=1&jsv=688160506&rurl=http%3A%2F%2Fww7.macdonalds-survey.ca%2F%3Fusid%3D15%26utid%3D31004697577
Frame ID: BB1F77CEF89618C609692E46D1759EBF
Requests: 1 HTTP requests in this frame

Frame: https://parking3.parklogic.com/page/enhance.js?pcId=7&&domain=macdonalds-survey.ca
Frame ID: C14DC8CDB11086CDB71A750E05DA91CD
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

macdonalds-survey.ca

Page URL History Show full URLs

  1. https://www.secure.macdonalds-survey.ca/ HTTP 302
    http://ww99.macdonalds-survey.ca/ HTTP 307
    https://ww99.macdonalds-survey.ca/ HTTP 302
    http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577 HTTP 307
    https://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577 HTTP 307
    http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577 Page URL

Page Statistics

23
Requests

83 %
HTTPS

27 %
IPv6

9
Domains

11
Subdomains

9
IPs

1
Countries

124 kB
Transfer

245 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.secure.macdonalds-survey.ca/ HTTP 302
    http://ww99.macdonalds-survey.ca/ HTTP 307
    https://ww99.macdonalds-survey.ca/ HTTP 302
    http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577 HTTP 307
    https://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577 HTTP 307
    http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ww7.macdonalds-survey.ca/
Redirect Chain
  • https://www.secure.macdonalds-survey.ca/
  • http://ww99.macdonalds-survey.ca/
  • https://ww99.macdonalds-survey.ca/
  • http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
  • https://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
  • http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
Protocol
HTTP/1.1
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
65dca8d8046e269b69be8d21d4ddaa419eb2941aa5c68754cb237c8f3146503a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-prefers-color-scheme
cache-control
no-store, max-age=0
content-length
1158
content-type
text/html; charset=utf-8
critical-ch
sec-ch-prefers-color-scheme
date
Mon, 28 Oct 2024 23:59:11 GMT
vary
sec-ch-prefers-color-scheme
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RWhU2Ij7I9JujKFxvif7LsZj/pSbrcw6DRZT/o9JE/X8ggKijTSvy5V5JViMtYfW0icK/dD+t2WYbBzzaQRjJw==
x-request-id
9c6fdd5f-d066-4955-9ec1-c0ca0134ae70

Redirect headers

Location
http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
Non-Authoritative-Reason
HttpsUpgrades
bWWlsEnNm.js
ww7.macdonalds-survey.ca/ 		34 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ww7.macdonalds-survey.ca/bWWlsEnNm.js
Requested by
Host: ww7.macdonalds-survey.ca
URL: http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
Protocol
HTTP/1.1
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
332377d65b3a7fa7bd8af4e115edea560b06f90debe0d06c5d9c879c01260503

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577

Response headers

x-request-id
7e6558e7-9fcf-4358-9b09-04a6ba21d995
content-length
34737
date
Mon, 28 Oct 2024 23:59:10 GMT
content-type
application/javascript; charset=utf-8
_fd
ww7.macdonalds-survey.ca/ 		6 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww7.macdonalds-survey.ca/_fd?usid=15&utid=31004697577
Requested by
Host: ww7.macdonalds-survey.ca
URL: http://ww7.macdonalds-survey.ca/bWWlsEnNm.js
Protocol
HTTP/1.1
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c60e7b85546b1bc432d17921d7039713a7a7ba3c6c374952dcaff49859483dab

Request headers

Referer
http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-request-id
1e5a5d3c-4eab-45c5-b142-1c1881a6b619
content-length
6337
date
Mon, 28 Oct 2024 23:59:10 GMT
content-type
application/json; charset=utf-8
caf.js
www.google.com/adsense/domains/ 		150 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js?abp=1&bodis=true
Requested by
Host: ww7.macdonalds-survey.ca
URL: http://ww7.macdonalds-survey.ca/bWWlsEnNm.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.100 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s36-in-f4.1e100.net
Software
sffe /
Resource Hash
0ea9ea9fc59f245c2c361b322e0b70cfbc3cfa4dd243dc0e28f7ff7c558eb2b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/

