urlscan.io logo urlscan.io
SecurityTrails logo

survey.weeklysauce.com Open in urlscan Pro
35.167.230.113  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://fortigate.wulaw.wustl.com/
Effective URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Submission: On November 23 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 2 countries across 13 domains to perform 40 HTTP transactions. The main IP is 35.167.230.113, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is survey.weeklysauce.com.
TLS certificate: Issued by R11 on October 14th 2024. Valid for: 3 months.
This is the only time survey.weeklysauce.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 104.247.82.51 206834 (TEAMINTER...)
1 2600:9000:220... 16509 (AMAZON-02)
1 2 23.22.224.216 14618 (AMAZON-AES)
2 138.197.194.223 14061 (DIGITALOC...)
4 35.167.230.113 16509 (AMAZON-02)
3 52.8.0.233 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f35... 32934 (FACEBOOK)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f35... 32934 (FACEBOOK)
2 13.57.71.131 16509 (AMAZON-02)
4 2600:141b:1c0... 20940 (AKAMAI-AS...)
2 3.5.160.162 16509 (AMAZON-02)
4 34.117.228.201 396982 (GOOGLE-CL...)
2 52.9.70.136 16509 (AMAZON-02)
40 17
4    104.247.82.51 (Canada)

ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE)
fortigate.wulaw.wustl.com
1    2600:9000:2209:cc00:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
2    23.22.224.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-22-224-216.compute-1.amazonaws.com
ernus-dop.com
2    138.197.194.223 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: random.onlineultra.com
onlineultra.com
go.onlineultra.com
4    35.167.230.113 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-167-230-113.us-west-2.compute.amazonaws.com
survey.weeklysauce.com
3    52.8.0.233 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-8-0-233.us-west-1.compute.amazonaws.com
embed.trckfz.com
embed.fuze360.com
1    2607:f8b0:4006:808::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2607:f8b0:4006:809::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a03:2880:f35a:80:face:b00c:0:3 (United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    2607:f8b0:4006:820::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a03:2880:f35a:1:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    13.57.71.131 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-57-71-131.us-west-1.compute.amazonaws.com
assets.fuze360.com
4    2600:141b:1c00:f::172c:c9da (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
cdn.doubleverify.com
2    3.5.160.162 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-1-r-w.amazonaws.com
fuze360-images.s3-us-west-1.amazonaws.com
4    34.117.228.201 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 201.228.117.34.bc.googleusercontent.com
tps.doubleverify.com
tpsc-ue1.doubleverify.com
2    52.9.70.136 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-9-70-136.us-west-1.compute.amazonaws.com
tracking.fuze360.com
Domain Requested by
4 cdn.doubleverify.com survey.weeklysauce.com
fortigate.wulaw.wustl.com
4 survey.weeklysauce.com survey.weeklysauce.com
4 fortigate.wulaw.wustl.com d38psrni17bvxu.cloudfront.net
fortigate.wulaw.wustl.com
3 fonts.gstatic.com fonts.googleapis.com
2 tpsc-ue1.doubleverify.com cdn.doubleverify.com
2 tracking.fuze360.com survey.weeklysauce.com
2 tps.doubleverify.com cdn.doubleverify.com
2 fuze360-images.s3-us-west-1.amazonaws.com survey.weeklysauce.com
2 assets.fuze360.com embed.trckfz.com
2 www.facebook.com
2 connect.facebook.net survey.weeklysauce.com
connect.facebook.net
2 embed.fuze360.com embed.trckfz.com
2 fonts.googleapis.com ajax.googleapis.com
embed.trckfz.com
2 ernus-dop.com 1 redirects fortigate.wulaw.wustl.com
1 ajax.googleapis.com survey.weeklysauce.com
1 embed.trckfz.com survey.weeklysauce.com
1 go.onlineultra.com onlineultra.com
1 onlineultra.com ernus-dop.com
1 d38psrni17bvxu.cloudfront.net fortigate.wulaw.wustl.com
40 19

This site contains no links.

Subject Issuer Validity Valid
fortigate.wulaw.wustl.com
R11		 2024-11-11 -
2025-02-09		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
ernus-dop.com
Amazon RSA 2048 M02		 2024-11-22 -
2025-12-22		 a year crt.sh
onlineultra.com
R11		 2024-11-14 -
2025-02-12		 3 months crt.sh
survey.blogandsoda.com
R11		 2024-10-14 -
2025-01-12		 3 months crt.sh
*.fuze360.com
Amazon RSA 2048 M02		 2024-06-23 -
2025-07-23		 a year crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-09-01 -
2024-11-30		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
fuze360.com
R11		 2024-10-18 -
2025-01-16		 3 months crt.sh
*.doubleverify.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-03-11 -
2025-03-14		 a year crt.sh
*.s3-us-west-1.amazonaws.com
Amazon RSA 2048 M01		 2024-10-10 -
2025-09-28		 a year crt.sh
*.tps.doubleverify.com
Go Daddy Secure Certificate Authority - G2		 2024-07-30 -
2025-08-31		 a year crt.sh

This page contains 6 frames:

Primary Page: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Frame ID: 501587662992A5370586C8384D802BAD
Requests: 23 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Open+Sans:400,600
Frame ID: A214DFADEA5A2CBFE2BD95653F1AC23A
Requests: 6 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dvtp_src.js
Frame ID: 5149B0416FCD4B04A6ECFF32ABCE7F1F
Requests: 2 HTTP requests in this frame

Frame: https://fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/0c5d4826136239bc38280d7802cefefb.jpg
Frame ID: 4371DC8F6A27368E8CDF47C92F3D8AF7
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements6976.js
Frame ID: C64BAAB122B32EFEEE8D02CD885B3ED7
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements6976.js
Frame ID: 2D870FBFF9F97BABAC621DD509B52F64
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign up now for access to your exclusive offers!

