Submitted URL: https://detailcount.world/?aa=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c&t=2&a=4069008160
Effective URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Submission Tags: 6934263
Submission: On January 24 via api from NL

Summary

This website contacted 9 IPs in 4 countries across 10 domains to perform 24 HTTP transactions. The main IP is 2606:4700:3034::ac43:c9f8, located in United States and belongs to CLOUDFLARENET, US. The main domain is timetravelpromotion.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 9th 2020. Valid for: a year.
This is the only time timetravelpromotion.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
8 timetravelpromotion.com quotes-expert.com
timetravelpromotion.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 www.googletagmanager.com selected-offers.com
quotes-expert.com
timetravelpromotion.com
2 cdnjs.cloudflare.com timetravelpromotion.com
1 code.jquery.com timetravelpromotion.com
1 cdn.jsdelivr.net timetravelpromotion.com
1 ajax.googleapis.com timetravelpromotion.com
1 quotes-expert.com selected-offers.com
1 selected-offers.com
1 detailcount.world 1 redirects
24 10

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-11-06 -
2021-11-05
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2021-01-05 -
2021-03-30
3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA
2020-10-06 -
2021-10-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Frame ID: 67094D6296B4EC4C1304FB8E6165CB76
Requests: 24 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://detailcount.world/?aa=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c&t=2&a=4069008160 HTTP 302
    https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd... Page URL
  2. https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd... Page URL
  3. https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm809... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
  • script /jquery-ui.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
  • script /jquery-ui.*\.js/i

Page Statistics

24
Requests

100 %
HTTPS

100 %
IPv6

10
Domains

10
Subdomains

9
IPs

4
Countries

851 kB
Transfer

1741 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://detailcount.world/?aa=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c&t=2&a=4069008160 HTTP 302
    https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20= Page URL
  2. https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward= Page URL
  3. https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://detailcount.world/?aa=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c&t=2&a=4069008160 HTTP 302
  • https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
traffic.php
selected-offers.com/
Redirect Chain
  • https://detailcount.world/?aa=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c&t=2&a=4069008160
  • https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQ...
2 KB
1 KB
Document
General
Full URL
https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:4371 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a32d5c67e773c223fd7f7f86b8a67c511b62d75a15501f1243fad547d188a78

Request headers

:method
GET
:authority
selected-offers.com
:scheme
https
:path
/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:53 GMT
content-type
text/html
set-cookie
__cfduid=d3cc21cb95a09d13a521f23f413e245e91611470453; expires=Tue, 23-Feb-21 06:40:53 GMT; path=/; domain=.selected-offers.com; HttpOnly; SameSite=Lax
cf-cache-status
DYNAMIC
cf-request-id
07d4b8d28f000018e5a4957000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YMYLS5nI%2FnUkYOc%2BhztvDZOFlDxbyebTeT%2FaY3296W9VrHGSSIbubeJiGDPIV5Ltr3yoro5OSPdXAScoxxBYqIltRu89wIP%2BYkHh%2BIhObZzmnGlLCQfeMcU60oLkb1L5"}],"max_age":604800}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
6167c3fdb8ee18e5-FRA
content-encoding
br

Redirect headers

date
Sun, 24 Jan 2021 06:40:53 GMT
content-type
text/html
set-cookie
__cfduid=d815625009d5c5bf7e23040258e7892d81611470453; expires=Tue, 23-Feb-21 06:40:53 GMT; path=/; domain=.detailcount.world; HttpOnly; SameSite=Lax
location
https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
cf-cache-status
DYNAMIC
cf-request-id
07d4b8d15700002bce29373000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v%2FWY2LyoPy6W%2BwCNjkxuvHbL5WZG89frB1QnJwPIk2yRn6wmgVVI0rlGkDMOWyePaXDnQylllTRc3VlFz4ZeYtmIQoBPAJt2Oh%2B5gozp0TeqtDThyBaen29vVsFpTw%3D%3D"}],"group":"cf-nel"}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
6167c3fbb9722bce-FRA
js
www.googletagmanager.com/gtag/
98 KB
39 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-182899041-1
Requested by
Host: selected-offers.com
URL: https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:53 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39651
x-xss-protection
0
last-modified
Sun, 24 Jan 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 24 Jan 2021 06:40:53 GMT
traffic.php
quotes-expert.com/
2 KB
1 KB
Document
General
Full URL
https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
Requested by
Host: selected-offers.com
URL: https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:961f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
quotes-expert.com
:scheme
https
:path
/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=

