urlscan.io logo urlscan.io
SecurityTrails logo

survey.weeklysauce.com Open in urlscan Pro
35.167.230.113  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://92maportes.ebay.ng/
Effective URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Submission: On October 20 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 2 countries across 13 domains to perform 38 HTTP transactions. The main IP is 35.167.230.113, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is survey.weeklysauce.com.
TLS certificate: Issued by R11 on October 14th 2024. Valid for: 3 months.
This is the only time survey.weeklysauce.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 104.247.81.52 206834 (TEAMINTER...)
1 2600:9000:220... 16509 (AMAZON-02)
1 2 34.196.113.212 14618 (AMAZON-AES)
2 138.197.194.223 14061 (DIGITALOC...)
4 35.167.230.113 16509 (AMAZON-02)
2 54.177.190.49 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 13.52.168.105 16509 (AMAZON-02)
2 2a03:2880:f00... 32934 (FACEBOOK)
2 2a03:2880:f10... 32934 (FACEBOOK)
2 13.57.71.131 16509 (AMAZON-02)
4 2600:1408:540... 20940 (AKAMAI-ASN1)
2 3.5.163.155 16509 (AMAZON-02)
2 35.201.101.243 396982 (GOOGLE-CL...)
2 54.219.128.163 16509 (AMAZON-02)
38 18
4    104.247.81.52 (Canada)

ASN206834 (TEAMINTERNET-CA-AS, DE)
92maportes.ebay.ng
1    2600:9000:2209:7400:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
2    34.196.113.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-113-212.compute-1.amazonaws.com
varun-ysz.com
2    138.197.194.223 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: random.onlineultra.com
onlineultra.com
go.onlineultra.com
4    35.167.230.113 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-167-230-113.us-west-2.compute.amazonaws.com
survey.weeklysauce.com
2    54.177.190.49 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-177-190-49.us-west-1.compute.amazonaws.com
embed.trckfz.com
embed.fuze360.com
1    2607:f8b0:4004:c17::5f (Washington, United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2607:f8b0:4004:c06::5f (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2607:f8b0:400d:c0b::5e (Morganton, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    13.52.168.105 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-52-168-105.us-west-1.compute.amazonaws.com
embed.fuze360.com
2    2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    13.57.71.131 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-57-71-131.us-west-1.compute.amazonaws.com
assets.fuze360.com
4    2600:1408:5400:23::b819:7f49 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.doubleverify.com
2    3.5.163.155 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-1-r-w.amazonaws.com
fuze360-images.s3-us-west-1.amazonaws.com
2    35.201.101.243 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 243.101.201.35.bc.googleusercontent.com
tps.doubleverify.com
2    54.219.128.163 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-219-128-163.us-west-1.compute.amazonaws.com
tracking.fuze360.com
Apex Domain
Subdomains		 Transfer
6 doubleverify.com
cdn.doubleverify.com — Cisco Umbrella Rank: 526
tps.doubleverify.com — Cisco Umbrella Rank: 566
103 KB
6 fuze360.com
embed.fuze360.com
assets.fuze360.com
tracking.fuze360.com
366 KB
4 weeklysauce.com
survey.weeklysauce.com
511 KB
4 ebay.ng
92maportes.ebay.ng
2 KB
3 gstatic.com
fonts.gstatic.com
99 KB
3 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 412
fonts.googleapis.com — Cisco Umbrella Rank: 30
10 KB
2 amazonaws.com
fuze360-images.s3-us-west-1.amazonaws.com
33 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
73 KB
2 onlineultra.com
onlineultra.com
go.onlineultra.com
1 KB
2 varun-ysz.com
varun-ysz.com — Cisco Umbrella Rank: 311193
4 KB
1 trckfz.com
embed.trckfz.com
76 KB
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
1 KB
38 13
Domain Requested by
4 cdn.doubleverify.com survey.weeklysauce.com
92maportes.ebay.ng
4 survey.weeklysauce.com survey.weeklysauce.com
4 92maportes.ebay.ng d38psrni17bvxu.cloudfront.net
92maportes.ebay.ng
3 fonts.gstatic.com fonts.googleapis.com
2 tracking.fuze360.com survey.weeklysauce.com
2 tps.doubleverify.com cdn.doubleverify.com
2 fuze360-images.s3-us-west-1.amazonaws.com survey.weeklysauce.com
2 assets.fuze360.com embed.trckfz.com
2 www.facebook.com survey.weeklysauce.com
2 connect.facebook.net survey.weeklysauce.com
connect.facebook.net
2 embed.fuze360.com embed.trckfz.com
2 fonts.googleapis.com ajax.googleapis.com
embed.trckfz.com
2 varun-ysz.com 1 redirects 92maportes.ebay.ng
1 ajax.googleapis.com survey.weeklysauce.com
1 embed.trckfz.com survey.weeklysauce.com
1 go.onlineultra.com onlineultra.com
1 onlineultra.com varun-ysz.com
1 d38psrni17bvxu.cloudfront.net 92maportes.ebay.ng
38 18

This site contains no links.