Page URL History Show full URLs

  1. https://fortigate.wulaw.wustl.com/ Page URL
  2. https://ernus-dop.com/zclkvisitor/a4663a11-a99c-11ef-9d27-0affdde0eee7/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. https://ernus-dop.com/zclkredirect?visitid=a4663a11-a99c-11ef-9d27-0affdde0eee7&type=js&browserWid... HTTP 302
    https://onlineultra.com/advalue Page URL
  4. https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA... Page URL
  5. https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&cli... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont

Page Statistics

40
Requests

98 %
HTTPS

44 %
IPv6

13
Domains

19
Subdomains

17
IPs

2
Countries

1267 kB
Transfer

2487 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fortigate.wulaw.wustl.com/ Page URL
  2. https://ernus-dop.com/zclkvisitor/a4663a11-a99c-11ef-9d27-0affdde0eee7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d Page URL
  3. https://ernus-dop.com/zclkredirect?visitid=a4663a11-a99c-11ef-9d27-0affdde0eee7&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    https://onlineultra.com/advalue Page URL
  4. https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ= Page URL
  5. https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://ernus-dop.com/zclkredirect?visitid=a4663a11-a99c-11ef-9d27-0affdde0eee7&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
  • https://onlineultra.com/advalue
Request Chain 8
  • https://go.onlineultra.com/favicon.ico HTTP 0
  • http://onlineultra.com/

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
fortigate.wulaw.wustl.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fortigate.wulaw.wustl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.82.51 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":8443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 23 Nov 2024 13:12:51 GMT
server
Caddy nginx
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_GMZHSZqS6nr/iDfrFep34sjpb4GO2HwZSckmIQ92yR6hkKvy6Dhl6OADn6U0krPi0y5ZiQRUYZRdWbczjS75zQ==
x-buckets
bucket011,bucket088,bucket089,bucket077
x-domain
wustl.com
x-language
english
x-pcrew-blocked-reason
x-pcrew-ip-organization
Verizon Internet Services
x-redirect
zeropark_zeroclick
x-subdomain
fortigate.wulaw
x-template
tpl_CleanPeppermintBlack_twoclick
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: fortigate.wulaw.wustl.com
URL: https://fortigate.wulaw.wustl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:cc00:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://fortigate.wulaw.wustl.com/

Response headers

etag
"65fc1e7b-448"
age
68557
via
1.1 52b969a4ab7956a248b07efba57c92a4.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
1096
x-amz-cf-id
RLhytTy_cBbVRfJAfJGuuF5fo741OvtbMO5vNlbboV3oS9TLLDwlgw==
date
Fri, 22 Nov 2024 18:10:14 GMT
content-type
application/javascript
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
EWR53-P1
track.php
fortigate.wulaw.wustl.com/ 		0
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fortigate.wulaw.wustl.com/track.php?domain=wustl.com&toggle=browserjs&uid=MTczMjM2NzU3MC45NTQ1OjJjYzUxOTQ1MDhjOGY4YTZmOGZmODI1NWJmOWM5MmY3YjI4ODY1ODcxYmI1N2RjNzYzMTJmZDQ2Njk3ZjZhZDk6Njc0MWQ0ZDJlOTA3NA%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.82.51 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://fortigate.wulaw.wustl.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
rtt
150
downlink
10

Response headers

content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
browserjs
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
date
Sat, 23 Nov 2024 13:12:51 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
ls.php
fortigate.wulaw.wustl.com/ 		16 B
368 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fortigate.wulaw.wustl.com/ls.php?t=6741d4d3&token=ff7a716e9149f32c32982dca611aca27651d179e
Requested by
Host: fortigate.wulaw.wustl.com
URL: https://fortigate.wulaw.wustl.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.82.51 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://fortigate.wulaw.wustl.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
rtt
150
downlink
10

Response headers

access-control-max-age
86400
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
access-control-allow-methods
POST, OPTIONS
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_dbf60nM2RP/owBd+Tk8ifczJaoEec9o9+7oN0UFk12DIxZzHs2OcJDCX3xhlzDltJMaOXb5Tspg3/c0//FX8Zg==
accept-ch-lifetime
30
x-log-success
6741d4d39ed30c68900cbd64
access-control-allow-origin
alt-svc
h3=":8443"; ma=2592000
date
Sat, 23 Nov 2024 13:12:51 GMT
charset
utf-8
content-type
text/javascript;charset=UTF-8
server
Caddy, nginx
track.php
fortigate.wulaw.wustl.com/ 		0
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fortigate.wulaw.wustl.com/track.php?click=9714f0dd2013f462f36dbfd5dd5b61a92ece9197&domain=wustl.com&uid=MTczMjM2NzU3MC45NTQ1OjJjYzUxOTQ1MDhjOGY4YTZmOGZmODI1NWJmOWM5MmY3YjI4ODY1ODcxYmI1N2RjNzYzMTJmZDQ2Njk3ZjZhZDk6Njc0MWQ0ZDJlOTA3NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDg4LGJ1Y2tldDA4OSxidWNrZXQwNzd8fHx8fHw2NzQxZDRkMmU5MDIzfHx8MTczMjM2NzU3MS4xMzc3fDU5NmJlY2VlYzRkOTE2Y2QxMzhiYzI1ODNmMDgyNDRlYWNkNzQ4NDh8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmZjdhNzE2ZTkxNDlmMzJjMzI5ODJkY2E2MTFhY2EyNzY1MWQxNzllfDB8fDB8MHx8fHw%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.82.51 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://fortigate.wulaw.wustl.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
rtt
150
downlink
10

