urlscan.io logo urlscan.io
SecurityTrails logo

t49.hemmungslos.net Open in urlscan Pro
2606:4700:3034::ac43:9d40  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://soo.gd/J4FT
Effective URL: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc16...
Submission: On January 19 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 3 countries across 18 domains to perform 36 HTTP transactions. The main IP is 2606:4700:3034::ac43:9d40, located in United States and belongs to CLOUDFLARENET, US. The main domain is t49.hemmungslos.net.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 9th 2021. Valid for: a year.
This is the only time t49.hemmungslos.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.130 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 143.204.98.48 16509 (AMAZON-02)
1 1 13.224.193.4 16509 (AMAZON-02)
2 2 18.192.108.151 16509 (AMAZON-02)
1 108.157.4.55 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 205.185.216.10 20446 (HIGHWINDS3)
1 2 128.0.45.252 60657 (CAPITAL-F...)
1 5 2606:4700:303... 13335 (CLOUDFLAR...)
5 151.139.237.33 33438 (HIGHWINDS2)
1 151.101.66.137 ()
36 18
1    2606:4700:3031::ac43:86be (United States)

ASN13335 (CLOUDFLARENET, US)
soo.gd
1    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
securepubads.g.doubleclick.net
5    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
26753adb043dd009e376941c1e146259.safeframe.googlesyndication.com
1    143.204.98.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-48.fra50.r.cloudfront.net
t.avod.link
1    13.224.193.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-4.fra2.r.cloudfront.net
t.crdefault.link
2    18.192.108.151 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-108-151.eu-central-1.compute.amazonaws.com
a.vfgtg.com
1    108.157.4.55 (United States)

ASN16509 (AMAZON-02, US)
s.aslnk.link
4    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
ckstatic.com
2    128.0.45.252 (Romania)

ASN60657 (CAPITAL-FINANCIAL-AS Str. Sfanta Vineri nr. 25 Bloc 105 C, Parter, RO)
dlvr.xcash.com
5    2606:4700:3034::ac43:9d40 (United States)

ASN13335 (CLOUDFLARENET, US)
trk.hemmungslos.net
t49.hemmungslos.net
5    151.139.237.33 (United States)

ASN33438 (HIGHWINDS2, US)
static-01-2ug82pacs7u3bksy.netdna-ssl.com
static-03-2ug82pacs7u3bksy.netdna-ssl.com
1    151.101.66.137 (None, )

ASN- ()
js-agent.newrelic.com
Apex Domain
Subdomains		 Transfer
7 googlesyndication.com
26753adb043dd009e376941c1e146259.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 100
tpc.googlesyndication.com — Cisco Umbrella Rank: 124
38 KB
5 netdna-ssl.com
static-01-2ug82pacs7u3bksy.netdna-ssl.com — Cisco Umbrella Rank: 947358
static-03-2ug82pacs7u3bksy.netdna-ssl.com — Cisco Umbrella Rank: 203907
763 KB
5 hemmungslos.net
trk.hemmungslos.net
t49.hemmungslos.net
249 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
40 KB
3 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184
120 KB
2 xcash.com
dlvr.xcash.com
2 KB
2 vfgtg.com
a.vfgtg.com — Cisco Umbrella Rank: 304290
1 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 80
www.google.com — Cisco Umbrella Rank: 13
2 KB
1 newrelic.com
js-agent.newrelic.com
13 KB
1 ckstatic.com
ckstatic.com — Cisco Umbrella Rank: 253941
7 KB
1 aslnk.link
s.aslnk.link — Cisco Umbrella Rank: 442529
2 KB
1 crdefault.link
t.crdefault.link
1 KB
1 avod.link
t.avod.link — Cisco Umbrella Rank: 286738
1 KB
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8028
792 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
36 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 165
27 KB
1 soo.gd
soo.gd
2 KB
0 nr-data.net Failed
bam-cell.nr-data.net Failed
36 18
Domain Requested by
5 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
t49.hemmungslos.net
4 static-01-2ug82pacs7u3bksy.netdna-ssl.com t49.hemmungslos.net
static-01-2ug82pacs7u3bksy.netdna-ssl.com
4 t49.hemmungslos.net dlvr.xcash.com
t49.hemmungslos.net
4 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
3 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
2 dlvr.xcash.com 1 redirects s.aslnk.link
2 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 a.vfgtg.com 2 redirects
1 js-agent.newrelic.com t49.hemmungslos.net
1 static-03-2ug82pacs7u3bksy.netdna-ssl.com t49.hemmungslos.net
1 trk.hemmungslos.net 1 redirects
1 ckstatic.com s.aslnk.link
1 www.google.com tpc.googlesyndication.com
1 s.aslnk.link soo.gd
1 t.crdefault.link 1 redirects
1 t.avod.link 1 redirects
1 26753adb043dd009e376941c1e146259.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 www.googletagmanager.com soo.gd
1 www.googletagservices.com soo.gd
1 soo.gd
0 bam-cell.nr-data.net Failed js-agent.newrelic.com
36 23

This site contains links to these domains. Also see Links.

Domain
hemmungslos.net
support.hemmungslos.net
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-08-19 -
2022-08-18		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
*.ajrkm.link
Amazon		 2021-07-01 -
2022-07-30		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
ckstatic.com
R3		 2021-10-12 -
2022-01-10		 3 months crt.sh
dlvr.xcash.com
R3		 2021-12-20 -
2022-03-20		 3 months crt.sh
*.netdna-ssl.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-22 -
2022-03-18		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-10-06 -
2022-11-07		 a year crt.sh

This page contains 4 frames:

Primary Page: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Frame ID: 2B325705442C48C5F4B92F3DBB96BFEC
Requests: 30 HTTP requests in this frame

Frame: https://26753adb043dd009e376941c1e146259.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EF976F3C0D53939A98E9B147131D6F7D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4CF33F1F73E9BA2CE65CF20126F1F243
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1C89679F99A976A9C29F27F76E8D5D59
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Hemmungslos: Dates und unverbindliche Treffen