Subject Issuer Validity Valid
92maportes.ebay.ng
R10		 2024-10-20 -
2025-01-18		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
varun-ysz.com
Amazon RSA 2048 M02		 2024-09-30 -
2025-10-29		 a year crt.sh
onlineultra.com
R11		 2024-09-15 -
2024-12-14		 3 months crt.sh
survey.blogandsoda.com
R11		 2024-10-14 -
2025-01-12		 3 months crt.sh
*.fuze360.com
Amazon RSA 2048 M02		 2024-06-23 -
2025-07-23		 a year crt.sh
upload.video.google.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh
*.gstatic.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-07-29 -
2024-10-27		 3 months crt.sh
fuze360.com
R11		 2024-10-18 -
2025-01-16		 3 months crt.sh
*.doubleverify.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-03-11 -
2025-03-14		 a year crt.sh
*.s3-us-west-1.amazonaws.com
Amazon RSA 2048 M01		 2024-10-10 -
2025-09-28		 a year crt.sh
*.tps.doubleverify.com
Go Daddy Secure Certificate Authority - G2		 2024-07-30 -
2025-08-31		 a year crt.sh

This page contains 6 frames:

Primary Page: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Frame ID: 8F50359286EA9710527F6C048F593C40
Requests: 23 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Open+Sans:400,600
Frame ID: A0BA3F7585A06907DB8C67C8E0F7F02F
Requests: 6 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dvtp_src.js
Frame ID: E6127B94925559E54D307DB1D4F06E46
Requests: 2 HTTP requests in this frame

Frame: https://fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/0c5d4826136239bc38280d7802cefefb.jpg
Frame ID: 78CEC46EB39B7425F22E0BAAE49DE0E7
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements6813.js
Frame ID: 7C92839478772C8076A7630C81404CB3
Requests: 2 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements6813.js
Frame ID: B33E298B3EF72B4731E39485DDD6ADE6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign up now for access to your exclusive offers!

Page URL History Show full URLs

  1. https://92maportes.ebay.ng/ Page URL
  2. https://varun-ysz.com/zclkvisitor/a5cc1462-8efd-11ef-a731-123de898c745/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. https://varun-ysz.com/zclkredirect?visitid=a5cc1462-8efd-11ef-a731-123de898c745&type=js&browserWid... HTTP 302
    https://onlineultra.com/advalue Page URL
  4. https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA... Page URL
  5. https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&cli... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont

Page Statistics

38
Requests

97 %
HTTPS

41 %
IPv6

13
Domains

18
Subdomains

18
IPs

2
Countries

1282 kB
Transfer

2457 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://92maportes.ebay.ng/ Page URL
  2. https://varun-ysz.com/zclkvisitor/a5cc1462-8efd-11ef-a731-123de898c745/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d Page URL
  3. https://varun-ysz.com/zclkredirect?visitid=a5cc1462-8efd-11ef-a731-123de898c745&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    https://onlineultra.com/advalue Page URL
  4. https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ= Page URL
  5. https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://varun-ysz.com/zclkredirect?visitid=a5cc1462-8efd-11ef-a731-123de898c745&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
  • https://onlineultra.com/advalue
Request Chain 8
  • https://go.onlineultra.com/favicon.ico HTTP 0
  • http://onlineultra.com/

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
92maportes.ebay.ng/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://92maportes.ebay.ng/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.52 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy nginx /
Resource Hash
2e859bcfb54213cc4f2741bc14c6c22b5fc9b672fd2fe1883c9d90ac2469290c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":8443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 20 Oct 2024 16:09:13 GMT
server
Caddy nginx
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_XkUU6b2rWX2dlVx0MeXakeWeO3Ry9gerEGvUAut73GwLhq/HoC4ujzwISQ0Av8Luatq15h6EP0Qnmf+PbSx+eg==
x-buckets
bucket011,bucket088,bucket089,bucket077
x-domain
ebay.ng
x-language
english
x-pcrew-blocked-reason
x-pcrew-ip-organization
Verizon Internet Services
x-redirect
zeropark_zeroclick
x-subdomain
92maportes
x-template
tpl_CleanPeppermintBlack_twoclick
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: 92maportes.ebay.ng
URL: https://92maportes.ebay.ng/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:7400:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://92maportes.ebay.ng/

Response headers

etag
"65fc1e7b-448"
age
79225
via
1.1 2c7d387775f2e52dd268d2f49202b5d2.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
1096
x-amz-cf-id
i9zjztoK7bBOjYXysqADao1YhrU1PpogKt5m1aYvjlaXp2xmBKYz3A==
date
Sat, 19 Oct 2024 18:08:48 GMT
content-type
application/javascript
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
EWR53-P1
track.php
92maportes.ebay.ng/ 		0
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://92maportes.ebay.ng/track.php?domain=ebay.ng&toggle=browserjs&uid=MTcyOTQ0MDU1My4wODg6ZDUyNTg3MmQ1ODA1MzU0NjRhMGQ1OWUzODcyNDg1M2Y3MjFkMmRkM2QyYTNiMWE5MWI3NWM4OTZmY2Y1NjliNjo2NzE1MmIyOTE1N2I4
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.52 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://92maportes.ebay.ng/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
rtt
100
downlink
10