Response headers

x-view-match
true
content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
none
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
date
Sat, 23 Nov 2024 13:12:51 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
ernus-dop.com/zclkvisitor/a4663a11-a99c-11ef-9d27-0affdde0eee7/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ernus-dop.com/zclkvisitor/a4663a11-a99c-11ef-9d27-0affdde0eee7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d
Requested by
Host: fortigate.wulaw.wustl.com
URL: https://fortigate.wulaw.wustl.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.22.224.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-224-216.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://fortigate.wulaw.wustl.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Sat, 23 Nov 2024 13:12:51 GMT
advalue
onlineultra.com/
Redirect Chain
  • https://ernus-dop.com/zclkredirect?visitid=a4663a11-a99c-11ef-9d27-0affdde0eee7&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • https://onlineultra.com/advalue
522 B
761 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onlineultra.com/advalue
Requested by
Host: ernus-dop.com
URL: https://ernus-dop.com/zclkvisitor/a4663a11-a99c-11ef-9d27-0affdde0eee7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
138.197.194.223 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
random.onlineultra.com
Software
openresty/1.11.2.1 /
Resource Hash

Request headers

Referer
https://ernus-dop.com/zclkvisitor/a4663a11-a99c-11ef-9d27-0affdde0eee7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0
Connection
keep-alive
Content-Type
text/html
Date
Sat, 23 Nov 2024 13:12:53 GMT
Expires
Sat, 23 Nov 2024 13:12:53 GMT
Server
openresty/1.11.2.1
Transfer-Encoding
chunked

Redirect headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
date
Sat, 23 Nov 2024 13:12:52 GMT
location
https://onlineultra.com/advalue
/
go.onlineultra.com/ 		219 B
457 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ=
Requested by
Host: onlineultra.com
URL: https://onlineultra.com/advalue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
138.197.194.223 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
random.onlineultra.com
Software
openresty/1.11.2.1 /
Resource Hash

Request headers

Referer
https://onlineultra.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0
Connection
keep-alive
Content-Type
text/html
Date
Sat, 23 Nov 2024 13:12:53 GMT
Expires
Sat, 23 Nov 2024 13:12:53 GMT
Server
openresty/1.11.2.1
Transfer-Encoding
chunked
Primary Request coupon.php
survey.weeklysauce.com/fightmucus2/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
2d8a4a99df46eaf3d74b0f2d15aeecaa3157a90ed30a83e1ecac8e522f9784b5

Request headers

Referer
https://go.onlineultra.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 23 Nov 2024 13:12:54 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
/
onlineultra.com/
Redirect Chain
  • https://go.onlineultra.com/favicon.ico
  • http://onlineultra.com/
0
0
flow.css
survey.weeklysauce.com/fightmucus2/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://survey.weeklysauce.com/fightmucus2/flow.css
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
ccac8f52e5f20c2b54d93bda4b02ee1b673a701226efdb3af9e23862962293f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

content-encoding
gzip
date
Sat, 23 Nov 2024 13:12:54 GMT
etag
W/"5f63f2c8-ff3"
content-type
text/css
last-modified
Thu, 17 Sep 2020 23:35:36 GMT
server
nginx
vary
Accept-Encoding
7924324710f14d0f6c59f3e0a5067930.js
embed.trckfz.com/ 		75 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.8.0.233 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-8-0-233.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
10c3449089e27b52f0d9c8e60db5528476c933bf6722d5b4c0ea3872f82a261a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

x-debug
Fuze360 loader
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
*
content-length
77130
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 23 Nov 2024 13:12:54 GMT
content-type
application/javascript; charset=UTF-8
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
access-control-allow-headers
Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Accept, X-Requested-With, Content-Type, X-Referrer
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
age
82586
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Sat, 22 Nov 2025 14:16:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 14:16:29 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
5437
x-xss-protection
0
server
sffe
being-sick-2.jpg
survey.weeklysauce.com/fightmucus2/ 		503 KB
504 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.weeklysauce.com/fightmucus2/being-sick-2.jpg
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/flow.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
9f41fd7dc081eff2c34a7ed38332f99c8acfa2818fac3e8a5db56add443e3eb6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/flow.css

Response headers

accept-ranges
bytes
content-length
515264
date
Sat, 23 Nov 2024 13:12:54 GMT
etag
"5f63e342-7dcc0"
content-type
image/jpeg
last-modified
Thu, 17 Sep 2020 22:29:22 GMT
server
nginx
css
fonts.googleapis.com/ 		13 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Slab:300,700,100%7COpen+Sans&subset=latin
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
afd4ba1a0ba39fc437c6c7f8de34b06573bd0dd70c55ba2a443155fbb538f164
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 23 Nov 2024 13:12:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 23 Nov 2024 13:12:55 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 23 Nov 2024 13:12:55 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
/
embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/ 		201 KB
52 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/?uID=337811677125
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.8.0.233 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-8-0-233.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
1a0ef7651dc34f01921c63ee2f03970212d190f2ff26dad403372e7a3a560896