Page URL History Show full URLs

  1. https://soo.gd/J4FT Page URL
  2. https://t.avod.link/177036/6604/0?po=6456 HTTP 303
    https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=&aff_u... HTTP 303
    https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=102d1... HTTP 302
    https://a.vfgtg.com/594d904a-0357-44c8-8f0f-a122ee52f3d8?subID1=%3B&affiliateID=44542&source=102... HTTP 302
    https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgj... Page URL
  3. https://dlvr.xcash.com/38463?subaffiliate_id=44542&session_id=1026ce98921d682972888865e481a6&extern... HTTP 302
    https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D10287... Page URL
  4. https://trk.hemmungslos.net/a/ff0049/?promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keywo... HTTP 302
    https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&k... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • require.*\.js
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

36
Requests

92 %
HTTPS

55 %
IPv6

18
Domains

23
Subdomains

18
IPs

3
Countries

1300 kB
Transfer

2717 kB
Size

30
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://soo.gd/J4FT Page URL
  2. https://t.avod.link/177036/6604/0?po=6456 HTTP 303
    https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&aff_unique4=&aff_unique5=&aff_click_id=&source= HTTP 303
    https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=102d1e38b9293009884f0c60ff174d&subID2=177036&s2=102d1e38b9293009884f0c60ff174d&s3=;&s4=177036&url=1&affsub=&affsource= HTTP 302
    https://a.vfgtg.com/594d904a-0357-44c8-8f0f-a122ee52f3d8?subID1=%3B&affiliateID=44542&source=102d1e38b9293009884f0c60ff174d&subID2=177036&Target=&Site=&Bnr=&cid=wstuomk8f4tj4dfdit37p7ae&affsource= HTTP 302
    https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgja7sdfd2kqa73fs&source=102d1e38b9293009884f0c60ff174d&nopop=1&bo=2753,2754,2755,2756 Page URL
  3. https://dlvr.xcash.com/38463?subaffiliate_id=44542&session_id=1026ce98921d682972888865e481a6&external_campaign_id=177036 HTTP 302
    https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e88158a2a3e429461062%26m%3D0%7C0%7C0%7C0%26email%3D%26email_encoded%3D%26flow%3D18%26fb_pixel%3D%26ptid%3D38463&redirect_back=https%3A%2F%2Fdlvr.xcash.com%2F38463%2F%3Fsubaffiliate_id%3D44542%26session_id%3D1026ce98921d682972888865e481a6%26external_campaign_id%3D177036%26tt%3D1 Page URL
  4. https://trk.hemmungslos.net/a/ff0049/?promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463 HTTP 302
    https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://t.avod.link/177036/6604/0?po=6456 HTTP 303
  • https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&aff_unique4=&aff_unique5=&aff_click_id=&source= HTTP 303
  • https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=102d1e38b9293009884f0c60ff174d&subID2=177036&s2=102d1e38b9293009884f0c60ff174d&s3=;&s4=177036&url=1&affsub=&affsource= HTTP 302
  • https://a.vfgtg.com/594d904a-0357-44c8-8f0f-a122ee52f3d8?subID1=%3B&affiliateID=44542&source=102d1e38b9293009884f0c60ff174d&subID2=177036&Target=&Site=&Bnr=&cid=wstuomk8f4tj4dfdit37p7ae&affsource= HTTP 302
  • https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgja7sdfd2kqa73fs&source=102d1e38b9293009884f0c60ff174d&nopop=1&bo=2753,2754,2755,2756
Request Chain 22
  • https://dlvr.xcash.com/38463?subaffiliate_id=44542&session_id=1026ce98921d682972888865e481a6&external_campaign_id=177036 HTTP 302
  • https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e88158a2a3e429461062%26m%3D0%7C0%7C0%7C0%26email%3D%26email_encoded%3D%26flow%3D18%26fb_pixel%3D%26ptid%3D38463&redirect_back=https%3A%2F%2Fdlvr.xcash.com%2F38463%2F%3Fsubaffiliate_id%3D44542%26session_id%3D1026ce98921d682972888865e481a6%26external_campaign_id%3D177036%26tt%3D1

