URL: https://142.4.3.228/
Submission Tags: krdprod
Submission: On October 15 via api from JP — Scanned from DE

Summary

This website contacted 18 IPs in 4 countries across 14 domains to perform 78 HTTP transactions. The main IP is 142.4.3.228, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is 142.4.3.228.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 14th 2021. Valid for: 3 months.
This is the only time 142.4.3.228 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
31 142.4.3.228 46606 (UNIFIEDLA...)
3 172.217.16.138 15169 (GOOGLE)
6 216.58.212.130 15169 (GOOGLE)
9 104.75.88.126 16625 (AKAMAI-AS)
1 104.21.34.18 13335 (CLOUDFLAR...)
2 142.250.184.206 15169 (GOOGLE)
5 142.250.185.66 15169 (GOOGLE)
7 142.250.185.163 15169 (GOOGLE)
1 2.18.235.40 16625 (AKAMAI-AS)
1 142.250.185.98 15169 (GOOGLE)
1 142.250.186.162 15169 (GOOGLE)
2 142.250.185.226 15169 (GOOGLE)
1 64.233.166.154 15169 (GOOGLE)
2 142.250.184.196 15169 (GOOGLE)
1 142.250.186.163 15169 (GOOGLE)
2 87.240.190.78 47541 (VKONTAKTE...)
2 142.250.185.97 15169 (GOOGLE)
78 18
Domain Requested by
12 www.discountflights.com 142.4.3.228
www.discountflights.com
7 fonts.gstatic.com fonts.googleapis.com
6 pagead2.googlesyndication.com 142.4.3.228
pagead2.googlesyndication.com
tpc.googlesyndication.com
4 googleads.g.doubleclick.net pagead2.googlesyndication.com
4 s7.addthis.com 142.4.3.228
s7.addthis.com
3 api-public.addthis.com s7.addthis.com
3 fonts.googleapis.com 142.4.3.228
2 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 vk.com s7.addthis.com
2 www.google.com 142.4.3.228
tpc.googlesyndication.com
2 adservice.google.com pagead2.googlesyndication.com
2 adservice.google.de pagead2.googlesyndication.com
2 www.google-analytics.com 142.4.3.228
www.google-analytics.com
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 www.google.de 142.4.3.228
1 stats.g.doubleclick.net www.google-analytics.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 z.moatads.com s7.addthis.com
1 cookieinfoscript.com 142.4.3.228
78 20

This site contains links to these domains. Also see Links.

Domain
www.ar.discountflights.com
www.bb.discountflights.com
www.bm.discountflights.com
www.bo.discountflights.com
www.discountflights.com.br
www.bs.discountflights.com
www.ca.discountflights.com
www.cl.discountflights.com
www.co.discountflights.com
www.cr.discountflights.com
www.cu.discountflights.com
www.ec.discountflights.com
www.sv.discountflights.com
www.gt.discountflights.com
www.hn.discountflights.com
www.jm.discountflights.com
www.discountflights.com.mx
www.ni.discountflights.com
www.pa.discountflights.com
www.py.discountflights.com
www.pe.discountflights.com
www.do.discountflights.com
www.discountflights.com
www.uy.discountflights.com
www.ve.discountflights.com
www.al.discountflights.com
www.az.discountflights.com
www.by.discountflights.com
www.discountflights.be
www.ba.discountflights.com
www.bg.discountflights.com
www.discountflights.cz
www.hr.discountflights.com
www.cy.discountflights.com
www.discountflights.dk
www.discountflights.com.de
www.gr.discountflights.com
www.discountflights.es
www.fr.discountflights.com
www.ie.discountflights.com
www.is.discountflights.com
www.discountflights.it
www.kz.discountflights.com
www.lt.discountflights.com
www.lu.discountflights.com
www.mk.discountflights.com
www.hu.discountflights.com
www.mt.discountflights.com
www.nl.discountflights.com
www.no.discountflights.com
www.discountflights.at
www.discountflights.pl
www.pt.discountflights.com
www.discountflights.ru
www.ro.discountflights.com
www.rs.discountflights.com
www.ch.discountflights.com
www.sk.discountflights.com
www.si.discountflights.com
www.fi.discountflights.com
www.discountflights.se
www.tr.discountflights.com
www.ua.discountflights.com
www.uk.discountflights.com
www.au.discountflights.com
www.bd.discountflights.com
www.cjipiao.com
www.discountflights.cn
www.kh.discountflights.com
www.fj.discountflights.com
www.discountflights.jp
www.discountflights.com.hk
www.in.discountflights.com
www.discountflights.co.id
www.mo.discountflights.com
www.discountflights.com.my
www.mn.discountflights.com
www.mm.discountflights.com
www.np.discountflights.com
www.discountflights.co.nz
www.pk.discountflights.com
www.discountflights.com.ph
www.discountflights.com.sg
www.discountflights.co.kr
www.lk.discountflights.com
www.th.discountflights.com
www.discountflights.com.tw
www.uz.discountflights.com
www.vn.discountflights.com
www.dz.discountflights.com
www.bh.discountflights.com
www.eg.discountflights.com
www.et.discountflights.com
www.ir.discountflights.com
www.iq.discountflights.com
www.il.discountflights.com
www.jo.discountflights.com
www.qa.discountflights.com
www.ke.discountflights.com
www.kw.discountflights.com
www.lb.discountflights.com
www.ma.discountflights.com
www.ng.discountflights.com
www.om.discountflights.com
www.sa.discountflights.com
www.discountflights.za.com
www.tz.discountflights.com
www.tn.discountflights.com
www.discountflights.ae
www.businesshotels.com
www.facebook.com
twitter.com
www.instagram.com
www.linkedin.com
www.pinterest.com
wikipedia.org
cookieinfoscript.com
Subject Issuer Validity Valid
bg.discountflights.com
cPanel, Inc. Certification Authority
2021-10-14 -
2022-01-12
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
discountflights.com
cPanel, Inc. Certification Authority
2021-10-14 -
2022-01-12
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2021-04-25 -
2022-04-27
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-06-16 -
2022-06-15
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2021-01-21 -
2022-01-25
a year crt.sh
*.googleadservices.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.google.de
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.google.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
www.google.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
www.google.de
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh
*.vk.com
GlobalSign Organization Validation CA - SHA256 - G2
2020-06-09 -
2022-06-10
2 years crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2021-09-13 -
2021-11-20
2 months crt.sh