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
X-Referrer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Referer
https://survey.weeklysauce.com/

Response headers

x-debug
Fuze360 core
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
https://survey.weeklysauce.com
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 23 Nov 2024 13:12:55 GMT
content-type
text/html; charset=UTF-8
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
access-control-allow-headers
Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Accept, X-Requested-With, Content-Type, X-Referrer
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f35a:80:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-BgQY11Av' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 23 Nov 2024 13:12:55 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-BgQY11Av' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=30, rtx=0, c=23, mss=1232, tbw=5695, tp=10, tpl=0, uplat=4, ullat=-1
pragma
public
x-fb-debug
U8K6MQe4A3wDETWex86TeaQDCXe7GVtmtrSzSKjvgeIvRQJ6rKhcKz0LDTaHaPhhttoQ17sDRxs6PhdoGkepuQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62107
x-xss-protection
0
origin-agent-cluster
?1
/
embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/?uID=337811677125
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.8.0.233 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-8-0-233.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-referrer
Access-Control-Request-Method
GET
Origin
https://survey.weeklysauce.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Accept, X-Requested-With, Content-Type, X-Referrer
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://survey.weeklysauce.com
content-length
0
content-type
text/html
date
Sat, 23 Nov 2024 13:12:55 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Fuze360
BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v34/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Slab:300,700,100%7COpen+Sans&subset=latin
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://survey.weeklysauce.com
Referer
https://fonts.googleapis.com/

Response headers

age
111024
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 22 Nov 2025 06:22:31 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 06:22:31 GMT
last-modified
Tue, 24 Oct 2023 01:54:50 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
34328
x-xss-protection
0
server
sffe
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Slab:300,700,100%7COpen+Sans&subset=latin
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://survey.weeklysauce.com
Referer
https://fonts.googleapis.com/

Response headers

age
120197
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 22 Nov 2025 03:49:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 03:49:38 GMT
last-modified
Thu, 14 Dec 2023 02:00:39 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18668
x-xss-protection
0
server
sffe
826656024206035
connect.facebook.net/signals/config/ 		76 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/826656024206035?v=2.9.176&r=stable&domain=survey.weeklysauce.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f35a:80:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
173dc989d761f18d36b27732429622815855758a0316a8a2ef8324f5da667165
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-cA3LmjtN' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 23 Nov 2024 13:12:55 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-cA3LmjtN' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=70, mss=1232, tbw=71519, tp=66, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
H2NhyQi8qsJoLq5IU1L79quUTG5+qgBPLo9jH8AGIpxX1H+agCy6AiPeJTTBxokVMYEIuO/htM4qn1OqHv/FyA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
15072
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?batch=1&events[0]=id%3D826656024206035%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fsurvey.weeklysauce.com%252Ffightmucus2%252Fcoupon.php%253Fdirect%253Dtrue%2526uuid%253D7924324710f14d0f6c59f3e0a5067930%2526clickid%253Dclickid%26rl%3Dhttps%253A%252F%252Fgo.onlineultra.com%252F%26if%3Dfalse%26ts%3D1732367575785%26sw%3D1600%26sh%3D1200%26v%3D2.9.176%26r%3Dstable%26ec%3D0%26o%3D4126%26fbp%3Dfb.1.1732367575762.298307315183605557%26cs_est%3Dtrue%26ler%3Dother%26cdl%3DAPI_unavailable%26it%3D1732367575605%26coo%3Dfalse%26exp%3Df1&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f35a:1:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=23, mss=1232, tbw=5740, tp=11, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sat, 23 Nov 2024 13:12:56 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=826656024206035&ev=PageView&dl=https%3A%2F%2Fsurvey.weeklysauce.com%2Ffightmucus2%2Fcoupon.php%3Fdirect%3Dtrue%26uuid%3D7924324710f14d0f6c59f3e0a5067930%26clickid%3Dclickid&rl=https%3A%2F%2Fgo.onlineultra.com%2F&if=false&ts=1732367575785&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732367575762.298307315183605557&cs_est=true&ler=other&cdl=API_unavailable&it=1732367575605&coo=false&exp=f1&rqm=FGET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f35a:1:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7440462085634789252"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sat, 23 Nov 2024 13:12:56 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
xpyYLA2/hS4HNKv/+PJ6gfgaDSqq9+A9QLgNZQZqxN3u4muV55dfuyHp1oi37v3rfeQ51SyH0LDBbAcX+AWeww==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7440462085634789252", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=23, mss=1232, tbw=6108, tp=14, tpl=0, uplat=120, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
favicon.ico
survey.weeklysauce.com/ 		8 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://survey.weeklysauce.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
9e40aeb4087244c775f225c3d18c42ad88c76bdcd51f972e8735e40103ffe967

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

content-encoding
gzip
date
Sat, 23 Nov 2024 13:12:56 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
css
fonts.googleapis.com/ Frame A214 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0480d6908cfda1b5d4f2101437f703583efdb9539bfc49ec41bcb4a3697df8c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sat, 23 Nov 2024 13:12:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 23 Nov 2024 13:12:56 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sat, 23 Nov 2024 12:06:04 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
fuze360.min.js
assets.fuze360.com/ Frame A214 		76 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fuze360.com/fuze360.min.js
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.57.71.131 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-57-71-131.us-west-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
86752b95eac03cb7788e6433d555a159624ee764d6b2b9b2892e57925ffd8c0f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