Response headers

date
Sun, 24 Jan 2021 06:40:53 GMT
content-type
text/html
set-cookie
__cfduid=d273758bb20b1fd3f7fb96b8d180bf6d91611470453; expires=Tue, 23-Feb-21 06:40:53 GMT; path=/; domain=.quotes-expert.com; HttpOnly; SameSite=Lax
cf-cache-status
DYNAMIC
cf-request-id
07d4b8d30200004ac3e2160000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6XIcfFL6aRBixotR9Qe86LbLfPgol%2Bj2Mrwd5XgGcDi%2F3PFRUd7qN2C%2FUpkiAhzawUk2zEH3P4j2Gh%2BrJBZoyjXdrLsQi2uWurPhmoi3OXV6YNv7uvYDOKhFQRsjbQ%3D%3D"}],"group":"cf-nel"}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6167c3fe6f004ac3-FRA
content-encoding
br
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-182899041-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
4882
date
Sun, 24 Jan 2021 05:19:31 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sun, 24 Jan 2021 07:19:31 GMT
collect
www.google-analytics.com/j/
1 B
389 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=746198940&t=pageview&_s=1&dl=https%3A%2F%2Fselected-offers.com%2Ftraffic.php%3FLocation%3DaHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM%3D%26Forward%3DcXVvdGVzLWV4cGVydC5jb20%3D&ul=en-us&de=UTF-8&dt=Latest%20news%2C%20offers%20and%20opportunities&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=120763614&gjid=1203475673&cid=731841815.1611470454&tid=UA-182899041-1&_gid=1242864698.1611470454&_r=1&gtm=2ou1d0&z=767673499
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://selected-offers.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=cXVvdGVzLWV4cGVydC5jb20=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 24 Jan 2021 06:40:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://selected-offers.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
98 KB
39 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-182869449-1
Requested by
Host: quotes-expert.com
URL: https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:53 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39651
x-xss-protection
0
last-modified
Sun, 24 Jan 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 24 Jan 2021 06:40:53 GMT
Primary Request order.php
timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/
8 KB
3 KB
Document
General
Full URL
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Requested by
Host: quotes-expert.com
URL: https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99352904187a7a8ce5b6a131bc265f3204b858bb877cd5394d31d814619a39aa

Request headers

:method
GET
:authority
timetravelpromotion.com
:scheme
https
:path
/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=

Response headers

date
Sun, 24 Jan 2021 06:40:53 GMT
content-type
text/html
set-cookie
__cfduid=d4730eda02e5f5a28a58e3625e2e7bd0e1611470453; expires=Tue, 23-Feb-21 06:40:53 GMT; path=/; domain=.timetravelpromotion.com; HttpOnly; SameSite=Lax; Secure PHPSESSID=obaerq9alh0ig1pvv6l5ku5t46; path=/
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
cf-cache-status
DYNAMIC
cf-request-id
07d4b8d37e00002c5263bc5000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oFuogYzDquiM2fShfjO2msb2xHiclsefkmXFIzl3XufaXd%2FeOUIZm25he1DrRD4nfd3M0%2FCe%2FfpS4WOruHmQiL%2FORVTLd3GehpXvoUiG2ldmsO%2BIdCUgty6S8oXu%2Fz3gFDd34g%3D%3D"}]}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
6167c3ff2f8c2c52-FRA
content-encoding
br
analytics.js
www.google-analytics.com/
46 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-182869449-1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
4882
date
Sun, 24 Jan 2021 05:19:31 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sun, 24 Jan 2021 07:19:31 GMT
collect
www.google-analytics.com/j/
1 B
43 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1876685867&t=pageview&_s=1&dl=https%3A%2F%2Fquotes-expert.com%2Ftraffic.php%3FLocation%3DaHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM%3D%26Forward%3D&dr=https%3A%2F%2Fselected-offers.com%2Ftraffic.php%3FLocation%3DaHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM%3D%26Forward%3DcXVvdGVzLWV4cGVydC5jb20%3D&ul=en-us&de=UTF-8&dt=Latest%20news%2C%20offers%20and%20opportunities&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1362198348&gjid=720768808&cid=1769504169.1611470454&tid=UA-182869449-1&_gid=279610163.1611470454&_r=1&gtm=2ou1d0&z=123947041
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://quotes-expert.com/traffic.php?Location=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=&Forward=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 24 Jan 2021 06:40:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://quotes-expert.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
style.css
timetravelpromotion.com/form/form_include/style_css/
2 KB
1 KB
Stylesheet
General
Full URL
https://timetravelpromotion.com/form/form_include/style_css/style.css
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60e9f1c544de51bd5df0ed67730c2ab6abb5bd1a3d69725f02b3304e2564df28