This page contains 9 frames:

Primary Page: https://142.4.3.228/
Frame ID: 8A8DAEE4ACD2241C6C396A3C3A823FE4
Requests: 69 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html
Frame ID: 82FD9E4857D1718497A47C76F2D810BA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=1232261827&adk=177228081&adf=3217305161&pi=t.ma~as.1232261827&w=1200&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499910&bpp=4&bdt=903&idt=108&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&correlator=2511726421019&frm=20&pv=2&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=609&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KFdAzFfWdc&p=https%3A//142.4.3.228&dtd=128
Frame ID: 8C9B62B17EAB40A6D11A76EBDC8FFD8D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=8672360826&adk=1841579268&adf=3128260259&pi=t.ma~as.8672360826&w=730&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499915&bpp=3&bdt=909&idt=131&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=2511726421019&frm=20&pv=1&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=435&ady=1671&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=lLTsMyZakR&p=https%3A//142.4.3.228&dtd=134
Frame ID: 32A78D6982D618718C26E43AF894F8CB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&adk=1812271804&adf=3025194257&lmt=1634264500&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F142.4.3.228%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264500542&bpp=1&bdt=1535&idt=1&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C730x280&nras=1&correlator=2511726421019&frm=20&pv=1&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=6
Frame ID: E14DADD33D1C4F93885B16F16ECA1CCA
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 326D5667DCF52084D76A75200E6A7FCE
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 6EA1C428FE31D5507059873912895BFF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: C2C329AEBC44056C6C520CEA262AA909
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8CF7752BB926415FA33D10B0E11AD358
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Cheap Bulgaria Airfares - Discount Flights TwitterFacebookLinkedInWhatsAppViberVkontakteAddThis

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • addthis\.com/js/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • moatads\.com

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

78
Requests

74 %
HTTPS

0 %
IPv6

14
Domains

20
Subdomains

18
IPs

4
Countries

962 kB
Transfer

2511 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

78 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
142.4.3.228/
66 KB
22 KB
Document
General
Full URL
https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
b8f6aefbb47472521c0b9f3afefb6698d30a762ab666446eb90ec08baa9459dc

Request headers

Host
142.4.3.228
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Fri, 15 Oct 2021 02:21:38 GMT
Server
Apache
Content-Encoding
gzip
Vary
Accept-Encoding,User-Agent
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
css
fonts.googleapis.com/
10 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f10.1e100.net
Software
ESF /
Resource Hash
451575204ff8e8fb6a42a669185d8480a461132285ebf960c9368513f910457f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 02:21:39 GMT
server
ESF
date
Fri, 15 Oct 2021 02:21:39 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Fri, 15 Oct 2021 02:21:39 GMT
css
fonts.googleapis.com/
10 KB
880 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400italic,400,300,600
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f10.1e100.net
Software
ESF /
Resource Hash
345e41c382a42a0ef1017065d3fba90961cbaf41741dd519c7b5f77d52886f7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 02:21:39 GMT
server
ESF
date
Fri, 15 Oct 2021 02:21:39 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Fri, 15 Oct 2021 02:21:39 GMT
rs_searchbox.css
142.4.3.228/css/
15 KB
3 KB
Stylesheet
General
Full URL
https://142.4.3.228/css/rs_searchbox.css
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
025e6e0222f7d39e4d2b657482802afb30bea743eafffd015f24555cdec84717