Response headers

content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
browserjs
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
date
Sun, 20 Oct 2024 16:09:13 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
ls.php
92maportes.ebay.ng/ 		16 B
370 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://92maportes.ebay.ng/ls.php?t=67152b29&token=d4b51660159a03e83b9da7f57b57f0bf9176547c
Requested by
Host: 92maportes.ebay.ng
URL: https://92maportes.ebay.ng/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.52 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://92maportes.ebay.ng/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
rtt
100
downlink
10

Response headers

access-control-max-age
86400
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
access-control-allow-methods
POST, OPTIONS
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_pdVlhcA9t4TxqnVN6DEktGGRJ+OMsglxRmtJwN2XGXDOllNM1XXPJ2m5HjvBiL/J35XkURUzPeUi0Ygh/K/vzg==
accept-ch-lifetime
30
x-log-success
67152b29f3f3d747850ce86c
access-control-allow-origin
alt-svc
h3=":8443"; ma=2592000
date
Sun, 20 Oct 2024 16:09:13 GMT
charset
utf-8
content-type
text/javascript;charset=UTF-8
server
Caddy, nginx
track.php
92maportes.ebay.ng/ 		0
76 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://92maportes.ebay.ng/track.php?click=9714f0dd2013f462f36dbfd5dd5b61a92ece9197&domain=ebay.ng&uid=MTcyOTQ0MDU1My4wODg6ZDUyNTg3MmQ1ODA1MzU0NjRhMGQ1OWUzODcyNDg1M2Y3MjFkMmRkM2QyYTNiMWE5MWI3NWM4OTZmY2Y1NjliNjo2NzE1MmIyOTE1N2I4&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDg4LGJ1Y2tldDA4OSxidWNrZXQwNzd8fHx8fHw2NzE1MmIyOTE1NzU5fHx8MTcyOTQ0MDU1My4yODE3fGZhMDM3ZjUyZmI2ZTg5YjUzZWFhZWRjNzE3NTEyY2EzZDU4Zjg3MDF8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxkNGI1MTY2MDE1OWEwM2U4M2I5ZGE3ZjU3YjU3ZjBiZjkxNzY1NDdjfDB8fDB8MHx8fA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.52 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://92maportes.ebay.ng/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
rtt
100
downlink
10

Response headers

content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
none
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
date
Sun, 20 Oct 2024 16:09:13 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
varun-ysz.com/zclkvisitor/a5cc1462-8efd-11ef-a731-123de898c745/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://varun-ysz.com/zclkvisitor/a5cc1462-8efd-11ef-a731-123de898c745/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d
Requested by
Host: 92maportes.ebay.ng
URL: https://92maportes.ebay.ng/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.113.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-113-212.compute-1.amazonaws.com
Software
/
Resource Hash
b79d41bd55dbddc957182ecacc2d1bcb97516fa183c6bbc0f57a5001a1172e5c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://92maportes.ebay.ng/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Sun, 20 Oct 2024 16:09:13 GMT
advalue
onlineultra.com/
Redirect Chain
  • https://varun-ysz.com/zclkredirect?visitid=a5cc1462-8efd-11ef-a731-123de898c745&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • https://onlineultra.com/advalue
522 B
761 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onlineultra.com/advalue
Requested by
Host: varun-ysz.com
URL: https://varun-ysz.com/zclkvisitor/a5cc1462-8efd-11ef-a731-123de898c745/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
138.197.194.223 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
random.onlineultra.com
Software
openresty/1.11.2.1 /
Resource Hash

Request headers

Referer
https://varun-ysz.com/zclkvisitor/a5cc1462-8efd-11ef-a731-123de898c745/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c77c33b0-891c-11ef-8d65-0affcf01680d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0
Connection
keep-alive
Content-Type
text/html
Date
Sun, 20 Oct 2024 16:09:14 GMT
Expires
Sun, 20 Oct 2024 16:09:14 GMT
Server
openresty/1.11.2.1
Transfer-Encoding
chunked

Redirect headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
date
Sun, 20 Oct 2024 16:09:14 GMT
location
https://onlineultra.com/advalue
/
go.onlineultra.com/ 		219 B
457 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ=
Requested by
Host: onlineultra.com
URL: https://onlineultra.com/advalue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
138.197.194.223 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
random.onlineultra.com
Software
openresty/1.11.2.1 /
Resource Hash

Request headers

Referer
https://onlineultra.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0
Connection
keep-alive
Content-Type
text/html
Date
Sun, 20 Oct 2024 16:09:15 GMT
Expires
Sun, 20 Oct 2024 16:09:15 GMT
Server
openresty/1.11.2.1
Transfer-Encoding
chunked
Primary Request coupon.php
survey.weeklysauce.com/fightmucus2/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
2d8a4a99df46eaf3d74b0f2d15aeecaa3157a90ed30a83e1ecac8e522f9784b5