Response headers

content-encoding
gzip
etag
"8306099939284893895"
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
x-content-type-options
nosniff
expires
Mon, 28 Oct 2024 23:59:11 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 28 Oct 2024 23:59:11 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
link
<https://syndicatedsearch.goog>; rel="preconnect"
cache-control
private, max-age=3600
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
accept-ranges
bytes
x-xss-protection
0
server
sffe
cookie.js
partner.googleadservices.com/gampad/ 		394 B
271 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=ww7.macdonalds-survey.ca&client=partner-dp-bodis30_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&bodis=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
0db9127ceb15f2b76d64cf39e00819f1e982920728c9261ec778815b1ba3223c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/

Response headers

cache-control
private
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
249
date
Mon, 28 Oct 2024 23:59:12 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
syndicatedsearch.goog/afs/ Frame BB1F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://syndicatedsearch.goog/afs/ads?adtest=off&psid=3113057640&pcsa=false&channel=pid-bodis-gcontrol97%2Cpid-bodis-gcontrol123%2Cpid-bodis-gcontrol495%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol186&client=dp-bodis30_3ph&r=m&hl=en&ivt=1&rpbu=http%3A%2F%2Fww7.macdonalds-survey.ca%2F%3Fcaf%3D1%26bpt%3D345%26usid%3D15%26utid%3D31004697577&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2532472597119778&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301542%2C17301266%2C72717107&format=r3&nocache=5441730159952003&num=0&output=afd_ads&domain_name=ww7.macdonalds-survey.ca&v=3&bsl=8&pac=0&u_his=1&u_tz=-420&dt=1730159952004&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1080&frm=0&uio=-&cont=rs&drt=0&jsid=caf&nfp=1&jsv=688160506&rurl=http%3A%2F%2Fww7.macdonalds-survey.ca%2F%3Fusid%3D15%26utid%3D31004697577
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&bodis=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-NEPYKmfFW6zhoOx5XipdXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
http://ww7.macdonalds-survey.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
2694
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-NEPYKmfFW6zhoOx5XipdXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
date
Mon, 28 Oct 2024 23:59:12 GMT
expires
Mon, 28 Oct 2024 23:59:12 GMT
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server
gws
x-xss-protection
0
enhance.js
parking3.parklogic.com/page/ Frame C14D 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://parking3.parklogic.com/page/enhance.js?pcId=7&&domain=macdonalds-survey.ca
Requested by
Host: ww7.macdonalds-survey.ca
URL: http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:3c02:1::2d4f:f4d1 Atlanta, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38 / PHP/5.5.38
Resource Hash
bdc616a66bd71e9a00d3495e4d84f8e7335172bf2978e1495aad330630cfacb5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/

Response headers

transfer-encoding
chunked
date
Mon, 28 Oct 2024 23:59:12 GMT
content-type
text/javascript;charset=UTF-8
x-powered-by
PHP/5.5.38
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
connection
close
_tr
ww7.macdonalds-survey.ca/ 		2 B
281 B 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww7.macdonalds-survey.ca/_tr
Requested by
Host: ww7.macdonalds-survey.ca
URL: http://ww7.macdonalds-survey.ca/bWWlsEnNm.js
Protocol
HTTP/1.1
Server
199.59.243.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
http://ww7.macdonalds-survey.ca/?usid=15&utid=31004697577
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-request-id
c9cd539d-d166-4910-835d-49f73df454b1
content-length
2
date
Mon, 28 Oct 2024 23:59:11 GMT
content-type
application/json; charset=utf-8
scribe.php
parking3.parklogic.com/page/ Frame C14D 		47 B
320 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://parking3.parklogic.com/page/scribe.php?pcId=7&domain=macdonalds-survey.ca&pId=233&usid=15&utid=31004697577&query=null&domainJs=ww7.macdonalds-survey.ca&path=/&ss=true&lp=1
Requested by
Host: parking3.parklogic.com
URL: https://parking3.parklogic.com/page/enhance.js?pcId=7&&domain=macdonalds-survey.ca
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:3c02:1::2d4f:f4d1 Atlanta, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38 / PHP/5.5.38
Resource Hash
446e794acd6f4d0962f7eaf5e3c0140b19e07476ea09212feb3cb096959317a9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/