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:56 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2217
Expires
Sun, 14 Nov 2021 02:21:39 GMT
loader.css
142.4.3.228/css/
1 KB
935 B
Stylesheet
General
Full URL
https://142.4.3.228/css/loader.css
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
b4d0aae65248562dafb17d792149cb376a93d6cbfc70cb7052422356391864fb

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:53 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
565
Expires
Sun, 14 Nov 2021 02:21:39 GMT
rs_calendar_style.css
142.4.3.228/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://142.4.3.228/css/rs_calendar_style.css
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
7b276e3efcab42f3a4621be8212ad5d2bb900e6f1a738fde82351a236735a95d

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:55 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1294
Expires
Sun, 14 Nov 2021 02:21:39 GMT
css
fonts.googleapis.com/
3 KB
505 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,700,900
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.138 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f10.1e100.net
Software
ESF /
Resource Hash
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 01:28:55 GMT
server
ESF
date
Fri, 15 Oct 2021 02:21:39 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Fri, 15 Oct 2021 02:21:39 GMT
bootstrap.min.css
142.4.3.228/css/
118 KB
20 KB
Stylesheet
General
Full URL
https://142.4.3.228/css/bootstrap.min.css
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:48 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
19751
Expires
Sun, 14 Nov 2021 02:21:39 GMT
bootstrap-datepicker.min.css
142.4.3.228/css/
15 KB
2 KB
Stylesheet
General
Full URL
https://142.4.3.228/css/bootstrap-datepicker.min.css
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
dea4baedf0a744a8a6019bf930c228210c5549b84955373ed3ba69d20657776b

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:47 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2026
Expires
Sun, 14 Nov 2021 02:21:39 GMT
reset.css
142.4.3.228/css/
1 KB
988 B
Stylesheet
General
Full URL
https://142.4.3.228/css/reset.css
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
d70f46d49842e5fd313259c3e10b39b4fa50c1552c93f959787da7e7a0deca60

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:54 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
617
Expires
Sun, 14 Nov 2021 02:21:39 GMT
font-awesome.css
142.4.3.228/css/
25 KB
5 KB
Stylesheet
General
Full URL
https://142.4.3.228/css/font-awesome.css?v=1889169626
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
f5b49529ed3d6c1dbc8bf1b8d05afba725cc9cc723b26df2c2b529b36515f2d2

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:52 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4994
Expires
Sun, 14 Nov 2021 02:21:39 GMT
discountflights.css
142.4.3.228/css/
18 KB
5 KB
Stylesheet
General
Full URL
https://142.4.3.228/css/discountflights.css
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
bead0dd7087a0e308af27792e78a8681682339aaa86a3db9c19b66c5db833352

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:48:49 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
4447
Expires
Sun, 14 Nov 2021 02:21:39 GMT
restyle.css
www.discountflights.com/css/
57 KB
10 KB
Stylesheet
General
Full URL
https://www.discountflights.com/css/restyle.css?v=661358593
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
db2659ed86753167ae5f4b0723e3d10e1bd3bb21ac5df55a261bff3753201076

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Jul 2020 16:29:58 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
X-Endurance-Cache-Level
2
Content-Type
text/css
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9574
Expires
Sun, 14 Nov 2021 02:21:39 GMT
csclose.svg
142.4.3.228/images/
774 B
783 B
Image
General
Full URL
https://142.4.3.228/images/csclose.svg
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
b304a86c864028574108eb09666e65d28cba78782bee67deeda4d6bc19a50c7b

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Sat, 23 Mar 2019 00:01:42 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
407
Expires
Sat, 15 Oct 2022 02:21:39 GMT
discount-flights-logo.png
142.4.3.228/images/
9 KB
10 KB
Image
General
Full URL
https://142.4.3.228/images/discount-flights-logo.png
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
742cfdd064b1e63af44fff6f6083b13f21d0c703e616dea858c0ea5605d8522c

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Last-Modified
Sat, 24 Oct 2020 03:30:42 GMT
Server
Apache
Content-Type
image/png
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
9536
Expires
Sat, 15 Oct 2022 02:21:40 GMT
BG.png
www.discountflights.com/flags/
520 B
863 B
Image
General
Full URL
https://www.discountflights.com/flags/BG.png
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
9096318ef1c1cf4b3b42fb751ff4ea85e002926dbb8e36a4bea3d82da0bcee02