Request headers

Referer
https://go.onlineultra.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 20 Oct 2024 16:09:15 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
/
onlineultra.com/
Redirect Chain
  • https://go.onlineultra.com/favicon.ico
  • http://onlineultra.com/
0
0
flow.css
survey.weeklysauce.com/fightmucus2/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://survey.weeklysauce.com/fightmucus2/flow.css
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
ccac8f52e5f20c2b54d93bda4b02ee1b673a701226efdb3af9e23862962293f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

content-encoding
gzip
date
Sun, 20 Oct 2024 16:09:16 GMT
etag
W/"5f63f2c8-ff3"
content-type
text/css
last-modified
Thu, 17 Sep 2020 23:35:36 GMT
server
nginx
vary
Accept-Encoding
7924324710f14d0f6c59f3e0a5067930.js
embed.trckfz.com/ 		75 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.177.190.49 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-177-190-49.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
10c3449089e27b52f0d9c8e60db5528476c933bf6722d5b4c0ea3872f82a261a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

x-debug
Fuze360 loader
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
*
content-length
77130
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sun, 20 Oct 2024 16:09:16 GMT
content-type
application/javascript; charset=UTF-8
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
access-control-allow-headers
Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Accept, X-Requested-With, Content-Type, X-Referrer
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
age
192191
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Sat, 18 Oct 2025 10:46:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 18 Oct 2024 10:46:05 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
5437
x-xss-protection
0
server
sffe
being-sick-2.jpg
survey.weeklysauce.com/fightmucus2/ 		503 KB
504 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://survey.weeklysauce.com/fightmucus2/being-sick-2.jpg
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/flow.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
9f41fd7dc081eff2c34a7ed38332f99c8acfa2818fac3e8a5db56add443e3eb6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/flow.css

Response headers

accept-ranges
bytes
content-length
515264
date
Sun, 20 Oct 2024 16:09:16 GMT
etag
"5f63e342-7dcc0"
content-type
image/jpeg
last-modified
Thu, 17 Sep 2020 22:29:22 GMT
server
nginx
css
fonts.googleapis.com/ 		13 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Slab:300,700,100%7COpen+Sans&subset=latin
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
afd4ba1a0ba39fc437c6c7f8de34b06573bd0dd70c55ba2a443155fbb538f164
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 16:09:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 20 Oct 2024 16:09:16 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 20 Oct 2024 16:09:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v34/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotoslab/v34/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Slab:300,700,100%7COpen+Sans&subset=latin
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c0b::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://survey.weeklysauce.com
Referer
https://fonts.googleapis.com/

Response headers

age
406566
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 23:13:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 23:13:10 GMT
last-modified
Tue, 24 Oct 2023 01:54:50 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
34328
x-xss-protection
0
server
sffe
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Slab:300,700,100%7COpen+Sans&subset=latin
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c0b::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://survey.weeklysauce.com
Referer
https://fonts.googleapis.com/

Response headers

age
408921
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 22:33:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 22:33:55 GMT
last-modified
Thu, 14 Dec 2023 02:00:39 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18668
x-xss-protection
0
server
sffe
/
embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/ 		201 KB
52 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/?uID=1141430766960
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.177.190.49 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-177-190-49.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
1c359349dbd26f5145c1afb43474e1184e2b4dffa86db3df07ec9823558f041e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-Referrer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Referer
https://survey.weeklysauce.com/