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
J4FT
soo.gd/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://soo.gd/J4FT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7fe7790594eeee4ca56ff9e2fd74fdd1dd43b8af9dfa9840403cce8bdbd4a17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Wed, 19 Jan 2022 21:23:33 GMT
content-type
text/html; Charset=UTF-8;charset=UTF-8
vary
Accept-Encoding
cache-control
no-cache, must-revalidate, max-age=0
pragma
no-cache
x-robots-tag
noindex, nofollow
i-am
Alpha
strict-transport-security
max-age=31536000; includeSubdomains;
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7oreRQCtOxYdT4eqK74ZdUwDKg1Hyb7XNhiSF31E6UXWq%2FKqubKrP6rruZUtI0x39YJcoEVrrGnFQuBJpho0aq4VyZxZSHbFF3iK5FadFq0b%2Fi1MgfVQAT%2FdF9zDqF4mXFznyhA%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6d031ff33cd67a43-DUS
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
gpt.js
www.googletagservices.com/tag/js/ 		78 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: soo.gd
URL: https://soo.gd/J4FT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9e575113cd46216339bdf2532375afbc228c0f70095d889b0b17080fd8af9f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26997
x-xss-protection
0
server
sffe
etag
"1107 / 67 of 1000 / last-modified: 1642594075"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Wed, 19 Jan 2022 21:23:33 GMT
js
www.googletagmanager.com/gtag/ 		91 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-31510493-2
Requested by
Host: soo.gd
URL: https://soo.gd/J4FT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f2a94ad7e0790a9d1237bb68214a402da2d9511712e6cf260f8bb267a37adc0c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:33 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36522
x-xss-protection
0
last-modified
Wed, 19 Jan 2022 21:00:30 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 19 Jan 2022 21:23:33 GMT
pubads_impl_2022011002.js
securepubads.g.doubleclick.net/gpt/ 		352 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
sffe /
Resource Hash
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 19:32:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6674
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
121009
x-xss-protection
0
last-modified
Mon, 10 Jan 2022 21:10:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 19 Jan 2023 19:32:19 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		25 B
677 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=soo.gd
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
9ee33e5f6fe3c76e375cc583405418d048bf2b8ecac948ff1822d9c3b52804a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 19 Jan 2022 21:23:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41
x-xss-protection
0
expires
Wed, 19 Jan 2022 21:23:33 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6519
date
Wed, 19 Jan 2022 19:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 19 Jan 2022 21:34:54 GMT
integrator.js
adservice.google.de/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=soo.gd
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 19 Jan 2022 21:23:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=soo.gd
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 19 Jan 2022 21:23:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		412 B
721 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1343952441332804&correlator=2006383398188690&output=ldjh&impl=fif&eid=44757100&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220119&iu_parts=5837603%2CSGD_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1642627413&dt=1642627413916&dlt=1642627413423&idt=457&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=1216140633&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fsoo.gd%2FJ4FT&vis=1&scr_x=0&scr_y=0&psz=300x63&msz=0x0&ga_vid=1194484339.1642627414&ga_sid=1642627414&ga_hid=1601390411&ga_fc=false&fws=128&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
ded5fe880d31adc4c8b87da6a6b30e631cf8b9b77c73c8b01f6be6fa38393e1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:33 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
219
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://soo.gd
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
26753adb043dd009e376941c1e146259.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EF97 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://26753adb043dd009e376941c1e146259.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Wed, 19 Jan 2022 21:23:34 GMT
expires
Thu, 19 Jan 2023 21:23:34 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
www.google-analytics.com/j/ 		1 B
199 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1601390411&t=pageview&_s=1&dl=https%3A%2F%2Fsoo.gd%2FJ4FT&ul=en-us&de=UTF-8&dt=J4FT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=746361929&gjid=966085929&cid=1194484339.1642627414&tid=UA-31510493-2&_gid=197524614.1642627414&_r=1&gtm=2ou1c0&z=1644729745
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://soo.gd/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 19 Jan 2022 21:23:33 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://soo.gd
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
s.aslnk.link/5wszez6v7k/44542/7681/28250/
Redirect Chain
  • https://t.avod.link/177036/6604/0?po=6456
  • https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&aff_unique4=&aff_unique5=&aff_click_id=&source=
  • https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=102d1e38b9293009884f0c60ff174d&subID2=177036&s2=102d1e38b9293009884f0c60ff174d&s3=;&s4=177036&url=1&affsub...
  • https://a.vfgtg.com/594d904a-0357-44c8-8f0f-a122ee52f3d8?subID1=%3B&affiliateID=44542&source=102d1e38b9293009884f0c60ff174d&subID2=177036&Target=&Site=&Bnr=&cid=wstuomk8f4tj4dfdit37p7ae&affsource=
  • https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgja7sdfd2kqa73fs&source=102d1e38b9293009884f0c60ff174d&nopop=1&bo=2753,2754,2755,2756
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgja7sdfd2kqa73fs&source=102d1e38b9293009884f0c60ff174d&nopop=1&bo=2753,2754,2755,2756
Requested by
Host: soo.gd
URL: https://soo.gd/J4FT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
f8e80a8c2985862a7e2cf4281e84a549058b338dce738a750aec76ce7eeae9d7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/J4FT

Response headers

content-type
text/html; charset=utf-8
server
nginx/1.19.0
date
Wed, 19 Jan 2022 21:23:35 GMT
vary
Accept-Encoding
tracking_id
1026ce98921d682972888865e481a6
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P2
x-amz-cf-id
_4MKbDII6zomiGXcZ5Mr2aIvFQAFgSHsFuFXWxD3-AyJ1bgESmKx6A==