Content-Length
78106
Date
Sat, 23 Nov 2024 13:12:56 GMT
ETag
"9805c3c0c7b7f26adf493caf0b3fe92f"
Content-Type
text/javascript
Last-Modified
Mon, 03 Jun 2019 14:50:09 GMT
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
jwplayer.js
assets.fuze360.com/ Frame A214 		236 KB
236 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fuze360.com/jwplayer.js
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.57.71.131 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-57-71-131.us-west-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
a66e051f86ed3023bb982f1dbbcbae4ca3e030d3bfdc4004496b92d62de7690c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

Content-Length
241663
Date
Sat, 23 Nov 2024 13:12:56 GMT
ETag
"aef28403bfddf9827104c8a4c4b81434"
Content-Type
text/javascript
Last-Modified
Mon, 03 Jun 2019 14:50:09 GMT
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ Frame A214 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://survey.weeklysauce.com
Referer
https://fonts.googleapis.com/

Response headers

age
82587
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 22 Nov 2025 14:16:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 22 Nov 2024 14:16:29 GMT
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48236
x-xss-protection
0
server
sffe
dvtp_src.js
cdn.doubleverify.com/ Frame 5149 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:f::172c:c9da Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
669da0f21ec4f2c447f313265aee273fbc0c5577434a32f318232beba86e7a29

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=900
Content-Encoding
br
ETag
"c2ae6b434914dc3d71a5bbf688e700a3"
Connection
keep-alive
Expires
Sat, 23 Nov 2024 13:27:57 GMT
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
3225
Date
Sat, 23 Nov 2024 13:12:57 GMT
Last-Modified
Wed, 20 Nov 2024 15:13:46 GMT
Content-Type
text/javascript
0c5d4826136239bc38280d7802cefefb.jpg
fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/ Frame 5149 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/0c5d4826136239bc38280d7802cefefb.jpg
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.160.162 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4623d5f7921ee514cf61e86e1a8fa152e89ee705b051bcb8f1e5748d89fa26a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-amz-id-2
sPkeGnZNjhiAUoIL0XqMuBEkJkdWMnXVCpExXVdOHUFN7XX9JrslqPukKDcBPL4fdQtzl/I3havkrxdTV8RGFQ==
ETag
"5137c93247a89d354486ebf77d2589db"
x-amz-request-id
K6B4EWCXBD95T47C
Accept-Ranges
bytes
Content-Length
33594
Date
Sat, 23 Nov 2024 13:12:58 GMT
Last-Modified
Wed, 02 Oct 2024 00:38:12 GMT
Content-Type
image/jpeg
Server
AmazonS3
x-amz-server-side-encryption
AES256
0c5d4826136239bc38280d7802cefefb.jpg
fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/ Frame 4371 		33 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/0c5d4826136239bc38280d7802cefefb.jpg
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.160.162 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4623d5f7921ee514cf61e86e1a8fa152e89ee705b051bcb8f1e5748d89fa26a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-amz-id-2
sPkeGnZNjhiAUoIL0XqMuBEkJkdWMnXVCpExXVdOHUFN7XX9JrslqPukKDcBPL4fdQtzl/I3havkrxdTV8RGFQ==
ETag
"5137c93247a89d354486ebf77d2589db"
x-amz-request-id
K6B4EWCXBD95T47C
Accept-Ranges
bytes
Content-Length
33594
Date
Sat, 23 Nov 2024 13:12:58 GMT
Last-Modified
Wed, 02 Oct 2024 00:38:12 GMT
Content-Type
image/jpeg
Server
AmazonS3
x-amz-server-side-encryption
AES256
dvtp_src.js
cdn.doubleverify.com/ Frame 4371 		8 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:f::172c:c9da Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
669da0f21ec4f2c447f313265aee273fbc0c5577434a32f318232beba86e7a29

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=900
Content-Encoding
br
ETag
"c2ae6b434914dc3d71a5bbf688e700a3"
Expires
Sat, 23 Nov 2024 13:27:57 GMT
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
3225
Date
Sat, 23 Nov 2024 13:12:57 GMT
Last-Modified
Wed, 20 Nov 2024 15:13:46 GMT
Content-Type
text/javascript
dv-measurements6976.js
cdn.doubleverify.com/ Frame C64B 		419 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements6976.js
Requested by
Host: fortigate.wulaw.wustl.com
URL: https://fortigate.wulaw.wustl.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:f::172c:c9da Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
d7a406ae6aba31997605370b6ad0b2522a53034c8ad78373940da65b7f38f102

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=31536000
Content-Encoding
br
ETag
"5978bcffbdbe7ee98177a1785d3972d5"
Connection
keep-alive
Expires
Sun, 23 Nov 2025 13:12:57 GMT
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
84399
Date
Sat, 23 Nov 2024 13:12:57 GMT
Last-Modified
Wed, 20 Nov 2024 09:28:43 GMT
Content-Type
text/javascript
dv-measurements6976.js
cdn.doubleverify.com/ Frame 2D87 		419 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements6976.js
Requested by
Host: fortigate.wulaw.wustl.com
URL: https://fortigate.wulaw.wustl.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:f::172c:c9da Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
/
Resource Hash
d7a406ae6aba31997605370b6ad0b2522a53034c8ad78373940da65b7f38f102