Response headers

x-debug
Fuze360 core
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
https://survey.weeklysauce.com
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sun, 20 Oct 2024 16:09:17 GMT
content-type
text/html; charset=UTF-8
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
access-control-allow-headers
Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Accept, X-Requested-With, Content-Type, X-Referrer
/
embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://embed.fuze360.com/campaign/7924324710f14d0f6c59f3e0a5067930/?uID=1141430766960
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.52.168.105 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-52-168-105.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-referrer
Access-Control-Request-Method
GET
Origin
https://survey.weeklysauce.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Access-Control-Allow-Origin, Access-Control-Allow-Headers, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Accept, X-Requested-With, Content-Type, X-Referrer
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://survey.weeklysauce.com
content-length
0
content-type
text/html
date
Sun, 20 Oct 2024 16:09:17 GMT
server
nginx/1.14.0 (Ubuntu)
x-powered-by
Fuze360
fbevents.js
connect.facebook.net/en_US/ 		227 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f4cfd4a5b95dfb31c47cd567d9719fc12a0453f6ff27e2872147a9740e4b9e56
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 20 Oct 2024 16:09:16 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=32, rtx=0, c=23, mss=1232, tbw=5677, tp=10, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
qQUMBYuYLHvmA486SVWWC849d7yuSlzEgaEN5tX/J0RAMkxRAQWZjTYSGCCRTOSifEneG9sk3NhoatNqOLTTHQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59352
x-xss-protection
0
origin-agent-cluster
?1
826656024206035
connect.facebook.net/signals/config/ 		74 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/826656024206035?v=2.9.172&r=stable&domain=survey.weeklysauce.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C28%2C82%2C87%2C47%2C46%2C86%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
26b2d4b0b1c885fac0668b5f2daa155f7292dd401d2455cfaa5397cff7fc8a82
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 20 Oct 2024 16:09:17 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=70, mss=1232, tbw=68749, tp=64, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
1vhwdS49mWzaU1qw7BMJt3FMNlCui/DTyukHN/xV1nihJ1lsBRo/LZzsUW9K6uwHsfLKaDZkW2LC/pbAyyKB7w==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
14821
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=826656024206035&ev=PageView&dl=https%3A%2F%2Fsurvey.weeklysauce.com%2Ffightmucus2%2Fcoupon.php%3Fdirect%3Dtrue%26uuid%3D7924324710f14d0f6c59f3e0a5067930%26clickid%3Dclickid&rl=https%3A%2F%2Fgo.onlineultra.com%2F&if=false&ts=1729440557217&sw=1600&sh=1200&v=2.9.172&r=stable&ec=0&o=4126&fbp=fb.1.1729440557214.42197931195356330&cs_est=true&ler=other&cdl=API_unavailable&it=1729440557159&coo=false&rqm=GET
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=9, rtx=0, c=10, mss=1392, tbw=2902, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 20 Oct 2024 16:09:17 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=826656024206035&ev=PageView&dl=https%3A%2F%2Fsurvey.weeklysauce.com%2Ffightmucus2%2Fcoupon.php%3Fdirect%3Dtrue%26uuid%3D7924324710f14d0f6c59f3e0a5067930%26clickid%3Dclickid&rl=https%3A%2F%2Fgo.onlineultra.com%2F&if=false&ts=1729440557217&sw=1600&sh=1200&v=2.9.172&r=stable&ec=0&o=4126&fbp=fb.1.1729440557214.42197931195356330&cs_est=true&ler=other&cdl=API_unavailable&it=1729440557159&coo=false&rqm=FGET
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7427890633379314602"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Sun, 20 Oct 2024 16:09:17 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
Bt1G1BcY/bafk4EVi6dXWHw0bTBq7/bNowmsn2UpNDpOOSDewMlNUHqnvB+3w9E04QM5AATsHG4Z698FVoADlw==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7427890633379314602", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=10, rtx=0, c=10, mss=1392, tbw=3219, tp=-1, tpl=-1, uplat=89, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
css
fonts.googleapis.com/ Frame A0BA 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0480d6908cfda1b5d4f2101437f703583efdb9539bfc49ec41bcb4a3697df8c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 20 Oct 2024 16:09:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 20 Oct 2024 16:09:17 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 20 Oct 2024 15:23:33 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
fuze360.min.js
assets.fuze360.com/ Frame A0BA 		76 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fuze360.com/fuze360.min.js
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.57.71.131 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-57-71-131.us-west-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
86752b95eac03cb7788e6433d555a159624ee764d6b2b9b2892e57925ffd8c0f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

Content-Length
78106
Date
Sun, 20 Oct 2024 16:09:17 GMT
ETag
"9805c3c0c7b7f26adf493caf0b3fe92f"
Content-Type
text/javascript
Last-Modified
Mon, 03 Jun 2019 14:50:09 GMT
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
jwplayer.js
assets.fuze360.com/ Frame A0BA 		236 KB
236 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.fuze360.com/jwplayer.js
Requested by
Host: embed.trckfz.com
URL: https://embed.trckfz.com/7924324710f14d0f6c59f3e0a5067930.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.57.71.131 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-57-71-131.us-west-1.compute.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
a66e051f86ed3023bb982f1dbbcbae4ca3e030d3bfdc4004496b92d62de7690c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

Content-Length
241663
Date
Sun, 20 Oct 2024 16:09:17 GMT
ETag
"aef28403bfddf9827104c8a4c4b81434"
Content-Type
text/javascript
Last-Modified
Mon, 03 Jun 2019 14:50:09 GMT
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ Frame A0BA 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:400d:c0b::5e Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://survey.weeklysauce.com
Referer
https://fonts.googleapis.com/

Response headers

age
459541
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 15 Oct 2025 08:30:16 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 15 Oct 2024 08:30:16 GMT
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48236
x-xss-protection
0
server
sffe
dvtp_src.js
cdn.doubleverify.com/ Frame E612 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:23::b819:7f49 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bcdf71159c60a2ba21daf09ed46567df006d49c01be6285a9949ce50ef4d82da