Response headers

transfer-encoding
chunked
access-control-allow-origin
*
date
Mon, 28 Oct 2024 23:59:12 GMT
content-type
text/html;charset=UTF-8
x-powered-by
PHP/5.5.38
server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.5.38
connection
close
qk8xlw7c.js
cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/ Frame C14D 		50 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Requested by
Host: parking3.parklogic.com
URL: https://parking3.parklogic.com/page/enhance.js?pcId=7&&domain=macdonalds-survey.ca
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:3a00:12:baaf:c600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
05913e821c60a0763bf94e190cd2b0d91a54d8e0c8e0ae5ea3029917dc45841a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/

Response headers

x-amz-cf-pop
JFK50-P5
content-encoding
gzip
etag
W/"47fafc5cddabbe833d966acd50bf7b63"
age
62876
via
1.1 9750f5ee94b45ad0faba87b3fac2aad6.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
7GZP_3mNrDR0N03b2mm0fHgKzvdC0q7YfFAtP8p5WvqIKAr21Sh2QA==
date
Mon, 28 Oct 2024 06:31:17 GMT
content-type
application/javascript
vary
Accept-Encoding
server
AmazonS3
last-modified
Wed, 23 Oct 2024 07:08:29 GMT
x-amz-server-side-encryption
AES256
d
de.vour.io/ Frame C14D 		20 B
720 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://de.vour.io/d
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29b2a800462485b3c62f137e6ceed721db460f6275c08211f0ed7fb3c72757f9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
http://ww7.macdonalds-survey.ca/

Response headers

access-control-max-age
86400
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=efjH1kBxUVufAOzYmuh6ZlNGDG2NzrOtO8P0blywSV03UpnIip9rzAgxAOtM2dn8xxDvkN3iJSsLvBCf7i%2BBLum1UI21Cxamarp%2BNzgcnG6Btmw4Bvm6X2qSGxmN"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22601&sent=13&recv=12&lost=0&retrans=0&sent_bytes=4170&recv_bytes=5756&delivery_rate=577&cwnd=12000&unsent_bytes=0&cid=216e67d0ce388577&ts=109&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:12 GMT
content-type
text/plain
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
authorization
x-ip-country
CA
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d9ee0d8094ca21a-YYZ
access-control-allow-origin
http://ww7.macdonalds-survey.ca
content-length
20
server
cloudflare
ip
ipua.io/ Frame C14D 		75 B
807 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ipua.io/ip
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.134.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
872174fd25878761432e6e37ca50c76e78b4834ccf541a513e848a4ee24688e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
http://ww7.macdonalds-survey.ca/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
access-control-allow-credentials
true
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cIPXAUjCrbk8G5iffe00eUqGHciif59N5JiGXtAnqV7ZnGwTG9VfMCDJHxZuTcxXU6uFoeXkW5vUTJAwQRZ5UjMHJxKAuHf7mX8nmeWtHevGW7CwDcNDynC9"}],"group":"cf-nel","max_age":604800}
cf-ray
8d9ee0d8ff675413-YYZ
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
http://ww7.macdonalds-survey.ca
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22645&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4130&recv_bytes=5667&delivery_rate=587&cwnd=12000&unsent_bytes=0&cid=de816d7ffc62c71d&ts=109&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:12 GMT
content-type
application/json
vary
Origin
server
cloudflare
priority
u=1,i
ua
ipua.io/ Frame C14D 		179 B
768 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ipua.io/ua
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.134.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61a0415435fcf0d4631f61f6e34bd36c5549d878e4a590f5710d15e92b6302d5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
http://ww7.macdonalds-survey.ca/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTWOBIkbgrg7lZDaOqIIa3xCOlnVK2AhjC6FYo8Tbgaf6%2BynOBQQmS%2F2sPGkiNpI3ZJGNC4HGXyREpMFQb56XymvJF5ustHxiLWkPWIcsGOqFOEVWJdFzKr6"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d9ee0d998135413-YYZ
access-control-allow-origin
http://ww7.macdonalds-survey.ca
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=23047&sent=14&recv=12&lost=0&retrans=0&sent_bytes=4984&recv_bytes=6021&delivery_rate=32098&cwnd=12000&unsent_bytes=0&cid=de816d7ffc62c71d&ts=202&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:12 GMT
content-type
application/json
vary
Origin
server
cloudflare
priority
u=1,i
a
de.vour.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://de.vour.io/a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
POST
Origin
http://ww7.macdonalds-survey.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization
access-control-allow-origin
http://ww7.macdonalds-survey.ca
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8d9ee0da2b69a21a-YYZ
content-length
0
content-type
text/plain
date
Mon, 28 Oct 2024 23:59:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mW%2BMCVr9DEu7wv7gnv%2FDjw0ZT6ot6wKbP4bKIgqW7Ju7%2F0i86fjSTs%2Fj3sR9BVkVusk%2Bi2JAVeIMDeNrn69njId8%2Fqd%2Fcnm7dslqh5Z8cI4bg8dPrRM9nHemzKSe"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=22683&sent=15&recv=14&lost=0&retrans=0&sent_bytes=4937&recv_bytes=6131&delivery_rate=15395&cwnd=12000&unsent_bytes=0&cid=216e67d0ce388577&ts=449&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-ip-country
CA
a
de.vour.io/ Frame C14D 		111 B
811 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://de.vour.io/a
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40e2ddbe1236e4836c3a71b468bc09bb3cf921d7fad8e42a012fd1e618e996ed