Redirect headers

server
nginx
date
Wed, 19 Jan 2022 21:23:35 GMT
content-length
0
cache-control
no-store, no-cache, pre-check=0, post-check=0
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgja7sdfd2kqa73fs&source=102d1e38b9293009884f0c60ff174d&nopop=1&bo=2753,2754,2755,2756
pragma
no-cache
sodar
pagead2.googlesyndication.com/getconfig/ 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 19 Jan 2022 21:23:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9116
x-xss-protection
0
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1601390411&t=timing&_s=2&dl=https%3A%2F%2Fsoo.gd%2FJ4FT&ul=en-us&de=UTF-8&dt=J4FT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1176&pdt=1&dns=4&rrt=1&srt=427&tcp=28&dit=491&clt=491&_gst=789&_gbt=973&_cst=491&_cbt=783&_u=YAhAAUABAAAAAC~&jid=&gjid=&cid=1194484339.1642627414&tid=UA-31510493-2&_gid=197524614.1642627414&gtm=2ou1c0&z=811884621
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Jan 2022 10:35:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
38902
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 19 Jan 2022 21:23:34 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4CF3 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 19 Jan 2022 20:28:41 GMT
expires
Thu, 19 Jan 2023 20:28:41 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
3293
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 1C89 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CILiuo8WqYvWO3dzRsIDSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Wed, 19 Jan 2022 21:23:34 GMT
date
Wed, 19 Jan 2022 21:23:34 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-CILiuo8WqYvWO3dzRsIDSA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js
pagead2.googlesyndication.com/bg/ Frame 4CF3 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 15:07:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
22592
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13526
x-xss-protection
0
last-modified
Wed, 12 Jan 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Jan 2023 15:07:02 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1C89 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=1343952441332804&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 4CF3 		0
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=1343952441332804&bg=!1tWl1ZHNAAZ_DxPPfw87ACkAdvg8Wu2KUUmyO64nUUfXtMwjbgtiXPWjNQdzF5SMSYwD6ncDoayoTgIAAABcUgAAAANoAQcKALScMSU3aIb-1w5oCV8EoCbhkEtVq2BVxRVYxXHdakud0SHcDRTvfTKPP87pI8tTXsKfiW0MPu4trp30PhetGfKEkXnhqsuDDvkLsLqOn5DeLHpTWpf4YG1hvwgwJ1EKtY-IG9aWbfxrlo0Ab_HUdJj8oci2tUEqb-_RQ0bjrtw1qLBKk-WF6PjcuOcZ6sxOPmhmvHFFjXDbQiDX3bu4lBtk66htyRl3vXKUkF_8BJwXP_K1EWWZArc19hQk_gZpA0zk2AEV_QPF0ErzKvzwNk7gtpua2DQG5GMRlKqsNmPux3iSszq6eAPOFExBIEXNzpUPaoFlfIsLMKocWv6hvdtzJ46bkUBSaox7CzpPliOrFdUQYyRJxKytvFNcQJUYfr-NG8vtjU1kFjQcsgq5zP-RDOgAZLUnvsmVr0-S2kBV_1ba_jGtgKwUg-Ah6zknPPDAXOK4bChyQFpVcHkI2MvUb1ihvUHqQ--1MEe-qxJO6GRqzviaHYC3NZUCQ_YI4jJR_n3dmGwQJJjmkMdndziQUN41-PcHGFnPLN27VdUnLcvDlyWaitg3yQGLNU71XXb4BDegrGTJ-JVfIY5qITzgdqv_f4yLoVVKyrtEDV4xlVeG4dO4mTFWLiDb9FtjBYGvT_InnLcEd4SWdhsx1ripi1k-wU4Vsv5e0El3Qa62T9wyGHfYJQ1pCQ9OL5Zeb-NVPdArytU4uBKXFqGtiDgsEtxXyQ1EMp9zx6Ldck2e8RwOgmrAbbbvOs24Zq_ZapqDNb_7BRBnH-bH3GJi2PdQvSvdsniPkkwCP-oSLEg_JmH0jCI1ntiFAMPHwU2NcEJxsMkyTsLSnIx8tHRwQZPHCYqurdi1NBud7Y6YcW1KUb-eZQxz_JF68BMLw9KrPvWfPWa63-q47rgAnEzLU03vZbZ0rFdDiXpXuwBYFNTUErfj2QiKXcMnpXBtuMR-ULt5cJbXcHD0NtUwOOIzqH7h14cQSY8PXECAmMSGL8MMVtM9xvk7EjZx2IsCz4H2frS7Jn1qyeSTc7bG7SkeG-02cVG-pX_eJy5DwVhPYeP0VXPSrAuCoJb6U3zST1ua3P5eK5TfPNZCFo7KNUAkQEdUuY9YIX5ZbxVCeL5XywQt_yeACewpz_bEi_AsbaiNphXeaUTzzrygoN3mwwur1g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://soo.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 19 Jan 2022 21:23:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
history.js
ckstatic.com/js/historyjs/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ckstatic.com/js/historyjs/history.js
Requested by
Host: s.aslnk.link
URL: https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgja7sdfd2kqa73fs&source=102d1e38b9293009884f0c60ff174d&nopop=1&bo=2753,2754,2755,2756
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s.aslnk.link/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 19 Jan 2022 21:23:36 GMT
Content-Encoding
gzip
Last-Modified
Tue, 08 Dec 2020 12:45:10 GMT
ETag
"1607431510"
X-HW
1642627415.dop228.am5.t,1642627416.cds272.am5.shn,1642627416.dop228.am5.t,1642627416.cds113.am5.c
Content-Type
text/javascript
Cache-Control
public, max-age=2888
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
6880
r
dlvr.xcash.com/
Redirect Chain
  • https://dlvr.xcash.com/38463?subaffiliate_id=44542&session_id=1026ce98921d682972888865e481a6&external_campaign_id=177036
  • https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e8815...
1 KB
957 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e88158a2a3e429461062%26m%3D0%7C0%7C0%7C0%26email%3D%26email_encoded%3D%26flow%3D18%26fb_pixel%3D%26ptid%3D38463&redirect_back=https%3A%2F%2Fdlvr.xcash.com%2F38463%2F%3Fsubaffiliate_id%3D44542%26session_id%3D1026ce98921d682972888865e481a6%26external_campaign_id%3D177036%26tt%3D1
Requested by
Host: s.aslnk.link
URL: https://s.aslnk.link/5wszez6v7k/44542/7681/28250/?aff_sub=%3B&aff_sub2=177036&aff_sub3=w31sdirvgja7sdfd2kqa73fs&source=102d1e38b9293009884f0c60ff174d&nopop=1&bo=2753,2754,2755,2756
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
128.0.45.252 , Romania, ASN60657 (CAPITAL-FINANCIAL-AS Str. Sfanta Vineri nr. 25 Bloc 105 C, Parter, RO),
Reverse DNS
Software
openresty/1.19.3.1 / HHVM/3.11.1
Resource Hash
b5c91fcf2c8dc4039808e6c910505d0092462940246e008f00058f339cc9d66f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://s.aslnk.link/

Response headers

server
openresty/1.19.3.1
content-type
text/html; charset=UTF-8
x-powered-by
HHVM/3.11.1
content-encoding
gzip
vary
Accept-Encoding
date
Wed, 19 Jan 2022 21:23:36 GMT
cache-control
no-cache

Redirect headers

server
openresty/1.19.3.1
content-type
text/html; charset=UTF-8
location
https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e88158a2a3e429461062%26m%3D0%7C0%7C0%7C0%26email%3D%26email_encoded%3D%26flow%3D18%26fb_pixel%3D%26ptid%3D38463&redirect_back=https%3A%2F%2Fdlvr.xcash.com%2F38463%2F%3Fsubaffiliate_id%3D44542%26session_id%3D1026ce98921d682972888865e481a6%26external_campaign_id%3D177036%26tt%3D1
cache-control
no-cache
vary
Accept-Encoding
date
Wed, 19 Jan 2022 21:23:36 GMT
x-powered-by
HHVM/3.11.1
content-encoding
gzip
Primary Request /
t49.hemmungslos.net/
Redirect Chain
  • https://trk.hemmungslos.net/a/ff0049/?promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&f...
  • https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=...
44 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Requested by
Host: dlvr.xcash.com
URL: https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e88158a2a3e429461062%26m%3D0%7C0%7C0%7C0%26email%3D%26email_encoded%3D%26flow%3D18%26fb_pixel%3D%26ptid%3D38463&redirect_back=https%3A%2F%2Fdlvr.xcash.com%2F38463%2F%3Fsubaffiliate_id%3D44542%26session_id%3D1026ce98921d682972888865e481a6%26external_campaign_id%3D177036%26tt%3D1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:9d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e22b12408caa7ecd10b314222714797de990df8fbe721b3e716485bead3679d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://dlvr.xcash.com/r?url=https%3A%2F%2Ftrk.hemmungslos.net%2Fa%2Fff0049%2F%3Fpromo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e88158a2a3e429461062%26m%3D0%7C0%7C0%7C0%26email%3D%26email_encoded%3D%26flow%3D18%26fb_pixel%3D%26ptid%3D38463&redirect_back=https%3A%2F%2Fdlvr.xcash.com%2F38463%2F%3Fsubaffiliate_id%3D44542%26session_id%3D1026ce98921d682972888865e481a6%26external_campaign_id%3D177036%26tt%3D1