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=900
Content-Encoding
gzip
ETag
"70d0eb93f685672321fb96207d8abb01"
Connection
keep-alive
Expires
Sun, 20 Oct 2024 16:24:18 GMT
Access-Control-Allow-Origin
*
Content-Length
3629
Date
Sun, 20 Oct 2024 16:09:18 GMT
Last-Modified
Mon, 14 Oct 2024 09:38:05 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
0c5d4826136239bc38280d7802cefefb.jpg
fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/ Frame E612 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/0c5d4826136239bc38280d7802cefefb.jpg
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.163.155 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4623d5f7921ee514cf61e86e1a8fa152e89ee705b051bcb8f1e5748d89fa26a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-amz-id-2
p/7cOkIcKEnQfZIkrl5eAlXV6RMih21kmmZgMVpRxO0HZeZF8l3vQrduxBjcTlj5GvUgPEXRieCojfB6uymUUQ==
ETag
"5137c93247a89d354486ebf77d2589db"
x-amz-request-id
CX5SC3058Z012XMA
Accept-Ranges
bytes
Content-Length
33594
Date
Sun, 20 Oct 2024 16:09:19 GMT
Last-Modified
Wed, 02 Oct 2024 00:38:12 GMT
Content-Type
image/jpeg
Server
AmazonS3
x-amz-server-side-encryption
AES256
0c5d4826136239bc38280d7802cefefb.jpg
fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/ Frame 78CE 		33 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fuze360-images.s3-us-west-1.amazonaws.com/images/creatives/0c5d4826136239bc38280d7802cefefb.jpg
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.5.163.155 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
4623d5f7921ee514cf61e86e1a8fa152e89ee705b051bcb8f1e5748d89fa26a6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-amz-id-2
p/7cOkIcKEnQfZIkrl5eAlXV6RMih21kmmZgMVpRxO0HZeZF8l3vQrduxBjcTlj5GvUgPEXRieCojfB6uymUUQ==
ETag
"5137c93247a89d354486ebf77d2589db"
x-amz-request-id
CX5SC3058Z012XMA
Accept-Ranges
bytes
Content-Length
33594
Date
Sun, 20 Oct 2024 16:09:19 GMT
Last-Modified
Wed, 02 Oct 2024 00:38:12 GMT
Content-Type
image/jpeg
Server
AmazonS3
x-amz-server-side-encryption
AES256
dvtp_src.js
cdn.doubleverify.com/ Frame 78CE 		8 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dvtp_src.js
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:23::b819:7f49 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bcdf71159c60a2ba21daf09ed46567df006d49c01be6285a9949ce50ef4d82da

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=900
Content-Encoding
gzip
ETag
"70d0eb93f685672321fb96207d8abb01"
Expires
Sun, 20 Oct 2024 16:24:18 GMT
Access-Control-Allow-Origin
*
Content-Length
3629
Date
Sun, 20 Oct 2024 16:09:18 GMT
Last-Modified
Mon, 14 Oct 2024 09:38:05 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
dv-measurements6813.js
cdn.doubleverify.com/ Frame 7C92 		411 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements6813.js
Requested by
Host: 92maportes.ebay.ng
URL: https://92maportes.ebay.ng/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:23::b819:7f49 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dd430190f66b9d00f9e3874f2d5d0cd1f28e59229fdefd4962c536ef5bedee02

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=31536000
Content-Encoding
gzip
ETag
"8c6ae3f393111090052e20554cb33302"
Connection
keep-alive
Expires
Mon, 20 Oct 2025 16:09:18 GMT
Access-Control-Allow-Origin
*
Content-Length
100063
Date
Sun, 20 Oct 2024 16:09:18 GMT
Last-Modified
Mon, 14 Oct 2024 08:13:34 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
dv-measurements6813.js
cdn.doubleverify.com/ Frame B33E 		411 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.doubleverify.com/dv-measurements6813.js
Requested by
Host: 92maportes.ebay.ng
URL: https://92maportes.ebay.ng/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:5400:23::b819:7f49 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dd430190f66b9d00f9e3874f2d5d0cd1f28e59229fdefd4962c536ef5bedee02