Request headers

Authorization
Basic YjYzZTUzYWQtOTg0Zi00ZGJkLWIyZDctOWM2NGY0YzA0ZDc3OkllanFZMHh4c3NrZzRMS0wxTXpaYUt5N1BreGlWbHNx
Referer
http://ww7.macdonalds-survey.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-max-age
86400
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kj6r3klNdJjej76cwcqrNhRe%2B9D%2FSpEw5JW43PWVnt1xTIBsQjYXqQmlM0FnZe%2B7AGT1pm4u5rlvoPWqtGkQmvT8bFZkNvvwh9NndXMweAT5jb280F9%2BTfpTWg2i"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=25982&sent=10&recv=9&lost=0&retrans=0&sent_bytes=2185&recv_bytes=4281&delivery_rate=587&cwnd=12000&unsent_bytes=0&cid=2365b77de7b04f16&ts=106&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:13 GMT
content-type
text/plain
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
authorization
x-ip-country
CA
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d9ee0dafc3dac34-YYZ
access-control-allow-origin
http://ww7.macdonalds-survey.ca
server
cloudflare
token
algenid.com/ Frame C14D 		192 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://algenid.com/token
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.135.143 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b88b449bddd4d6b61d8136ef861e2f996749fec09a0202e77457603f56105387

Request headers

Authorization
Bearer 7aH224IcUi-W8ipHf0JsxQItfH1n-aVSjVDB4eZYYNCjqU8xHD10xYyekrhJ6C5M_1Sft-QP6ODxCjrUUo6WeTOkAzX7gSSprdTa1UXrjI5eKGU
Referer
http://ww7.macdonalds-survey.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-max-age
86400
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vjLPpQdzeKdDO01mFcMoK0HdPq%2F0tVWSRid9kX1lu64PWxAvE2wt9YuNYKtjkTTNbQM2TZ5gs3z39ILOZe1S7YOFInvrDSOJi2%2Ftn4kof%2BLPupEYej3lADQzM4aZqA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=22791&sent=10&recv=8&lost=0&retrans=0&sent_bytes=2185&recv_bytes=4254&delivery_rate=25752&cwnd=12000&unsent_bytes=0&cid=795bc19343d284d7&ts=89&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:13 GMT
content-type
application/json
priority
u=1,i
access-control-allow-headers
authorization
x-ip-country
CA
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d9ee0dc9ea13a0b-YYZ
access-control-allow-origin
http://ww7.macdonalds-survey.ca
server
cloudflare
token
algenid.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://algenid.com/token
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.135.143 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
POST
Origin
http://ww7.macdonalds-survey.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization
access-control-allow-origin
http://ww7.macdonalds-survey.ca
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8d9ee0dbec83ab06-YYZ
content-length
0
content-type
text/plain
date
Mon, 28 Oct 2024 23:59:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zzTOTZWw50BXdWAmWYoQKfQxMag%2BTedmkE%2BqgaMLxYrv4se8ne9KUbISsueQGV8JofC5elq3%2BJTQPR1KAYJc94%2BH5HSjegKBDd%2FgAghHIjWCL%2FtNS7qPer%2F4faDb%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=22629&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4154&recv_bytes=5639&delivery_rate=25600&cwnd=12000&unsent_bytes=0&cid=dd0314f5c01b542b&ts=95&x=1" cfExtPri cfHdrFlush;dur=0
x-ip-country
CA
a
de.vour.io/ Frame C14D 		478 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://de.vour.io/a
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca701f508355067dde5a01b4eb255a200d54e4bad5c48b5fa96bb54ef0f2be78