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Last-Modified
Tue, 16 Jan 2018 19:18:13 GMT
Server
Apache
X-Endurance-Cache-Level
2
Content-Type
image/png
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
520
Expires
Sat, 15 Oct 2022 02:21:39 GMT
down-arrow.png
www.discountflights.com/images/
1020 B
1 KB
Image
General
Full URL
https://www.discountflights.com/images/down-arrow.png
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
71a49aa79f725f354ceca723099f7a41466cbf837988f4f6385c4977ff5ad4e2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Last-Modified
Tue, 16 Jan 2018 19:23:33 GMT
Server
Apache
X-Endurance-Cache-Level
2
Content-Type
image/png
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1020
Expires
Sat, 15 Oct 2022 02:21:39 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
145 KB
51 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f2.1e100.net
Software
cafe /
Resource Hash
185d9e549f5056cf9ad0438261c11b8569475e328886ef8c2a6367a536a4ae5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51453
x-xss-protection
0
server
cafe
etag
3309784056333935305
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 15 Oct 2021 02:21:39 GMT
facebook.svg
www.discountflights.com/images/
320 B
621 B
Image
General
Full URL
https://www.discountflights.com/images/facebook.svg
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
337a2f411eab4e33b237c03254a4c1cecd6171ce4a97a100e2bf365f66e2258a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Sep 2019 23:06:25 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
X-Endurance-Cache-Level
2
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
217
Expires
Sat, 15 Oct 2022 02:21:39 GMT
twitter.svg
www.discountflights.com/images/
2 KB
1 KB
Image
General
Full URL
https://www.discountflights.com/images/twitter.svg
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
432f9a7186d240aa7ab963e07f2a5038662542343facbe3bf32f25a1ea1bae8c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Sep 2019 22:55:04 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
X-Endurance-Cache-Level
2
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
842
Expires
Sat, 15 Oct 2022 02:21:40 GMT
instagram.svg
www.discountflights.com/images/
3 KB
2 KB
Image
General
Full URL
https://www.discountflights.com/images/instagram.svg
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
db87f8b61387743b2450c1b9874e02b35ed8d61a98f12436e132526938d6f661

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Sep 2019 22:47:51 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
X-Endurance-Cache-Level
2
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1145
Expires
Sat, 15 Oct 2022 02:21:40 GMT
linkedin.svg
www.discountflights.com/images/
2 KB
1 KB
Image
General
Full URL
https://www.discountflights.com/images/linkedin.svg
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
5a6ac2cb9eb314212a8feb693841203c7579169b6b0bd7da8852837e42cde318

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Content-Encoding
gzip
Last-Modified
Tue, 03 Sep 2019 23:31:47 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
X-Endurance-Cache-Level
2
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
964
Expires
Sat, 15 Oct 2022 02:21:40 GMT
pinterest.svg
www.discountflights.com/images/
1 KB
1 KB
Image
General
Full URL
https://www.discountflights.com/images/pinterest.svg
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
ebea925c8e646a901f659dbb087d94d70f5ab422e6bb7f9c3d009bfc93657bc2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 13 Sep 2019 18:08:45 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
X-Endurance-Cache-Level
2
Content-Type
image/svg+xml
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
695
Expires
Sat, 15 Oct 2022 02:21:40 GMT
addthis_widget.js
s7.addthis.com/js/300/
353 KB
114 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Fri, 15 Oct 2021 02:21:39 GMT
x-host
s7.addthis.com
content-length
116325
jquery.min.js
142.4.3.228/js/
91 KB
32 KB
Script
General
Full URL
https://142.4.3.228/js/jquery.min.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:49:19 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
32798
Expires
Sun, 14 Nov 2021 02:21:39 GMT
jquery-ui.js
142.4.3.228/js/
460 KB
112 KB
Script
General
Full URL
https://142.4.3.228/js/jquery-ui.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:49:17 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Expires
Sun, 14 Nov 2021 02:21:39 GMT
bootstrap.min.js
142.4.3.228/js/
35 KB
10 KB
Script
General
Full URL
https://142.4.3.228/js/bootstrap.min.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:49:07 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
9539
Expires
Sun, 14 Nov 2021 02:21:39 GMT
bootstrap-datepicker.min.js
142.4.3.228/js/
31 KB
10 KB
Script
General
Full URL
https://142.4.3.228/js/bootstrap-datepicker.min.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
ac0d2c9fc0a5f57d932b7d3275f65fa81f17ea9724c3103cb41920210d982006

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:49:04 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
9432
Expires
Sun, 14 Nov 2021 02:21:39 GMT
df.js
142.4.3.228/js/
9 KB
3 KB
Script
General
Full URL
https://142.4.3.228/js/df.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
ca50b505ad260b27fcc8ddaf3afa328a22e5dca8f84f8cdda0c1c318b5ed00d4