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRzVXnp25OfFONgqYNBwaNh0D2EVkoDvBfxpw5ONVcrElnvqeznUsLTZUoDLoUtKfKQrXI39ff%2B8Qh5DRpFfXB%2Buwc%2BoJerRBFJyDJJgMTQmcq%2Ft3VlGe9GysVvek3Jr%2FXejo4pJ7IXqRUzw69nmSDGb"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6d03200cfaa02181-DUS
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Wed, 19 Jan 2022 21:23:37 GMT
content-type
text/html; charset=UTF-8
location
https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7nT9pwMD1WTLw3z3Y1ZGA%2BqiV6xuV0G1lDFmuk71uZF5cEMQhGIIYOFZHzHLUCiv2LftypwwVHMKa9rFOkfyitO6V%2FU6dPhSKah8B44xBMMFks82JKndx%2BdnY0rUp8yK0P9WaI%2B57F86rs0NhysI0jr"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6d03200c798f2181-DUS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
landing0039.css
static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/ 		35 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/landing0039.css?v=2.203.0.master.20220118140444
Requested by
Host: t49.hemmungslos.net
URL: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.237.33 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
b1a4839b38c9e4a6d0d66470cd6d4ec1e788a7670ef9aa21df83aefb5f40ddcd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t49.hemmungslos.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7785
cf-polished
origSize=53141
x-cache
HIT
cf-bgj
minify
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Tue, 18 Jan 2022 13:09:00 GMT
server
NetDNA-cache/2.2
etag
W/"61e6bbec-cf95"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DO%2FxjTEeCBNtqXjXD%2FsdkK8onARV6lMQ2nD2WMi3HEIO%2FUWLtVdM9hzqUw1j4p70lQru5MbUHn%2BW4BtLLY21NirvxiBnqxOQfmxFBthpO9VpZoeXmrhPxHXCnh%2FGUN%2Bz"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2592000
cf-ray
6cff93e65d382151-DUS
expires
Fri, 18 Feb 2022 08:49:32 GMT
config.js
t49.hemmungslos.net/js/dist/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t49.hemmungslos.net/js/dist/config.js
Requested by
Host: t49.hemmungslos.net
URL: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76b5982e688575e2f83145319da449a31bd3172c113c775c3a9a774b7ffe7783

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Tue, 18 Jan 2022 13:00:47 GMT
server
cloudflare
etag
W/"61e6b9ff-791"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0kS2LpB3T7Fo3v41mc8n997rmbm5PUzPZba%2BAacc6SYva3lyJREa8xVwd188iLTpW1HBuTS85EEK62jvyruwQK6Nkc3VhdnBSQ1fEjkQFzftQrbKuiZhKS2MjlPV63I%2BN%2B9N4dAYI6EQK%2Bmx7QBau5tn"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6d03200f6fa8690d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Fri, 18 Feb 2022 21:23:37 GMT
require.js
t49.hemmungslos.net/node_modules/requirejs/ 		84 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t49.hemmungslos.net/node_modules/requirejs/require.js
Requested by
Host: t49.hemmungslos.net
URL: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9485f0917f97fcf4f63a5ea365200ffd57f123f451382a2f9a1ad2e2fd51ac9b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Mon, 27 Aug 2018 06:00:39 GMT
server
cloudflare
etag
W/"5b839387-151d3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6263CGjPWJxXAmT%2FFD3%2Fqk3xPbZ1ITRQzkOPNNvIGf%2ByvZf%2F9pXbB7tFWmEV63EPcc9LNcqgu97H4SKFmAxI3uuOQkd%2F%2B%2BBvlqSrVCA6Pux%2BOek3cV80VtTmSZz%2BEZGPQrf0w7cPgIhGPoZ67QokDTF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6d03200f6fac690d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Fri, 18 Feb 2022 21:23:37 GMT
bg_1.jpg
static-03-2ug82pacs7u3bksy.netdna-ssl.com/promo-static/img/landing0039/ 		617 KB
618 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static-03-2ug82pacs7u3bksy.netdna-ssl.com/promo-static/img/landing0039/bg_1.jpg?v=2.203.0.master.20220118140444
Requested by
Host: t49.hemmungslos.net
URL: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.237.33 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
584fe4084789f308d4adf54b2a54cc573e83b5f79f6f7aa091366c85e373d4bb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t49.hemmungslos.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
cf-cache-status
MISS
last-modified
Thu, 31 Oct 2019 07:15:46 GMT
server
NetDNA-cache/2.2
etag
"5dba8a22-9a407"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NNVLkB6S8DyPo8kW6AHeJtsd4LR%2BlZHmie7BX753CDg5lO%2BlaqfJN4qfZguFi2AFQcUnnZXpb36z4MZgLSD%2FW4JERWcXtzwkH2jjg04CZVzZD0z3mWl1HhPIHlg68nUH"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
x-cache
HIT
accept-ranges
bytes
cf-ray
6cff93e84e784172-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
631815
heading_triangle.svg
static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/img/landing0039/ 		460 B
946 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/img/landing0039/heading_triangle.svg
Requested by
Host: static-01-2ug82pacs7u3bksy.netdna-ssl.com
URL: https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/landing0039.css?v=2.203.0.master.20220118140444
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.237.33 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
15c670d38e8f4583cd5e4bd50023c75c15eecb4ec214e36ccdf1082ee4ba668f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/landing0039.css?v=2.203.0.master.20220118140444
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 18 Jan 2022 13:09:06 GMT
server
NetDNA-cache/2.2
age
517
etag
W/"61e6bbf2-1cc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQgL0B4tzCRO36yPU05J5ngTETjDQmPll%2BLJ98YjBUAUs7P8od20BeXBzbxSgPuA9evKYF592bfxjiDbhcetUHirZkzyayzcNk%2F4osQaKPLIxEbNwpg3xaZj6IvsfaEi"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
cf-ray
6cff93e7dc5f2199-DUS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
OpenSans-Bold.woff
static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/node_modules/g4.font.family/fonts/ 		69 KB
69 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/node_modules/g4.font.family/fonts/OpenSans-Bold.woff
Requested by
Host: static-01-2ug82pacs7u3bksy.netdna-ssl.com
URL: https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/landing0039.css?v=2.203.0.master.20220118140444
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.237.33 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
0a4d3ba79d0dac0d8b7b4f2571e5f10b6accbac2e29f6cd792483bf2984196e2