Request headers

Authorization
Bearer 7htJW9rVcNBc0ODb0AudA3jBLPF7PWwSCMoT8tORY3JKICIDzauQ2wKJ0cKORxLznSrejPQFGmY9r1iSstep2wHsic4AfW_IijY99fuApi-yERLOF_qJvTiQ4qMaFaVADXQVDhM
Referer
http://ww7.macdonalds-survey.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-max-age
86400
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=70CJvGFRYKaNXo02fNYsg84RZFY9SGl43YSTedweDYk4y%2Fx1Ov5DjA97Hlnd%2BGslhKNuPeKIt3dnWJPswLm0fY4wCm0Y8T%2FZWawlARH%2BFIadgA9hDaxkdsPo1NGg"}],"group":"cf-nel","max_age":604800}
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=25587&sent=13&recv=11&lost=0&retrans=0&sent_bytes=3067&recv_bytes=4754&delivery_rate=37582&cwnd=12000&unsent_bytes=0&cid=2365b77de7b04f16&ts=470&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:13 GMT
content-type
text/plain
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
authorization
x-ip-country
CA
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d9ee0dd2e85ac34-YYZ
access-control-allow-origin
http://ww7.macdonalds-survey.ca
server
cloudflare
v
de.vour.io/ Frame C14D 		4 B
634 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://de.vour.io/v?jwt=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiIwYmU0ZjU4Yy1hZjI2LTQ1NzQtYmI4Yi04Y2NhOGE3NDIzMzUiLCJpYXQiOjE3MzAxNTk5NTMsInR5cCI6InIifQ.kkkbFjXfkX1Jy1YbA2uNRHtCNkFHBsvf9hel5H2diZB6r41N09ClFX6FyCx3BbL3UWWzWYaF8rDedcolwfJJAgOYv8Dzae-n0X7habb6ctay_-pdezCe8C81rzBS4c5OHM2nDUVEl6UgNJAi7wkk3wntbOtiuiY4awIfHg0OzDdNJaivj_hLmlGoJ-JhuDMvGc5vKPQ7cepxNgCkEN9UlJmFV7pdvET_WVAk7zVOdnTLKO45FrDY883eKSzmexTmjhEmB9pz9G1_-0TZ1dmuwgY2cGWxGjWWn7SbC6TSPOtDiu15frUUjQYVVqsAfINEMdpr8B3JhkVLuja27gJEMg
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
http://ww7.macdonalds-survey.ca/