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:49:10 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
2242
Expires
Sun, 14 Nov 2021 02:21:39 GMT
autocomp.js
142.4.3.228/js/
3 KB
2 KB
Script
General
Full URL
https://142.4.3.228/js/autocomp.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
2a08fd7715cf8682c03c3eaf2cf558849b1ffa89845fa763500f853214b12dba

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://142.4.3.228/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Jul 2019 09:49:01 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1247
Expires
Sun, 14 Nov 2021 02:21:39 GMT
cookieinfo.min.js
cookieinfoscript.com/js/
7 KB
4 KB
Script
General
Full URL
https://cookieinfoscript.com/js/cookieinfo.min.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.34.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3473
x-amz-meta-cb-modifiedtime
Wed, 07 Apr 2021 11:38:58 GMT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
XBK4YX4SE7S88AWX
x-amz-id-2
QVJfafCMmqCcujpjdumyZX9qLXsIl8wLlOdJYY3Nnxac0A7nmjT3W9bqAIMOtUVDIE53eJaRujI=
last-modified
Wed, 07 Apr 2021 11:39:17 GMT
server
cloudflare
etag
W/"d15d93068c1121f63008407d339bd819"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cmTiogg0AjEevvtMCgqDXUJ8K92Y%2FoOvFgOjZuRjrDERdexQKNrwBVX9dL4KuBKqR3URSJu%2FsnJeNZAy4Cb34eAxqdJIWI60JqCHAyzXfDB85vkWCyQh9si6iD2L7tqAJYML2hTWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=2678400
cf-ray
69e59342d8b9410d-PRG
analytics.js
www.google-analytics.com/
48 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Oct 2021 16:38:54 GMT
server
Golfe2
age
1233
date
Fri, 15 Oct 2021 02:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Fri, 15 Oct 2021 04:01:06 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/ Frame 82FD
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20211013/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20211013/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://142.4.3.228/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Thu, 14 Oct 2021 21:27:24 GMT
expires
Thu, 28 Oct 2021 21:27:24 GMT
content-type
text/html; charset=UTF-8
etag
9069739545958607985
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4691
x-xss-protection
0
age
17655
cache-control
public, max-age=1209600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
calendar.gif
142.4.3.228/images/
1 KB
2 KB
Image
General
Full URL
https://142.4.3.228/images/calendar.gif
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/css/rs_searchbox.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
731c436dc5c09cdcabc6a778fea3cbaddb481e032f4ea189a4691c5005a1a4df

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://142.4.3.228/css/rs_searchbox.css
Cookie
_ga=GA1.1.557839887.1634264500; _gid=GA1.1.2045764853.1634264500; _gat=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/css/rs_searchbox.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Last-Modified
Sat, 23 Mar 2019 00:01:41 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1403
Expires
Sat, 15 Oct 2022 02:21:40 GMT
fontawesome-webfont.woff
142.4.3.228/fonts/
82 KB
82 KB
Font
General
Full URL
https://142.4.3.228/fonts/fontawesome-webfont.woff?v=4.0.3
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/css/font-awesome.css?v=1889169626
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://142.4.3.228
Accept-Encoding
gzip, deflate, br
Host
142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://142.4.3.228/css/font-awesome.css?v=1889169626
Connection
keep-alive
Referer
https://142.4.3.228/css/font-awesome.css?v=1889169626
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:39 GMT
Content-Encoding
gzip
Last-Modified
Tue, 16 Jan 2018 15:07:27 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
font/woff
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
fground.jpg
www.discountflights.com/images/
19 KB
19 KB
Image
General
Full URL
https://www.discountflights.com/images/fground.jpg
Requested by
Host: www.discountflights.com
URL: https://www.discountflights.com/css/restyle.css?v=661358593
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
d0dae7f2e596097b2d28222966883a24ea85407312eef214ff423553bb3ae759