Request headers

Referer
https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/landing0039.css?v=2.203.0.master.20220118140444
Origin
https://t49.hemmungslos.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
70188
last-modified
Tue, 18 Jan 2022 13:08:24 GMT
server
NetDNA-cache/2.2
etag
"61e6bbc8-1122c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hslscnvCr0LS37b5clU%2FI94D0IySZNKInfhJS0FfvHxNyP42cfOAklvazdTt3BFsSuXyk%2BRmTp%2FN6Mm7ulEAkc8gJW%2FskBUHUmFX6A7%2BOrC1SnK0OK8opj8BEPQ7hdfx"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6cff9094faba4315-FRA
expires
Fri, 18 Feb 2022 10:57:01 GMT
OpenSans-Regular.woff
static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/node_modules/g4.font.family/fonts/ 		66 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/node_modules/g4.font.family/fonts/OpenSans-Regular.woff
Requested by
Host: static-01-2ug82pacs7u3bksy.netdna-ssl.com
URL: https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/landing0039.css?v=2.203.0.master.20220118140444
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.237.33 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
565eb53dab9961bc6d8b78fcd23ba799254aabd7658f21bf385e84675e46fb51

Request headers

Referer
https://static-01-2ug82pacs7u3bksy.netdna-ssl.com/promo/css/pages/landing0039.css?v=2.203.0.master.20220118140444
Origin
https://t49.hemmungslos.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
67528
last-modified
Tue, 18 Jan 2022 13:08:25 GMT
server
NetDNA-cache/2.2
etag
"61e6bbc9-107c8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fghsHJOU6dVLnDVFCqHWA4j6h1XPe1M0Z9Li%2BEx0KS5qKHoUPg977%2Fo%2BCj0A%2B8Ltg6IfpOHItmB8PBDEK6zujAaiEGzdgVvd6pkvNbDx8HecPXC1cYXn%2BO6O1%2FJpFCJs"}],"group":"cf-nel","max_age":604800}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6cff9093ae146d92-MUC
expires
Fri, 18 Feb 2022 10:57:01 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: t49.hemmungslos.net
URL: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t49.hemmungslos.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6523
date
Wed, 19 Jan 2022 19:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 19 Jan 2022 21:34:54 GMT
landing0039.js
t49.hemmungslos.net/js/dist/ 		1 MB
215 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t49.hemmungslos.net/js/dist/landing0039.js?v=2.203.0.master.20220118140444
Requested by
Host: t49.hemmungslos.net
URL: https://t49.hemmungslos.net/node_modules/requirejs/require.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:9d40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbe97d0b63511273cb80468b51f66919031d9ccc41d4438f37eeacdab441c60b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 19 Jan 2022 21:23:37 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Tue, 18 Jan 2022 13:07:47 GMT
server
cloudflare
etag
W/"61e6bba3-102847"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TdUq6J7RiXLquvzo3VnKhQu2%2BBABZlZZy%2BfTY4Nhoo%2B6ciH7rimu88f31iq9RjaXsTVljYCbOu%2F4wR%2FMM9n4CrDv60M4tQBtSreKx8iA6g%2FvE2LC5%2BTzIAr1Drivm0%2FxIJ5aW08b21vmJnTHKAZn%2BLsG"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6d03200ff91b690d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Fri, 18 Feb 2022 21:23:37 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=341392918&t=pageview&_s=1&dl=https%3A%2F%2Ft49.hemmungslos.net%2F%3Fq%3D%2Fa%2Fff0049%2F%26promo_code%3D102876%26ev%3Dxc164262741673e5561e88158a2a3e429461062%26keyword%3D135%26pass%3Dxc164262741673e5561e88158a2a3e429461062%26m%3D0%7C0%7C0%7C0%26email%3D%26email_encoded%3D%26flow%3D18%26fb_pixel%3D%26ptid%3D38463&dr=https%3A%2F%2Fdlvr.xcash.com%2F&ul=en-us&de=UTF-8&dt=Hemmungslos%3A%20Dates%20und%20unverbindliche%20Treffen&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=910711415&gjid=377052009&cid=101343231.1642627418&tid=UA-115151054-23&_gid=421348226.1642627418&_r=1&_slc=1&z=959967001
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://t49.hemmungslos.net/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 19 Jan 2022 21:23:37 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://t49.hemmungslos.net
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
nr-1212.min.js
js-agent.newrelic.com/ 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1212.min.js
Requested by
Host: t49.hemmungslos.net
URL: https://t49.hemmungslos.net/?q=/a/ff0049/&promo_code=102876&ev=xc164262741673e5561e88158a2a3e429461062&keyword=135&pass=xc164262741673e5561e88158a2a3e429461062&m=0|0|0|0&email=&email_encoded=&flow=18&fb_pixel=&ptid=38463
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://t49.hemmungslos.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id
S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding
gzip
etag
"9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id
G3H7ZGH3NRBG71F6
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12828
x-amz-id-2
vQZCeBOGvSkKZ1wSrpfdy9fIYY8PDJEsYc9Gyv/IF3Azg7eTY8h6Vkh4Af4Tyzu9POjIqG1KicM=
x-served-by
cache-hhn4028-HHN
last-modified
Thu, 04 Nov 2021 21:16:16 GMT
server
AmazonS3
x-timer
S1642627418.900162,VS0,VE0
date
Wed, 19 Jan 2022 21:23:37 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
12712
6cbab69a58
bam-cell.nr-data.net/1/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
tpc.googlesyndication.com
URL
https://tpc.googlesyndication.com/generate_204?0jsZyw
Domain
bam-cell.nr-data.net
URL
https://bam-cell.nr-data.net/1/6cbab69a58?a=192394552&v=1212.e95d35c&to=ZlNaYhEDDEBYBUZQDF8Ze0MQFg1eFiNHXTNDWVVZTDIQXFQJHXANVVNAGSoMBlZB&rst=1021&ck=1&ref=https://t49.hemmungslos.net/&ap=326&be=601&fe=992&dc=685&perf=%7B%22timing%22:%7B%22of%22:1642627416889,%22n%22:0,%22f%22:203,%22dn%22:203,%22dne%22:203,%22c%22:203,%22ce%22:203,%22rq%22:225,%22rp%22:589,%22rpe%22:590,%22dl%22:592,%22di%22:685,%22ds%22:685,%22de%22:685,%22dc%22:991,%22l%22:991,%22le%22:993%7D,%22navigation%22:%7B%7D%7D&fp=667&fcp=667&at=ShRZFFkZH04%3D&jsonp=NREUM.setToken