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
83
cf-polished
origSize=3646
cf-request-id
07d4b8d4fe00002c52a2aad000000001
last-modified
Wed, 04 Nov 2020 20:03:30 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iAgT1eq1yw8ghMHOsWlllbJOm2a%2BKbWm3yJLZTBntLTAX6gx3QM4UFYf8Dz26aPnV70VNW8OcRGBktrNdz3zzgW5XjamcAM0t0hMQDFl95jxvJg2LI8gDvzupndi2Kk09g3e1A%3D%3D"}]}
content-type
text/css
cache-control
max-age=1800
cf-ray
6167c4019c8d2c52-FRA
cf-bgj
minify
style.php
timetravelpromotion.com/form/form_include/style_css/
975 B
498 B
Stylesheet
General
Full URL
https://timetravelpromotion.com/form/form_include/style_css/style.php?file=/home/scalesustain/public_html/timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/settingscss.ini
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f24d024dacbc9e951fbfd2f1dd36895cc5ed031495f6c3e84ca492b20f348b0e

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id
07d4b8d4ff00002c528d931000000001
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
date
Sun, 24 Jan 2021 06:40:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1AvmsgaBtP%2Bi2oyx1RKMRgOKS0oZlQwhHly4HtqiWCWvARCkDGlJ53BUkB6wzwov8MjkY7eSG4LmwIFZiBAiS8AR1G%2FOF8PW3Wsf7CcRrWQc21%2Fc8h4Lne1p7gu926XK9lxgrg%3D%3D"}]}
content-type
text/css
cf-ray
6167c4019c902c52-FRA
styleradio.php
timetravelpromotion.com/form/form_include/style_css/
393 B
467 B
Stylesheet
General
Full URL
https://timetravelpromotion.com/form/form_include/style_css/styleradio.php
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0f2172cca7f2ee56847a477f48fca537ee00c7b00da258ad14b1f2347fe747c

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id
07d4b8d4fe00002c52838f8000000001
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
date
Sun, 24 Jan 2021 06:40:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EMx%2B4zLItRoyaBknygrabtEHTNR73q%2Bx%2FDWBhVoojwR%2B1mNuaacovbY7h16qrI0u9OcgB4LFP8Bmt7MpThZKIgGurpLQBjehDg5twpmSQ444IoDMIm2r0EEerErKbht6xlbMPA%3D%3D"}]}
content-type
text/css
cf-ray
6167c4019c912c52-FRA
bootstrap.min.css
timetravelpromotion.com/form/form_include/style_css/bootstrap/css/
118 KB
18 KB
Stylesheet
General
Full URL
https://timetravelpromotion.com/form/form_include/style_css/bootstrap/css/bootstrap.min.css
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 04 Nov 2020 20:03:32 GMT
server
cloudflare
age
83
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6Ol1olFhMgLoqSIjr9g0CZynqCBSMgO7coKmntT4rLCxUM5kwf7Ik3tc3T34MP6cCtcofWjGwo1sb9SNWhYjG6eg9TKt%2BHzLhoggb5HpBLttYaAJxW58aqICxkRF6Fg%2FVwdtaw%3D%3D"}]}
content-type
text/css
cache-control
max-age=1800
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
6167c4019c922c52-FRA
cf-request-id
07d4b8d4ff00002c5297b7c000000001
jquery-ui.css
cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/
36 KB
7 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.12.1/jquery-ui.css
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7ac54f58ba507b13621ceb6fcf5fe879f5ac9bdcf049d16153110c6ad048c7c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
2515403
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
7318
cf-request-id
07d4b8d4fe0000640ddaa89000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-91ce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tpSIBydIViGnj5tRboReBkAG4BwfQqvzgwGmj6ZjROtj0mV8oZ876cq7WCDLTXhK%2F7TzEzYb2L3y3G449Ouj%2Fo5UAD7kQlMqcBFvT96ceNzNwSfPfpDJrXCDGTeP%2FRLaZg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6167c4019846640d-FRA
expires
Fri, 14 Jan 2022 06:40:54 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.0/
84 KB
29 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 22 Jan 2021 19:53:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
125230
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30089
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 22 Jan 2022 19:53:44 GMT
jquery.validate.min.js
cdn.jsdelivr.net/jquery.validation/1.15.0/
22 KB
7 KB
Script
General
Full URL
https://cdn.jsdelivr.net/jquery.validation/1.15.0/jquery.validate.min.js
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
876869
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
7320
etag
W/"58a0-xaL/AT+jV8HSplcbXY5ljmcAgOo"
x-served-by
cache-fra19153-FRA
date
Sun, 24 Jan 2021 06:40:54 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
modernizr.js
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/
50 KB
13 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.js
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dfc3ef73c1284c7aff3c5cdac3812d212c8b899037d7860c8ba20a1defb9a7f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
293245
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
content-length
13382
cf-request-id
07d4b8d4ff0000640df92a6000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:13:26 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03f26-c897"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sHgIsx1pnXttdAPMsKxFkjtvGWA7kCmtgYR1%2Fs3UQyFqG28wVBKIE7WBv6zJBhYBv35K%2BoHFM%2FcVK7KyrK%2BkINPl3utW%2FL3T31iowOth%2FvisydMoqbkXbniLi1fms8MUfQ%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6167c4019849640d-FRA
expires
Fri, 14 Jan 2022 06:40:54 GMT
jquery-ui.js
code.jquery.com/ui/1.12.1/
509 KB
122 KB
Script
General
Full URL
https://code.jquery.com/ui/1.12.1/jquery-ui.js
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d