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.discountflights.com/css/restyle.css?v=661358593
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Last-Modified
Tue, 13 Mar 2018 16:43:48 GMT
Server
Apache
X-Endurance-Cache-Level
2
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
19159
Expires
Sat, 15 Oct 2022 02:21:40 GMT
flags_responsive-2.png
www.discountflights.com/images/
62 KB
62 KB
Image
General
Full URL
https://www.discountflights.com/images/flags_responsive-2.png
Requested by
Host: www.discountflights.com
URL: https://www.discountflights.com/css/restyle.css?v=661358593
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
91f589cb227313d4eb170bd8919eb2640922689cc63143bd8095197cb152ad87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.discountflights.com/css/restyle.css?v=661358593
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Last-Modified
Fri, 15 Nov 2019 19:31:56 GMT
Server
Apache
X-Endurance-Cache-Level
2
Content-Type
image/png
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
63348
Expires
Sat, 15 Oct 2022 02:21:40 GMT
homepromo.png
www.discountflights.com/assets/promo/
13 KB
13 KB
Image
General
Full URL
https://www.discountflights.com/assets/promo/homepromo.png
Requested by
Host: www.discountflights.com
URL: https://www.discountflights.com/css/restyle.css?v=661358593
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
4d3a130015ee27ab670d9569d9c0d9fe9a95c867cf03f23b770c300b4eff069d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.discountflights.com/css/restyle.css?v=661358593
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Last-Modified
Tue, 16 Jan 2018 19:13:16 GMT
Server
Apache
X-Endurance-Cache-Level
2
Content-Type
image/png
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
13408
Expires
Sat, 15 Oct 2022 02:21:40 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:31:40 GMT
x-content-type-options
nosniff
age
121799
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:31:40 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:31:43 GMT
x-content-type-options
nosniff
age
121796
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:31:43 GMT
calendar-icon-nf.png
www.discountflights.com/assets/
2 KB
2 KB
Image
General
Full URL
https://www.discountflights.com/assets/calendar-icon-nf.png
Requested by
Host: www.discountflights.com
URL: https://www.discountflights.com/css/restyle.css?v=661358593
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
142.4.3.228 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.corporateairlinetickets.com
Software
Apache /
Resource Hash
a426f4bca2a310c645b680d68926ba947689052359728c427a1ffa669aeef0b6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.discountflights.com/css/restyle.css?v=661358593
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 15 Oct 2021 02:21:40 GMT
Last-Modified
Tue, 06 Mar 2018 16:56:54 GMT
Server
Apache
X-Endurance-Cache-Level
2
Content-Type
image/png
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1862
Expires
Sat, 15 Oct 2022 02:21:40 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 17:27:37 GMT
x-content-type-options
nosniff
age
291242
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 11 Oct 2022 17:27:37 GMT
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/
10 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
2d2ad11e3c1a0fd81bb085050d4b3170beab2964b5b848a5309a6343322e3898
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:39:18 GMT
x-content-type-options
nosniff
age
121341
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9776
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:26 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:39:18 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/
9 KB
10 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:38:41 GMT
x-content-type-options
nosniff
age
121378
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:38:41 GMT
KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:33:20 GMT
x-content-type-options
nosniff
age
121699
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11860
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:33:20 GMT
KFOmCnqEu92Fr1Mu4WxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/
7 KB
7 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4WxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,300,100,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
ede055d18b7ee2504080ddf2e77576d094737085a98fed65874761cd23ba7793
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://142.4.3.228
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:34:26 GMT
x-content-type-options
nosniff
age
121633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7100
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:34:26 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/
272 KB
98 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f2.1e100.net
Software
cafe /
Resource Hash
628ce33c4485b6de0f53e3f4d230f392d3619c02ee0fe77dc518ce4a1db47508
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99855
x-xss-protection
0
server
cafe
etag
9588208968032179161
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 15 Oct 2021 02:21:39 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-235-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
D5503D14AA2F06AA
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=58919
accept-ranges
bytes
content-length
948
x-amz-id-2
JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
collect
www.google-analytics.com/j/
4 B
24 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=220403628&t=pageview&_s=1&dl=https%3A%2F%2F142.4.3.228%2F&ul=en-us&de=UTF-8&dt=Cheap%20Bulgaria%20Airfares%20-%20Discount%20Flights&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=977569921&gjid=298012493&cid=557839887.1634264500&tid=UA-11871909-29&_gid=2045764853.1634264500&_r=1&_slc=1&z=57855515
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://142.4.3.228/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 02:21:40 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://142.4.3.228
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/
197 B
655 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=142.4.3.228&callback=_gfp_s_&client=ca-pub-8581489459044288
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
cadde1f465d2cb9aac080f03758af0c34187c2ead088d25ec6d191d99830d356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
190
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
853 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=142.4.3.228
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