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Access-Control-Expose-Headers
*
Cache-Control
max-age=31536000
Content-Encoding
gzip
ETag
"8c6ae3f393111090052e20554cb33302"
Expires
Mon, 20 Oct 2025 16:09:18 GMT
Access-Control-Allow-Origin
*
Content-Length
100063
Date
Sun, 20 Oct 2024 16:09:18 GMT
Last-Modified
Mon, 14 Oct 2024 08:13:34 GMT
Content-Type
application/javascript
Vary
Accept-Encoding
visit.js
tps.doubleverify.com/ Frame 7C92 		578 B
699 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=122&ttfrms=30&brid=96&bridua=3&bds=1&tstype=2&eparams=DC4FC%3Dl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETau7%3A89E%3EF4FDaTau4%40FA%40%3F%5DA9ATbu5%3AC64ETbsECF6TaeFF%3A5Tbsfhacbacf%60_7%60c5_7e4dh7b6_2d_efhb_Tae4%3D%3A4%3C%3A5Tbs4%3D%3A4%3C%3A5U2%3F4r92%3A%3Fl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=7&ddur=313&uid=1729440558721450&jsCallback=dvCallback_1729440558721808&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36&htmlmsging=1&chro=1&hist=1&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=6813&tgjsver=6813&lvvn=28&m1=96&refD=2&referrer=https%3A%2F%2Fsurvey.weeklysauce.com%2Ffightmucus2%2Fcoupon.php%3Fdirect%3Dtrue%26uuid%3D7924324710f14d0f6c59f3e0a5067930%26clickid%3Dclickid&fwc=0&fcl=79&flt=67&fec=41&fcifrms=1&brh=1&dvp_epl=364&noc=48&nav_pltfrm=Linux%20x86_64&ctx=10267440&cmp=32564729&sid=8893642&plc=404919084&adsrv=1&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=35141259.63237218&ee_dp_sukv=35141259.63237218&dvp_tukv=1995724.5024665275&ee_dp_tukv=1995724.5024665275&dvp_tuid=1046670536668&jurtd=259888522
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements6813.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.201.101.243 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
243.101.201.35.bc.googleusercontent.com
Software
/
Resource Hash
b934354d9a5f194cd57e55fcf81427ba694f8a46c6fcf3741444c1fdfc5caf3b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=0
Timing-Allow-Origin
*
Content-Encoding
br
Pragma
no-cache
Connection
keep-alive
Expires
10/19/2024 16:09:19
Date
Sun, 20 Oct 2024 16:09:19 GMT
Content-Type
text/javascript
Vary
Accept-Encoding
visit.js
tps.doubleverify.com/ Frame B33E 		578 B
705 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=142&ttfrms=7&brid=96&bridua=3&bds=1&tstype=2&eparams=DC4FC%3Dl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETau7%3A89E%3EF4FDaTau4%40FA%40%3F%5DA9ATbu5%3AC64ETbsECF6TaeFF%3A5Tbsfhacbacf%60_7%60c5_7e4dh7b6_2d_efhb_Tae4%3D%3A4%3C%3A5Tbs4%3D%3A4%3C%3A5U2%3F4r92%3A%3Fl9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3ETar9EEADTbpTauTauDFCG6J%5DH66%3C%3DJD2F46%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=8&ddur=304&uid=1729440558738939&jsCallback=dvCallback_1729440558738486&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36&htmlmsging=1&chro=1&hist=1&winh=1200&winw=1600&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=6813&tgjsver=6813&lvvn=28&m1=96&refD=2&referrer=https%3A%2F%2Fsurvey.weeklysauce.com%2Ffightmucus2%2Fcoupon.php%3Fdirect%3Dtrue%26uuid%3D7924324710f14d0f6c59f3e0a5067930%26clickid%3Dclickid&fwc=0&fcl=79&flt=67&fec=41&fcifrms=1&brh=1&dvp_epl=364&noc=48&nav_pltfrm=Linux%20x86_64&ctx=10267440&cmp=32564729&sid=8893642&plc=404919084&adsrv=1&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=1&dvp_seem=2&dvp_tuk=1&dvp_sukv=574062588.796395&ee_dp_sukv=574062588.796395&dvp_tukv=9988683955.878736&ee_dp_tukv=9988683955.878736&dvp_tuid=1004717725166&jurtd=1806603548
Requested by
Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements6813.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.201.101.243 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
243.101.201.35.bc.googleusercontent.com
Software
/
Resource Hash
a7a6779e73d2c55374ef5c81a2ace296ce51f1fe36627f8b546b051b8b182cef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

Transfer-Encoding
chunked
Cache-Control
max-age=0
Timing-Allow-Origin
*
Content-Encoding
br
Pragma
no-cache
Connection
keep-alive
Expires
10/19/2024 16:09:19
Date
Sun, 20 Oct 2024 16:09:19 GMT
Content-Type
text/javascript
Vary
Accept-Encoding
__ofa.gif
tracking.fuze360.com/ Frame A0BA 		42 B
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracking.fuze360.com/__ofa.gif?ofac=7924324710f14d0f6c59f3e0a5067930&ofao=3e21d49a27f29dd583eabf3f84340480%3B&ofap=%7B%22a3%22%3A%22clickid%22%7D&ofas=https%253A%252F%252Fsurvey.weeklysauce.com%252Ffightmucus2%252Fcoupon.php%253Fdirect%253Dtrue%2526uuid%253D7924324710f14d0f6c59f3e0a5067930%2526clickid%253Dclickid&ofatr=yes&ofats=1729440558763&position=0&ofasg=c5e9612f6a8b82610a50ba43f3af88f80312b2e1ea7fa47479646e356231b472
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.219.128.163 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-219-128-163.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-debug
OK
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
*
content-length
42
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sun, 20 Oct 2024 16:09:19 GMT
content-type
image/gif
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
__ofa.gif
tracking.fuze360.com/ Frame A0BA 		42 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracking.fuze360.com/__ofa.gif?ofac=7924324710f14d0f6c59f3e0a5067930&ofao=5d860c39065b0fe6a486d4147d48b5db%3B&ofap=%7B%22a3%22%3A%22clickid%22%7D&ofas=https%253A%252F%252Fsurvey.weeklysauce.com%252Ffightmucus2%252Fcoupon.php%253Fdirect%253Dtrue%2526uuid%253D7924324710f14d0f6c59f3e0a5067930%2526clickid%253Dclickid&ofatr=no&ofats=1729440558768&position=0&ofasg=9ca6ff63fb7c7044e18c3d2c1d31a7fb75d04f2d53b2bddc7b6fca2f268d2b3d
Requested by
Host: survey.weeklysauce.com
URL: https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.219.128.163 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-219-128-163.us-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) / Fuze360
Resource Hash
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/

Response headers

x-debug
OK
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
expires
Wed, 11 Jan 2000 12:59:00 GMT
access-control-allow-origin
*
content-length
42
p3p
cp: "IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
date
Sun, 20 Oct 2024 16:09:19 GMT
content-type
image/gif
x-powered-by
Fuze360
server
nginx/1.14.0 (Ubuntu)
last-modified
Wed, 11 Jan 2006 12:59:00 GMT
favicon.ico
survey.weeklysauce.com/ 		8 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://survey.weeklysauce.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.167.230.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-167-230-113.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
9e40aeb4087244c775f225c3d18c42ad88c76bdcd51f972e8735e40103ffe967