Response headers

x-ip-country
CA
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W5Zo%2FYgQC3d0AWi9zSMHHz0JBuJL6fVyx5C8CNIVQ4RkWjSxZTOegR6aPN8qE4JDr6S4%2FeNSOx9MK2ZYozJY6xTdKsouPGVOKLeGnOPDp%2BqqFUVvsVjynW1v9TcT"}],"group":"cf-nel","max_age":604800}
cf-ray
8d9ee0ddeefaa21a-YYZ
access-control-allow-origin
http://ww7.macdonalds-survey.ca
alt-svc
h3=":443"; ma=86400
content-length
4
server-timing
cfL4;desc="?proto=QUIC&rtt=22682&sent=17&recv=16&lost=0&retrans=0&sent_bytes=5650&recv_bytes=6877&delivery_rate=5634&cwnd=12000&unsent_bytes=0&cid=216e67d0ce388577&ts=1045&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:13 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
i
de.vour.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://de.vour.io/i
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
POST
Origin
http://ww7.macdonalds-survey.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization
access-control-allow-origin
http://ww7.macdonalds-survey.ca
access-control-expose-headers
x-ip-country
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8d9ee0de8fa0a21a-YYZ
content-length
0
content-type
text/plain
date
Mon, 28 Oct 2024 23:59:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=1,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1hi7u2lFaMCdzHbdxJS0E8MJYx6EfYwpukmUTG2en3UMuXeM2E3wlag8kSknRYfKtPkzoAl5aj5a%2BFmoKOeNC5M0odN96JfbJ%2B%2FyE0hhHpffasIabn%2BMvtF0PB8"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=22695&sent=19&recv=17&lost=0&retrans=0&sent_bytes=6331&recv_bytes=7215&delivery_rate=6526&cwnd=12000&unsent_bytes=0&cid=216e67d0ce388577&ts=1154&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-ip-country
CA
i
de.vour.io/ Frame C14D 		16 B
693 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://de.vour.io/i
Requested by
Host: cdn.jscaddy.com
URL: https://cdn.jscaddy.com/js/v1/IejqY0xxsskg4LKL1MzZaKy7PkxiVlsq/qk8xlw7c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.153.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Authorization
Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiIwYmU0ZjU4Yy1hZjI2LTQ1NzQtYmI4Yi04Y2NhOGE3NDIzMzUiLCJpYXQiOjE3MzAxNTk5NTMsInR5cCI6InIifQ.kkkbFjXfkX1Jy1YbA2uNRHtCNkFHBsvf9hel5H2diZB6r41N09ClFX6FyCx3BbL3UWWzWYaF8rDedcolwfJJAgOYv8Dzae-n0X7habb6ctay_-pdezCe8C81rzBS4c5OHM2nDUVEl6UgNJAi7wkk3wntbOtiuiY4awIfHg0OzDdNJaivj_hLmlGoJ-JhuDMvGc5vKPQ7cepxNgCkEN9UlJmFV7pdvET_WVAk7zVOdnTLKO45FrDY883eKSzmexTmjhEmB9pz9G1_-0TZ1dmuwgY2cGWxGjWWn7SbC6TSPOtDiu15frUUjQYVVqsAfINEMdpr8B3JhkVLuja27gJEMg
Referer
http://ww7.macdonalds-survey.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-max-age
86400
access-control-expose-headers
x-ip-country
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EiRpdgETIH8X0eBzInFG6ttc80XRYJhejb0HGV6Pdw06gGgo7PaHEWdj00TmiJRQmKtY8MGh5DQgVsB1XYWkUKd2ptw9N3Jcpe9ZqgSB60ZtLMkT%2FKffrhpgpBYX"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=25289&sent=16&recv=14&lost=0&retrans=0&sent_bytes=4690&recv_bytes=6619&delivery_rate=14434&cwnd=12000&unsent_bytes=0&cid=2365b77de7b04f16&ts=806&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 28 Oct 2024 23:59:13 GMT
content-type
application/json
vary
Accept-Encoding
priority
u=1,i
access-control-allow-headers
authorization
x-ip-country
CA
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8d9ee0df38fcac34-YYZ
access-control-allow-origin
http://ww7.macdonalds-survey.ca
content-length
16
server
cloudflare
gen_204
syndicatedsearch.goog/afs/ 		0
509 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=3k8t2d9uuu2q&aqid=UCUgZ-6LCdaw_b8P99Ds6AQ&psid=3113057640&pbt=bs&adbx=450&adby=191&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=688160506&csala=4%7C0%7C242%7C98%7C9&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-OQ39wI_51f7z_8bLWWunxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-OQ39wI_51f7z_8bLWWunxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 28 Oct 2024 23:59:13 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN
gen_204
syndicatedsearch.goog/afs/ 		0
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-bodis30_3ph&output=uds_ads_only&zx=q4um5yoykl50&aqid=UCUgZ-6LCdaw_b8P99Ds6AQ&psid=3113057640&pbt=bv&adbx=450&adby=191&adbh=480&adbw=700&adbah=153%2C153%2C153&adbn=master-1&eawp=partner-dp-bodis30_3ph&errv=688160506&csala=4%7C0%7C242%7C98%7C9&lle=0&ifv=1&hpt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-1cBZrYHQ_dsACeT1XnSSAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
http://ww7.macdonalds-survey.ca/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-1cBZrYHQ_dsACeT1XnSSAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
permissions-policy
unload=()
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Mon, 28 Oct 2024 23:59:14 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 string| park object| version object| __parkour number| googleNDT_ number| googleAltLoader object| google function| __sasCookie