Request headers

Origin
https://timetravelpromotion.com
Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
content-encoding
gzip
last-modified
Wed, 14 Sep 2016 16:34:16 GMT
server
nginx
etag
W/"57d97c08-7f20a"
vary
Accept-Encoding
x-hw
1611470454.dop016.fr8.t,1611470454.cds215.fr8.hn,1611470454.cds269.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
124434
js
www.googletagmanager.com/gtag/
101 KB
40 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-179739804-1
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3f26c81a04b4b587627a4f3a75f990ce495c6f991ea5b0d59e1f546067a64e27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40599
x-xss-protection
0
expires
Sun, 24 Jan 2021 06:40:54 GMT
img.png
timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/
470 KB
471 KB
Image
General
Full URL
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/img.png
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cf28aab57c00e498b7dc564cf3cddc2ba7095c08d676e900fed3b899bc4651a

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
cf-cache-status
MISS
last-modified
Mon, 18 Jan 2021 10:08:50 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n0ammgNelk5am06PhfFdhSP0NZzqcA9hbbwFcK8ZdYLrA%2BSK2gTOMWL9jP2xf5z05DdqZFwp4%2B%2FgS8fB4%2Bwkg7xtKvrQc1NIb4%2BdURJbYw2SEbcLsuosGZ3HVnSyjs9UKXoeGw%3D%3D"}]}
content-type
image/png
cache-control
max-age=1800
nel
{"max_age":604800,"report_to":"cf-nel"}
accept-ranges
bytes
cf-ray
6167c4026dd92c52-FRA
content-length
481178
cf-request-id
07d4b8d58000002c52258f2000000001
tpixel.php
timetravelpromotion.com/
70 B
489 B
Image
General
Full URL
https://timetravelpromotion.com/tpixel.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c&lt=22&p=aHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM=
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35c38e9c4fd4766f5cdd01074572f66a82c9257b0b27878e173fb7916f8b6744

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id
07d4b8d58000002c529e8de000000001
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
date
Sun, 24 Jan 2021 06:40:54 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YOY%2B4r%2BJEIFRIeQ%2BWJhg2vDDoGkKeIwEgNstxKRYWTL%2FT%2B5hhBlsgvPOZF0jfQDfBeAqVUkEdyB2seF25cJVV4bzjAqjMRc6QGo9hhnsaYzoh2lHJZ0kRUhJAgB7ZJ8zqUYdbA%3D%3D"}]}
content-type
image/png
cf-ray
6167c4026dde2c52-FRA
language_validate.js
timetravelpromotion.com/form/form_include/js/
709 B
635 B
Script
General
Full URL
https://timetravelpromotion.com/form/form_include/js/language_validate.js
Requested by
Host: timetravelpromotion.com
URL: https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:c9f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc6cffe9933be9245e5a73e10abe60b61bb5449ebeffe4630609bc90ab7faf07