570 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=142.4.3.228
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 8C9B
603 B
67 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=1232261827&adk=177228081&adf=3217305161&pi=t.ma~as.1232261827&w=1200&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499910&bpp=4&bdt=903&idt=108&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&correlator=2511726421019&frm=20&pv=2&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=609&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KFdAzFfWdc&p=https%3A//142.4.3.228&dtd=128
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=1232261827&adk=177228081&adf=3217305161&pi=t.ma~as.1232261827&w=1200&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499910&bpp=4&bdt=903&idt=108&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&correlator=2511726421019&frm=20&pv=2&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=609&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KFdAzFfWdc&p=https%3A//142.4.3.228&dtd=128
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://142.4.3.228/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 15 Oct 2021 02:21:40 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 15-Oct-2021 02:36:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
stats.g.doubleclick.net/j/
4 B
460 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-11871909-29&cid=557839887.1634264500&jid=977569921&gjid=298012493&_gid=2045764853.1634264500&_u=IEBAAEAAAAAAAC~&z=1286595790
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.233.166.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wm-in-f154.1e100.net
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://142.4.3.228/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 15 Oct 2021 02:21:40 GMT
content-type
text/plain
access-control-allow-origin
https://142.4.3.228
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 32A7
603 B
67 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=8672360826&adk=1841579268&adf=3128260259&pi=t.ma~as.8672360826&w=730&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499915&bpp=3&bdt=909&idt=131&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=2511726421019&frm=20&pv=1&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=435&ady=1671&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=lLTsMyZakR&p=https%3A//142.4.3.228&dtd=134
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=8672360826&adk=1841579268&adf=3128260259&pi=t.ma~as.8672360826&w=730&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499915&bpp=3&bdt=909&idt=131&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=2511726421019&frm=20&pv=1&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=435&ady=1671&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=lLTsMyZakR&p=https%3A//142.4.3.228&dtd=134
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://142.4.3.228/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 15 Oct 2021 02:21:40 GMT
server
cafe
content-length
46
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Fri, 15-Oct-2021 02:36:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ga-audiences
www.google.com/ads/
42 B
522 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-11871909-29&cid=557839887.1634264500&jid=977569921&_u=IEBAAEAAAAAAAC~&z=1126010172
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 02:21:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
522 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-11871909-29&cid=557839887.1634264500&jid=977569921&_u=IEBAAEAAAAAAAC~&z=1126010172
Requested by
Host: 142.4.3.228
URL: https://142.4.3.228/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 02:21:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=142.4.3.228
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=142.4.3.228
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame E14D
0
20 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&adk=1812271804&adf=3025194257&lmt=1634264500&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F142.4.3.228%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264500542&bpp=1&bdt=1535&idt=1&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C730x280&nras=1&correlator=2511726421019&frm=20&pv=1&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=6
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8581489459044288&output=html&adk=1812271804&adf=3025194257&lmt=1634264500&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2F142.4.3.228%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264500542&bpp=1&bdt=1535&idt=1&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C730x280&nras=1&correlator=2511726421019&frm=20&pv=1&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=6
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://142.4.3.228/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Fri, 15 Oct 2021 02:21:40 GMT
server
cafe
content-length
0
x-xss-protection
0
set-cookie
test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUnhyS2FgK6ez7dkGuw8M5LMuo057YPFVmISaj0b-OWDNTkzBWGa1Fl2d_on; expires=Wed, 09-Nov-2022 02:21:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 15 Oct 2021 02:21:40 GMT
cache-control
private
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-4ee7296b0598eca8/
2 KB
738 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-4ee7296b0598eca8/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
98fea16c244a263f7b73622fd41594fc9271cb260576cceb78c419f975d733d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
etag
-304866155--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=38, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
562
300lo.json
m.addthis.com/live/red_lojson/
90 B
250 B
Script
General
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=6168e5b3f8b30b5b&bkl=0&bl=1&pdt=1452&sid=6168e5b3f8b30b5b&pub=ra-4ee7296b0598eca8&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=142.4.3.228&fp=&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=%D0%91%D1%8A%D0%BB%D0%B3%D0%B0%D1%80%D0%B8%D1%8F%20%D1%81%D0%B0%D0%BC%D0%BE%D0%BB%D0%B5%D1%82%D0%BD%D0%B8%20%D0%B1%D0%B8%D0%BB%D0%B5%D1%82%D0%B8%2C%D0%91%D1%8A%D0%BB%D0%B3%D0%B0%D1%80%D0%B8%D1%8F%20%D0%B0%D0%B2%D0%B8%D0%BE%D0%BA%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D0%B8%20%D0%BF%D1%80%D0%BE%D0%BC%D0%BE%D1%86%D0%B8%D0%B8&colc=1634264500555&jsl=1&uvs=6168e5b31975ddbd000&skipb=1&callback=addthis.cbs.jsonp__149470954573312160
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a33715085fa455982ebfdc0b249f294e5700709ae5defda17be6e4ca38fc66ca