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| NREUM object| newrelic function| __nr_require object| URL_PARAMS object| SITE_PRODUCT string| DOMAIN string| ENV object| WL_SITE string| SITE_NAME string| SITE_LAYOUT string| SITE_TYPE string| THIRD_PARTY_VIDEO_ID string| CURRENT_LANG object| TRANSLATIONS object| STATIC_DOMAINS object| SITE_VARIABLES string| EMAIL_LIMIT_REACHED string| EMAIL_BLACKLISTED object| ERROR_MESSAGES object| SUCCESS_MESSAGES object| NDConfig

30 Cookies

Domain/Path Name / Value
t49.hemmungslos.net/node_modules/requirejs Name: APPID
Value: promo
t49.hemmungslos.net/js/dist Name: APPID
Value: promo
.soo.gd/ Name: _ga
Value: GA1.2.1194484339.1642627414
.soo.gd/ Name: _gid
Value: GA1.2.197524614.1642627414
.soo.gd/ Name: _gat_gtag_UA_31510493_2
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.soo.gd/ Name: __gads
Value: ID=7d0f13bc4d362067-22f7690724cd00eb:T=1642627413:S=ALNI_MZrHJimiOrpjmj6xak0U1C7Xqn39g
t.avod.link/ Name: enc_aff_session_6585
Value: ENC03af4fcc43418c3aa44f0fe1f9f37e46a646656979685a3d54e11d9c4db0899d757c4bea4f38423d5d46da866b6a73d3f1bf1a33909a30f00b025803490bb35443e4940f8d264d6cf36f0c1756b5c38c5662ecd77ff4c6a0e48327cae6a6e8075fa58066d43b6a79a396a136b5e2825977869b9649466b16219efff53b092e030330988f97
t.avod.link/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ny4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS85Ny4wLjQ2OTIuNzEgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D
t.crdefault.link/ Name: enc_aff_session_3785
Value: ENC0332d7a6aec034f579de64ce112cccbd62a8fe2a5f806170ac8338896be2fa4fa47bb4c8971d97e801602994a2224777bc2f8bbb3a787f2208badc4e470d527ffbd72273621c258059902cf5ff8e179274871ee1abd196de2cdc15667e6379b9e977ad6f0bfe2b4bc665fbb2b25d8b90ed673fc531304a1a52a06b02eb1a560427090ba6e2
t.crdefault.link/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ny4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS85Ny4wLjQ2OTIuNzEgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D
.a.vfgtg.com/ Name: ab267e05-23a0-430a-bac4-772f7f629740-v4
Value: 6neYcQdCql5vrspIcOtkDHWyOxT-OglVcB4byyX8KW8
.a.vfgtg.com/ Name: 594d904a-0357-44c8-8f0f-a122ee52f3d8-v4
Value: IdKkdZ04vqPGVK9_lwEAGJMpOeWb7AmTF7Srv7I0iJM
.a.vfgtg.com/ Name: cc-v4
Value: bXer7Tuy4n0MpoMPMWOR0WCZ%2BG2N0mTSmEeyiA6hclySwYlooe1RJ4bF94O2iRWkTci61ut39gp0pzvJodaAPF5aWp8b%2FzQqPpF2WawzSiCKF1Y4XZdaX4mtY8k%2BWDcEsPrk88MVBA0KN6EjgAK5Ig%3D%3D
s.aslnk.link/ Name: aff_ran_url_7681
Value: 28250
s.aslnk.link/ Name: enc_aff_session_7681
Value: ENC036d5e45d10072cd3b1446e2544c86f15dfcbf68121828e638cad290d6c24f5a2b9a8c62bca44cec5afa8ce35856c7abfff52cc886984cd46f447698b8b47f6a440939ccb37407e69a6b9d532f62da13fb89524e3fbc11eb13c76966f3e363cbc683b777cb2ba05d7fa0a27a6e7e929033b8f9e4b9ab9271f1c832b679ac2729e2130309fe6c76883fb1d3b75733f45b8c57dc6c4a572c31d4842882587f64587c5996e7bd350fee03596e3b6d420d26c05898f18f7a51cfa2c8f9b1e94770c1080f48ab5d
s.aslnk.link/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ny4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS85Ny4wLjQ2OTIuNzEgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D
dlvr.xcash.com/ Name: 51D_Bandwidth
Value: 1642627416.6003
dlvr.xcash.com/ Name: ubbc
Value: eyJpdiI6InVYTk13XC9WNEp3UDg1elBWaTFlZ1lBPT0iLCJ2YWx1ZSI6IkFaV2tGdERVcXl5VEdRWTNHK0gxT0E9PSIsIm1hYyI6IjA2YjM1MWFmYjcyOTJkMjIxOGRhNTI0MWJlZmMwNzA1ZTQ0MTBiMjczYjNhNzQxZjdlN2RkZGNjNTBkNzJjZGIifQ%3D%3D
dlvr.xcash.com/ Name: bbuc
Value: eyJpdiI6IjRmdzlVXC94c1ZEbTQ1VG83YkJXR1h3PT0iLCJ2YWx1ZSI6IkwxeVwvZ2VnKzJTUGJLNCtURkVwSVVPeG5DblhLSVFGZDlnUEMrU1h6VDBrPSIsIm1hYyI6IjkyNjVjYTVmYjkzZDM2YWU4OTIxM2M2NWUyNDQ0ZTFiYzcwOGE5ZWJlNDYwNTdlZjFkOTZjNDIyZWIwYTU4MjIifQ%3D%3D
dlvr.xcash.com/ Name: bbrc
Value: eyJpdiI6IktMMXhzeFZHYU0zbFUyQ2M1SXJQamc9PSIsInZhbHVlIjoidElhRTBYY09YWFpib0xJUGQwbkh4UT09IiwibWFjIjoiODI5NjJkZDk4NmRlZDExZDQ3YmMyOTVmZjAwNTIxZTAwZTQ2M2RjMDBjYTljZGQ0NjI3MjU1ZDgwNDE2M2EwNSJ9
dlvr.xcash.com/ Name: laravel_session
Value: eyJpdiI6InJwQ3p1dXJWaUJSRG8yY3RJbWoxN3c9PSIsInZhbHVlIjoiYnp6eFVYTDgyN1wvQ1k5TW5RSTQra1gyK0lvMURHMTMzSkJ5M0c2Nnc0czNKZjB2aFE5ZlhBTkViOUMzc2t4bWlxdmJXa2lFRnQxR1hDMTAyR0tmUG5RPT0iLCJtYWMiOiI1YTczYjdjYjNiOTJhZmVkMDNlNmI0ZWMzYzM5OTQyNzcxN2E2NjAyNzc1NjBlYWZlMTY2MDU2YjAwZjY2OGIyIn0%3D
trk.hemmungslos.net/ Name: SERVERID
Value: wbs02
.hemmungslos.net/ Name: PHPSESSID
Value: eq8vgj67al9daglmnh80fdn2v1
.hemmungslos.net/ Name: pc_aff
Value: Tk7_6TViGjGU963N4sW33JYnHzMAYv0j87qqO9RUzMwUlsxKTb5pNLGhI-TmAeeFc8hSG1yyMJT5epATyTc9HaTpzYxZsvJt2xMyKkIvZ7itvg_R-WS2R4CPGq9sgmP7HZI1WI3tlG0Zd0GnW9ephA7A9GZshOTcuOz-mqvHdGkjNBy2-cm6chMfbz3pAztgAgEuj-AcLluBa8__Fo0tujimYeq7g2_05sMa2gTHzRBZwYG0kcQAmflh7DRDXmsOkUPEi-swZJdz65a4EkkuO7Q_OxIIccSJY3fyXLKocwiLJ8dil-WJrZq6IP1SoO3hqVUx9UYHUBtc1P_MnwN4FnCWPmWyPGpgZOf2yRI7B2k6BUhxJiJHGOHhUKiDz-Xy
.t49.hemmungslos.net/ Name: promo_code
Value: 102876
.t49.hemmungslos.net/ Name: ev
Value: xc164262741673e5561e88158a2a3e429461062
.t49.hemmungslos.net/ Name: keyword
Value: 135
t49.hemmungslos.net/ Name: APPID
Value: promo
t49.hemmungslos.net/ Name: SERVERID
Value: wbs07