5 Cookies

Domain/Path Name / Value
ww7.macdonalds-survey.ca/ Name: parking_session
Value: 9c6fdd5f-d066-4955-9ec1-c0ca0134ae70
.macdonalds-survey.ca/ Name: __gsas
Value: ID=dc6f5b1b190a3e83:T=1730159952:RT=1730159952:S=ALNI_MYfTQ4NRWMggpO4Rzvf8J7YkEny3A
ipua.io/ Name: JSESSIONID
Value: zfc1KNWTYWVXQ4Wm2uOhBoBsugDp69Un
.algenid.com/ Name: t1
Value: dbc68bbe7a3064519f6006787a533fef1fb9e9494cfe7fd995e08d6568043389d63b0382fc70d1f10cc3a1cc0ba8f8e3467ad0552ab264209d75e7e82993e5f4b668f82661faa6a1959573bff581b2
.vour.io/ Name: 624_jwt
Value: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiIwYmU0ZjU4Yy1hZjI2LTQ1NzQtYmI4Yi04Y2NhOGE3NDIzMzUiLCJpYXQiOjE3MzAxNTk5NTN9.jJ8o1bYbdlh3ryniDQow8QcI6vyE1jnoeqUQG-2KEkGctVEuTRi18R2d014PmcESETEqJhZFWDQKAEzWrSmGN80szBT1cHtVS8d8ilYYaONDY8BNU4bMfPUsbCod7GXfA2o8SqkcaRKLq9zbZdxN9dPLtoNvcRgFxwaFqnonnfPqs48l-3OSZDPs-k5WVFfp3jlaR2sILLO1FTtfaHzU6nUlKk54EoQdZyfQ5d5yvdKto5Y-CWPWs9y9t2vtrf3oo5T7z229Y1lSkWPIVXJEIG6Qhm4Kd7OW-U1XUJVyW7wo_Qm0SABfWqdtN0EKXjk_BSJFC6g_binUbmcP9_jIIg

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

algenid.com
cdn.jscaddy.com
de.vour.io
ipua.io
parking3.parklogic.com
partner.googleadservices.com
syndicatedsearch.goog
ww7.macdonalds-survey.ca
ww99.macdonalds-survey.ca
www.google.com
www.secure.macdonalds-survey.ca
142.250.80.100
142.251.40.162
172.233.219.123
172.67.134.204
172.67.135.143
172.67.153.236
199.59.243.227
2600:3c02:1::2d4f:f4d1
2600:9000:2510:3a00:12:baaf:c600:93a1
2607:f8b0:4006:80c::200e
72.52.178.23
05913e821c60a0763bf94e190cd2b0d91a54d8e0c8e0ae5ea3029917dc45841a
0db9127ceb15f2b76d64cf39e00819f1e982920728c9261ec778815b1ba3223c
0ea9ea9fc59f245c2c361b322e0b70cfbc3cfa4dd243dc0e28f7ff7c558eb2b3
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29b2a800462485b3c62f137e6ceed721db460f6275c08211f0ed7fb3c72757f9
332377d65b3a7fa7bd8af4e115edea560b06f90debe0d06c5d9c879c01260503
40e2ddbe1236e4836c3a71b468bc09bb3cf921d7fad8e42a012fd1e618e996ed
446e794acd6f4d0962f7eaf5e3c0140b19e07476ea09212feb3cb096959317a9
61a0415435fcf0d4631f61f6e34bd36c5549d878e4a590f5710d15e92b6302d5
65dca8d8046e269b69be8d21d4ddaa419eb2941aa5c68754cb237c8f3146503a
872174fd25878761432e6e37ca50c76e78b4834ccf541a513e848a4ee24688e7
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b88b449bddd4d6b61d8136ef861e2f996749fec09a0202e77457603f56105387
bdc616a66bd71e9a00d3495e4d84f8e7335172bf2978e1495aad330630cfacb5
c60e7b85546b1bc432d17921d7039713a7a7ba3c6c374952dcaff49859483dab
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca701f508355067dde5a01b4eb255a200d54e4bad5c48b5fa96bb54ef0f2be78
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855