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 06:40:54 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
83
cf-polished
origSize=1102
cf-request-id
07d4b8d54d00002c5240bb8000000001
last-modified
Wed, 04 Nov 2020 20:03:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5SqbJjzoekD36LlI5gASKWYEdM6Gw%2FgaobL1gSfxGw0%2FxSzABGExZ5KgLT2bdSBgf3O4Nwn%2Fm6I7S1dOvw9SiJIkB3BODA%2FFll9UQusLL3FyPUWm%2Bw4lfSNmXJR1CkNiptktCQ%3D%3D"}]}
content-type
application/javascript
cache-control
max-age=1800
cf-ray
6167c4021d542c52-FRA
cf-bgj
minify
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-179739804-1
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
4883
date
Sun, 24 Jan 2021 05:19:31 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sun, 24 Jan 2021 07:19:31 GMT
collect
www.google-analytics.com/j/
1 B
70 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=67396238&t=pageview&_s=1&dl=https%3A%2F%2Ftimetravelpromotion.com%2F16292%2FDTWuPObgDfqVPL0r%2Forder.php%3Fsli%3D4069008160%26sei%3D41575799%26tk%3D7yLn99Upm80955PTGf6c&dr=https%3A%2F%2Fquotes-expert.com%2Ftraffic.php%3FLocation%3DaHR0cHM6Ly90aW1ldHJhdmVscHJvbW90aW9uLmNvbS8xNjI5Mi9EVFd1UE9iZ0RmcVZQTDByL29yZGVyLnBocD9zbGk9NDA2OTAwODE2MCZzZWk9NDE1NzU3OTkmdGs9N3lMbjk5VXBtODA5NTVQVEdmNmM%3D%26Forward%3D&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1294096864&gjid=2008488316&cid=1976127225.1611470454&tid=UA-179739804-1&_gid=925566525.1611470454&_r=1&gtm=2ou1d0&z=240057924
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://timetravelpromotion.com/16292/DTWuPObgDfqVPL0r/order.php?sli=4069008160&sei=41575799&tk=7yLn99Upm80955PTGf6c
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 24 Jan 2021 06:40:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://timetravelpromotion.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| html5 object| Modernizr string| js_variable string| js_variable_email function| gtag object| dataLayer object| elements object| dateToday2 undefined| uploadField function| do_nothing object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

5 Cookies

Domain/Path Name / Value
.timetravelpromotion.com/ Name: _gat_gtag_UA_179739804_1
Value: 1
.timetravelpromotion.com/ Name: _gid
Value: GA1.2.925566525.1611470454
.timetravelpromotion.com/ Name: _ga
Value: GA1.2.1976127225.1611470454
timetravelpromotion.com/ Name: PHPSESSID
Value: obaerq9alh0ig1pvv6l5ku5t46
.timetravelpromotion.com/ Name: __cfduid
Value: d4730eda02e5f5a28a58e3625e2e7bd0e1611470453

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
detailcount.world
quotes-expert.com
selected-offers.com
timetravelpromotion.com
www.google-analytics.com
www.googletagmanager.com
2001:4de0:ac19::1:b:2b
2606:4700:3034::ac43:961f
2606:4700:3034::ac43:c9f8
2606:4700:3036::6815:4371
2606:4700:3037::ac43:aef7
2606:4700::6810:135e
2a00:1450:4001:808::2008
2a00:1450:4001:80b::200e
2a00:1450:4001:816::200a
2a04:4e42:3::621
0cf28aab57c00e498b7dc564cf3cddc2ba7095c08d676e900fed3b899bc4651a
35c38e9c4fd4766f5cdd01074572f66a82c9257b0b27878e173fb7916f8b6744
3f26c81a04b4b587627a4f3a75f990ce495c6f991ea5b0d59e1f546067a64e27
4a32d5c67e773c223fd7f7f86b8a67c511b62d75a15501f1243fad547d188a78
4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d
60e9f1c544de51bd5df0ed67730c2ab6abb5bd1a3d69725f02b3304e2564df28
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7dfc3ef73c1284c7aff3c5cdac3812d212c8b899037d7860c8ba20a1defb9a7f
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
99352904187a7a8ce5b6a131bc265f3204b858bb877cd5394d31d814619a39aa
a7ac54f58ba507b13621ceb6fcf5fe879f5ac9bdcf049d16153110c6ad048c7c
aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860
c0f2172cca7f2ee56847a477f48fca537ee00c7b00da258ad14b1f2347fe747c
cc6cffe9933be9245e5a73e10abe60b61bb5449ebeffe4630609bc90ab7faf07
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
f24d024dacbc9e951fbfd2f1dd36895cc5ed031495f6c3e84ca492b20f348b0e