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=31536000
Content-Encoding
br
ETag
"5978bcffbdbe7ee98177a1785d3972d5"
Expires
Sun, 23 Nov 2025 13:12:57 GMT
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
84399
Date
Sat, 23 Nov 2024 13:12:57 GMT
Last-Modified
Wed, 20 Nov 2024 09:28:43 GMT
Content-Type
text/javascript
visit.js
tps.doubleverify.com/ Frame C64B 		578 B
698 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=75&ttfrms=57&brid=96&bridua=3&bds=1&tstype=2&eparams=DC4FC%3Dl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETau7%3A89E%3EF4FDaTau4%40FA%40%3F%5DA9ATbu5%3AC64ETbsECF6TaeFF%3A5Tbsfhacbacf%60_7%60c5_7e4dh7b6_2d_efhb_Tae4%3D%3A4%3C%3A5Tbs4%3D%3A4%3C%3A5U2%3F4r92%3A%3Fl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=13&ddur=174&uid=1732367577374429&jsCallback=dvCallback_1732367577374301&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F130.0.0.0%20Safari%2F537.36&htmlmsging=1&chro=1&hist=1&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=6976&tgjsver=6976&lvvn=28&m1=96&refD=2&referrer=https%3A%2F%2Fsurvey.weeklysauce.com%2Ffightmucus2%2Fcoupon.php%3Fdirect%3Dtrue%26uuid%3D7924324710f14d0f6c59f3e0a5067930%26clickid%3Dclickid&fwc=0&fcl=80&flt=0&fec=41&fcifrms=1&brh=1&dvp_epl=364&noc=16&nav_pltfrm=Linux%20x86_64&ctx=10267440&cmp=32564729&sid=8893642&plc=404919084&adsrv=1&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=291558026225.9378&ee_dp_sukv=291558026225.9378&dvp_tukv=7957799028.990436&ee_dp_tukv=7957799028.990436&dvp_tuid=34520251718&jurtd=4131230920
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements6976.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
201.228.117.34.bc.googleusercontent.com
Software
/
Resource Hash
a5b120be7c5f69b01db639e6c7fb636ba29102fc0c9267691e2454c91dcac89b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=0
Timing-Allow-Origin
*
Content-Encoding
br
Pragma
no-cache
Connection
keep-alive
Expires
11/22/2024 13:12:57
Date
Sat, 23 Nov 2024 13:12:57 GMT
Content-Type
text/javascript
Vary
Accept-Encoding
visit.js
tps.doubleverify.com/ Frame 2D87 		578 B
699 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=141&ttfrms=12&brid=96&bridua=3&bds=1&tstype=2&eparams=DC4FC%3Dl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETau7%3A89E%3EF4FDaTau4%40FA%40%3F%5DA9ATbu5%3AC64ETbsECF6TaeFF%3A5Tbsfhacbacf%60_7%60c5_7e4dh7b6_2d_efhb_Tae4%3D%3A4%3C%3A5Tbs4%3D%3A4%3C%3A5U2%3F4r92%3A%3Fl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=28&ddur=144&uid=1732367577423159&jsCallback=dvCallback_1732367577423575&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F130.0.0.0%20Safari%2F537.36&htmlmsging=1&chro=1&hist=1&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=6976&tgjsver=6976&lvvn=28&m1=96&refD=2&referrer=https%3A%2F%2Fsurvey.weeklysauce.com%2Ffightmucus2%2Fcoupon.php%3Fdirect%3Dtrue%26uuid%3D7924324710f14d0f6c59f3e0a5067930%26clickid%3Dclickid&fwc=0&fcl=80&flt=0&fec=41&fcifrms=1&brh=1&dvp_epl=364&noc=16&nav_pltfrm=Linux%20x86_64&ctx=10267440&cmp=32564729&sid=8893642&plc=404919084&adsrv=1&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=9264576712.918015&ee_dp_sukv=9264576712.918015&dvp_tukv=1173327855148.5667&ee_dp_tukv=1173327855148.5667&dvp_tuid=382110014320&jurtd=1950782802
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements6976.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
201.228.117.34.bc.googleusercontent.com
Software
/
Resource Hash
117d9cec86d9bcea041fa4dc8017d62d7b21c25755eb3436140a2f3630851f13