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

26753adb043dd009e376941c1e146259.safeframe.googlesyndication.com
a.vfgtg.com
adservice.google.com
adservice.google.de
bam-cell.nr-data.net
ckstatic.com
dlvr.xcash.com
js-agent.newrelic.com
pagead2.googlesyndication.com
s.aslnk.link
securepubads.g.doubleclick.net
soo.gd
static-01-2ug82pacs7u3bksy.netdna-ssl.com
static-03-2ug82pacs7u3bksy.netdna-ssl.com
t.avod.link
t.crdefault.link
t49.hemmungslos.net
tpc.googlesyndication.com
trk.hemmungslos.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
bam-cell.nr-data.net
tpc.googlesyndication.com
108.157.4.55
128.0.45.252
13.224.193.4
142.250.186.130
143.204.98.48
151.101.66.137
151.139.237.33
18.192.108.151
205.185.216.10
2606:4700:3031::ac43:86be
2606:4700:3034::ac43:9d40
2a00:1450:4001:802::2001
2a00:1450:4001:802::2004
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2002
0a4d3ba79d0dac0d8b7b4f2571e5f10b6accbac2e29f6cd792483bf2984196e2
0d9e575113cd46216339bdf2532375afbc228c0f70095d889b0b17080fd8af9f
15c670d38e8f4583cd5e4bd50023c75c15eecb4ec214e36ccdf1082ee4ba668f
2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045
565eb53dab9961bc6d8b78fcd23ba799254aabd7658f21bf385e84675e46fb51
584fe4084789f308d4adf54b2a54cc573e83b5f79f6f7aa091366c85e373d4bb
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
76b5982e688575e2f83145319da449a31bd3172c113c775c3a9a774b7ffe7783
9485f0917f97fcf4f63a5ea365200ffd57f123f451382a2f9a1ad2e2fd51ac9b
9ee33e5f6fe3c76e375cc583405418d048bf2b8ecac948ff1822d9c3b52804a5
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
b1a4839b38c9e4a6d0d66470cd6d4ec1e788a7670ef9aa21df83aefb5f40ddcd
b5c91fcf2c8dc4039808e6c910505d0092462940246e008f00058f339cc9d66f
b7fe7790594eeee4ca56ff9e2fd74fdd1dd43b8af9dfa9840403cce8bdbd4a17
cbe97d0b63511273cb80468b51f66919031d9ccc41d4438f37eeacdab441c60b
ded5fe880d31adc4c8b87da6a6b30e631cf8b9b77c73c8b01f6be6fa38393e1a
e22b12408caa7ecd10b314222714797de990df8fbe721b3e716485bead3679d3
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
f2a94ad7e0790a9d1237bb68214a402da2d9511712e6cf260f8bb267a37adc0c
f8e80a8c2985862a7e2cf4281e84a549058b338dce738a750aec76ce7eeae9d7