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://survey.weeklysauce.com/fightmucus2/coupon.php?direct=true&uuid=7924324710f14d0f6c59f3e0a5067930&clickid=clickid

Response headers

content-encoding
gzip
date
Sun, 20 Oct 2024 16:09:19 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
onlineultra.com
URL
http://onlineultra.com/

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| WebFontConfig object| WebFont function| generateUniqueID number| fuzeUniqueID string| fuze360UniqueID object| fuze360Loader object| _m_init__ function| fuze360InitCScrollbars function| fuze360ErrorLogger number| now number| s object| fuze360Ads object| widget object| modal object| video object| cookie function| fbq function| _fbq string| iframeCode

2 Cookies

Domain/Path Name / Value
survey.weeklysauce.com/ Name: PHPSESSID
Value: adovo78l42ruprd8pkfjljlams
.weeklysauce.com/ Name: _fbp
Value: fb.1.1729440557214.42197931195356330

1 Console Messages

Source Level URL
Text
security error URL: https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ=
Message:
Mixed Content: The page at 'https://go.onlineultra.com/?url=aHR0cHM6Ly9zdXJ2ZXkud2Vla2x5c2F1Y2UuY29tL2ZpZ2h0bXVjdXMyL2NvdXBvbi5waHA/ZGlyZWN0PXRydWUmdXVpZD03OTI0MzI0NzEwZjE0ZDBmNmM1OWYzZTBhNTA2NzkzMCZjbGlja2lkPWNsaWNraWQ=' was loaded over HTTPS, but requested an insecure favicon 'http://onlineultra.com/'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

92maportes.ebay.ng
ajax.googleapis.com
assets.fuze360.com
cdn.doubleverify.com
connect.facebook.net
d38psrni17bvxu.cloudfront.net
embed.fuze360.com
embed.trckfz.com
fonts.googleapis.com
fonts.gstatic.com
fuze360-images.s3-us-west-1.amazonaws.com
go.onlineultra.com
onlineultra.com
survey.weeklysauce.com
tps.doubleverify.com
tracking.fuze360.com
varun-ysz.com
www.facebook.com
onlineultra.com
104.247.81.52
13.52.168.105
13.57.71.131
138.197.194.223
2600:1408:5400:23::b819:7f49
2600:9000:2209:7400:1d:4618:5c80:21
2607:f8b0:4004:c06::5f
2607:f8b0:4004:c17::5f
2607:f8b0:400d:c0b::5e
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
3.5.163.155
34.196.113.212
35.167.230.113
35.201.101.243
54.177.190.49
54.219.128.163
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
0480d6908cfda1b5d4f2101437f703583efdb9539bfc49ec41bcb4a3697df8c5
10c3449089e27b52f0d9c8e60db5528476c933bf6722d5b4c0ea3872f82a261a
1c359349dbd26f5145c1afb43474e1184e2b4dffa86db3df07ec9823558f041e
26b2d4b0b1c885fac0668b5f2daa155f7292dd401d2455cfaa5397cff7fc8a82
2d8a4a99df46eaf3d74b0f2d15aeecaa3157a90ed30a83e1ecac8e522f9784b5
2e859bcfb54213cc4f2741bc14c6c22b5fc9b672fd2fe1883c9d90ac2469290c
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4623d5f7921ee514cf61e86e1a8fa152e89ee705b051bcb8f1e5748d89fa26a6
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
86752b95eac03cb7788e6433d555a159624ee764d6b2b9b2892e57925ffd8c0f
9e40aeb4087244c775f225c3d18c42ad88c76bdcd51f972e8735e40103ffe967
9f41fd7dc081eff2c34a7ed38332f99c8acfa2818fac3e8a5db56add443e3eb6
a66e051f86ed3023bb982f1dbbcbae4ca3e030d3bfdc4004496b92d62de7690c
a7a6779e73d2c55374ef5c81a2ace296ce51f1fe36627f8b546b051b8b182cef
a8e429611131e3fdc2018ec943a36100dbabb4aaa788c8dead6bdcf927917293
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
afd4ba1a0ba39fc437c6c7f8de34b06573bd0dd70c55ba2a443155fbb538f164
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b79d41bd55dbddc957182ecacc2d1bcb97516fa183c6bbc0f57a5001a1172e5c
b934354d9a5f194cd57e55fcf81427ba694f8a46c6fcf3741444c1fdfc5caf3b
bcdf71159c60a2ba21daf09ed46567df006d49c01be6285a9949ce50ef4d82da
ccac8f52e5f20c2b54d93bda4b02ee1b673a701226efdb3af9e23862962293f3
dd430190f66b9d00f9e3874f2d5d0cd1f28e59229fdefd4962c536ef5bedee02
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
f4cfd4a5b95dfb31c47cd567d9719fc12a0453f6ff27e2872147a9740e4b9e56