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=0
Timing-Allow-Origin
*
Content-Encoding
br
Pragma
no-cache
Connection
keep-alive
Expires
11/22/2024 13:12:57
Date
Sat, 23 Nov 2024 13:12:57 GMT
Content-Type
text/javascript
Vary
Accept-Encoding
__ofa.gif
tracking.fuze360.com/ Frame A214 		42 B
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracking.fuze360.com/__ofa.gif?ofac=7924324710f14d0f6c59f3e0a5067930&ofao=3e21d49a27f29dd583eabf3f84340480%3B&ofap=%7B%22a3%22%3A%22clickid%22%7D&ofas=https%253A%252F%252Fsurvey.weeklysauce.com%252Ffightmucus2%252Fcoupon.php%253Fdirect%253Dtrue%2526uuid%253D7924324710f14d0f6c59f3e0a5067930%2526clickid%253Dclickid&ofatr=yes&ofats=1732367577577&position=0&ofasg=0093eb306958abaf02a5100efccf02cd0ed34a04e41c4cbabae383b089479044
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.70.136 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-9-70-136.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-debug
OK
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
*
content-length
42
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 23 Nov 2024 13:12:58 GMT
content-type
image/gif
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
__ofa.gif
tracking.fuze360.com/ Frame A214 		42 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracking.fuze360.com/__ofa.gif?ofac=7924324710f14d0f6c59f3e0a5067930&ofao=5d860c39065b0fe6a486d4147d48b5db%3B&ofap=%7B%22a3%22%3A%22clickid%22%7D&ofas=https%253A%252F%252Fsurvey.weeklysauce.com%252Ffightmucus2%252Fcoupon.php%253Fdirect%253Dtrue%2526uuid%253D7924324710f14d0f6c59f3e0a5067930%2526clickid%253Dclickid&ofatr=no&ofats=1732367577607&position=0&ofasg=b3dd1ddc9c86354cddb0aeb739ed527207e41672b35a05b25654f93c9af6f43d
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.70.136 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-9-70-136.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-debug
OK
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
*
content-length
42
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sat, 23 Nov 2024 13:12:58 GMT
content-type
image/gif
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
event.png
tpsc-ue1.doubleverify.com/ Frame 2D87 		0
303 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-ue1.doubleverify.com/event.png?impid=ac1e2b36eda34019b32b0acafb21c0c7&flavor=0&gdpr=&gdpr_consent=&ee_dp_omvk=doubleverify.com-omid&ee_dp_isom=1&pltm=1&ee_dp_jltm=1&iskpm=1&ismmm=1&isocm=1&ee_dp_alm=auto&dvp_atali=1&ee_dp_csc=1&ee_dp_cspf=1&ee_dp_asmm=1&vdur=394&eoid=27&te_strt=1&te_init=7&te_sup=0&te_exec=0&msrjs=6976&sdf=67108868&vit=2&ee_dp_mrci=1&rmi=16&tltms=144&tetms=10&msltms=24&vltms=394&sei=289&vetms=7&tuviims=153&tuviems=554&engms=1&engisel=1&dvp_dtcov=4&sim=3&msrcanlm=392&msrcannum=3&ee_dp_tmads=2515&ee_dp_msrcanlt=2%3A3%3A(0%3B0%3B0)%2C8%3A1%3A(0)%2C128%3A2%3A(0%3B0)%2C256%3A1%3A(0)%2C65536%3A3%3A(0%3B0%3B0)&ee_dp_btsc=2%3A3%3A(a-1-0-0%2Fimg-1-0-0%2Fiframe-1-0-0%2Fframe-1-0-0%3Ba-1-0-0%2Fimg-1-0-0%2Fiframe-1-0-0%2Fframe-1-0-0%3Ba-1-0-0%2Fimg-1-0-0%2Fiframe-1-0-0%2Fframe-1-0-0)&ismms=1031&isumms=1030&nvr=6&isgmmims=1031&isgmv4mims=1031&elmtp=6&isbxdms=2433&b11=1510&adhgt=250&adwdth=300&norwdth=300&norhgt=250&vsos=4&ivsos=4&dvp_vsosnmr=16&ivsosm=1&dvp_mvpw=device-width&dvp_mvpis=1&lftb=1510&sftb=1510&msrdp=1&naral=128&vct=1&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&scrhgt=1200&scrwdth=1600&strp=100&advisonl=true&isiabvms=1931&isuiabvms=1931&isgmpims=1030&isgmv4dpims=1931&ispmxpms=1931&ishvm=1&istchm=1&isascm=1&isaclkm=1&engalms=1029&dvp_hdnAd=0&dvp_dpr=1&vstsz=705&ee_dp_cvcmeeid=1&metp=1&meeid=1&ee_dp_saw=300&ee_dp_sah=250&ee_dp_didchd=5&ee_dp_didchc=0&ttfurm=3411
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements6976.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
201.228.117.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Expires
2024-11-22T13:13:01
Access-Control-Allow-Origin
https://survey.weeklysauce.com
Cache-Control
max-age=0
Date
Sat, 23 Nov 2024 13:13:01 GMT
Pragma
no-cache
Connection
keep-alive
Access-Control-Allow-Credentials
true, true
event.png
tpsc-ue1.doubleverify.com/ Frame C64B 		0
303 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tpsc-ue1.doubleverify.com/event.png?impid=570cb953d2e14585ba7dde1cc4087cb7&flavor=0&gdpr=&gdpr_consent=&ee_dp_omvk=doubleverify.com-omid&ee_dp_isom=1&pltm=1&ee_dp_jltm=1&iskpm=1&ismmm=1&isocm=1&ee_dp_alm=auto&dvp_atali=1&pltn=1&pltd=71&ee_dp_jlta=1&ee_dp_jltd=71&ee_dp_csc=1&ee_dp_cspf=1&ee_dp_asmm=1&vdur=439&eoid=27&te_strt=1&te_init=7&te_sup=0&te_exec=0&msrjs=6976&sdf=67108868&vit=2&ee_dp_mrci=1&rmi=16&tltms=174&tetms=14&msltms=47&vltms=439&sei=289&vetms=19&tuviims=133&tuviems=591&engms=1&engisel=1&dvp_dtcov=4&sim=3&msrcanlm=392&msrcannum=3&ee_dp_tmads=2617&ee_dp_msrcanlt=2%3A3%3A(0%3B0%3B0)%2C8%3A1%3A(0)%2C128%3A2%3A(0%3B0)%2C256%3A1%3A(0)%2C65536%3A3%3A(0%3B0%3B0)&ee_dp_btsc=2%3A3%3A(a-1-0-0%2Fimg-1-0-0%2Fiframe-1-0-0%2Fframe-1-0-0%3Ba-1-0-0%2Fimg-1-0-0%2Fiframe-1-0-0%2Fframe-1-0-0%3Ba-1-0-0%2Fimg-1-0-0%2Fiframe-1-0-0%2Fframe-1-0-0)&ismms=1084&isumms=1083&nvr=6&isgmmims=1084&isgmv4mims=1084&elmtp=6&isbxdms=2584&b11=1601&adhgt=250&adwdth=300&norwdth=300&norhgt=250&vsos=4&ivsos=4&dvp_vsosnmr=16&ivsosm=1&dvp_mvpw=device-width&dvp_mvpis=1&lftb=1601&sftb=1601&msrdp=1&naral=128&vct=1&vphgt=1200&vpwdth=1600&chgt=250&cwdth=300&scrhgt=1200&scrwdth=1600&strp=100&advisonl=true&isiabvms=1984&isuiabvms=1984&isgmpims=1083&isgmv4dpims=1984&ispmxpms=1984&ishvm=1&istchm=1&isascm=1&isaclkm=1&engalms=1083&dvp_hdnAd=0&dvp_dpr=1&vstsz=704&ee_dp_cvcmeeid=1&metp=1&meeid=1&ee_dp_saw=300&ee_dp_sah=250&ee_dp_didchd=5&ee_dp_didchc=0&ttfurm=3516
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements6976.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
201.228.117.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Expires
2024-11-22T13:13:01
Access-Control-Allow-Origin
https://survey.weeklysauce.com
Cache-Control
max-age=0
Date
Sat, 23 Nov 2024 13:13:01 GMT
Pragma
no-cache
Connection
keep-alive
Access-Control-Allow-Credentials
true, true

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
onlineultra.com
URL
http://onlineultra.com/

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| WebFontConfig object| WebFont function| generateUniqueID number| fuzeUniqueID string| fuze360UniqueID object| fuze360Loader object| _m_init__ function| fuze360InitCScrollbars function| fuze360ErrorLogger number| now number| s object| fuze360Ads object| widget object| modal object| video object| cookie function| fbq function| _fbq string| iframeCode

2 Cookies

Domain/Path Name / Value
survey.weeklysauce.com/ Name: PHPSESSID
Value: nrgt7l6nk0ohmmaksj9d26njtt
.weeklysauce.com/ Name: _fbp
Value: fb.1.1732367575762.298307315183605557

2 Console Messages

Source Level URL
Text
rendering warning URL: https://ernus-dop.com/zclkvisitor/a4663a11-a99c-11ef-9d27-0affdde0eee7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0D06E036C130000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
security error URL: https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ=
Message:
Mixed Content: The page at 'https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ=' was loaded over HTTPS, but requested an insecure favicon 'http://onlineultra.com/'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
assets.fuze360.com
cdn.doubleverify.com
connect.facebook.net
d38psrni17bvxu.cloudfront.net
embed.fuze360.com
embed.trckfz.com
ernus-dop.com
fonts.googleapis.com
fonts.gstatic.com
fortigate.wulaw.wustl.com
fuze360-images.s3-us-west-1.amazonaws.com
go.onlineultra.com
onlineultra.com
survey.weeklysauce.com
tps.doubleverify.com
tpsc-ue1.doubleverify.com
tracking.fuze360.com
www.facebook.com
onlineultra.com
104.247.82.51
13.57.71.131
138.197.194.223
23.22.224.216
2600:141b:1c00:f::172c:c9da
2600:9000:2209:cc00:1d:4618:5c80:21
2607:f8b0:4006:808::200a
2607:f8b0:4006:809::200a
2607:f8b0:4006:820::2003
2a03:2880:f35a:1:face:b00c:0:25de
2a03:2880:f35a:80:face:b00c:0:3
3.5.160.162
34.117.228.201
35.167.230.113
52.8.0.233
52.9.70.136
0480d6908cfda1b5d4f2101437f703583efdb9539bfc49ec41bcb4a3697df8c5
10c3449089e27b52f0d9c8e60db5528476c933bf6722d5b4c0ea3872f82a261a
117d9cec86d9bcea041fa4dc8017d62d7b21c25755eb3436140a2f3630851f13
173dc989d761f18d36b27732429622815855758a0316a8a2ef8324f5da667165
1a0ef7651dc34f01921c63ee2f03970212d190f2ff26dad403372e7a3a560896
2d8a4a99df46eaf3d74b0f2d15aeecaa3157a90ed30a83e1ecac8e522f9784b5
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4623d5f7921ee514cf61e86e1a8fa152e89ee705b051bcb8f1e5748d89fa26a6
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
669da0f21ec4f2c447f313265aee273fbc0c5577434a32f318232beba86e7a29
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
86752b95eac03cb7788e6433d555a159624ee764d6b2b9b2892e57925ffd8c0f
9e40aeb4087244c775f225c3d18c42ad88c76bdcd51f972e8735e40103ffe967
9f41fd7dc081eff2c34a7ed38332f99c8acfa2818fac3e8a5db56add443e3eb6
a5b120be7c5f69b01db639e6c7fb636ba29102fc0c9267691e2454c91dcac89b
a66e051f86ed3023bb982f1dbbcbae4ca3e030d3bfdc4004496b92d62de7690c
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
afd4ba1a0ba39fc437c6c7f8de34b06573bd0dd70c55ba2a443155fbb538f164
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
ccac8f52e5f20c2b54d93bda4b02ee1b673a701226efdb3af9e23862962293f3
d7a406ae6aba31997605370b6ad0b2522a53034c8ad78373940da65b7f38f102
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6