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 02:21:41 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
90
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 326D
0
0

sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 6EA1
71 KB
26 KB
Document
General
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://142.4.3.228/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/

Response headers

server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
etag
W/"5f971164-11adc"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
26421
date
Fri, 15 Oct 2021 02:21:40 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
truncated
/
37 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/gif
layers.fa6cd1947ce26e890d3d.js
s7.addthis.com/static/
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-41cf5"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
date
Fri, 15 Oct 2021 02:21:40 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77617
147.1581dc34512966c2ddb7.js
s7.addthis.com/static/
1 KB
917 B
Script
General
Full URL
https://s7.addthis.com/static/147.1581dc34512966c2ddb7.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
0f839003422e5fe9c2dfd0e43d629d2f33a379e98c1558a6f5b7f5ef5cdf99b8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
W/"5f971164-45e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86313600
date
Fri, 15 Oct 2021 02:21:40 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
677
shares-post.json
api-public.addthis.com/url/serviceapi/
2 B
249 B
XHR
General
Full URL
https://api-public.addthis.com/url/serviceapi/shares-post.json?services=sFbt&url=https%3A%2F%2F142.4.3.228%2F
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://142.4.3.228/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
text/plain

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
surrogate-key
sFbt=https://142.4.3.228/
last-modified
Fri, 15 Oct 2021 02:00:00 GMT
server
nginx/1.15.8
date
Fri, 15 Oct 2021 02:21:40 GMT
content-type
application/json
access-control-allow-origin
https://142.4.3.228
cache-control
no-transform, max-age=0, s-maxage=14400
access-control-allow-credentials
true
content-length
2
share.php
vk.com/
21 B
478 B
Script
General
Full URL
https://vk.com/share.php?act=count&index=0&url=https%3A%2F%2F142.4.3.228%2F
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.240.190.78 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),
Reverse DNS
srv78-190-240-87.vk.com
Software
kittenx / KPHP/7.4.108923
Resource Hash
09b8585932e9851125c885d435a53f925d6b4d508b9f49b5cb929690509f1d85
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
x-frontend
front225204
server
kittenx
x-powered-by
KPHP/7.4.108923
strict-transport-security
max-age=15768000
content-type
text/html; charset=windows-1251
access-control-expose-headers
X-Frontend
cache-control
no-store
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
41
shares.json
api-public.addthis.com/url/
33 B
279 B
Script
General
Full URL
https://api-public.addthis.com/url/shares.json?url=https%3A%2F%2F142.4.3.228%2F&callback=_ate.cbs.rcb_emcx0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
6708356dee698a3efd6a12a2c5985c8c4d9401736da1e1c2b76dfb7f2135d590
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
142.4.3.228/
last-modified
Fri, 15 Oct 2021 02:21:40 GMT
server
nginx/1.15.8
date
Fri, 15 Oct 2021 02:21:40 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
53
share.php
vk.com/
21 B
479 B
Script
General
Full URL
https://vk.com/share.php?act=count&index=1&url=http%3A%2F%2F142.4.3.228%2F
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
87.240.190.78 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS vk.com, RU),
Reverse DNS
srv78-190-240-87.vk.com
Software
kittenx / KPHP/7.4.108923
Resource Hash
5c883fd81aa6616988d11949a780dfa476f39ba7aca55f1cfeaec60b5d19cbe4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:40 GMT
content-encoding
gzip
x-frontend
front225204
server
kittenx
x-powered-by
KPHP/7.4.108923
strict-transport-security
max-age=15768000
content-type
text/html; charset=windows-1251
access-control-expose-headers
X-Frontend
cache-control
no-store
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
41
shares.json
api-public.addthis.com/url/
33 B
279 B
Script
General
Full URL
https://api-public.addthis.com/url/shares.json?url=http%3A%2F%2F142.4.3.228%2F&callback=_ate.cbs.rcb_bk1v0
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
4d122fd37259339d532446babc7444b0f4e62c5e71cdf44f923ab9bce87397ca
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
surrogate-key
142.4.3.228/
last-modified
Fri, 15 Oct 2021 02:21:40 GMT
server
nginx/1.15.8
date
Fri, 15 Oct 2021 02:21:40 GMT
vary
Accept-Encoding
content-type
application/json
cache-control
no-transform, must-revalidate, max-age=0, s-maxage=3600
content-length
53
sodar
pagead2.googlesyndication.com/getconfig/
11 KB
9 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211013&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f2.1e100.net
Software
cafe /
Resource Hash
6cb9626bee36031e6363e719508bb920729decfd4880732c52af0de572096cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 15 Oct 2021 02:21:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8734
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110110101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8581489459044288&plah=142.4.3.228&bust=31063145
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f1.1e100.net
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 15 Oct 2021 02:21:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Fri, 15 Oct 2021 02:21:41 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame C2C3
12 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f1.1e100.net
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://142.4.3.228/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Thu, 14 Oct 2021 22:58:16 GMT
expires
Fri, 14 Oct 2022 22:58:16 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
12205
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 8CF7
783 B
532 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f4.1e100.net
Software
GSE /
Resource Hash
066b2da8989d4d81a9f9c0605164db8041ae6dcca49bf9db3782b4da4bd8c17d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ib+YtRdi8ZuqBeQ+CnbP+g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://142.4.3.228/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy-report-only
require-corp; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Fri, 15 Oct 2021 02:21:41 GMT
date
Fri, 15 Oct 2021 02:21:41 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-ib+YtRdi8ZuqBeQ+CnbP+g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
510
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
3NpV0t_ssl6JniOQZDZq0-jr2lBMmb0RSXUDLe8J8DM.js
pagead2.googlesyndication.com/bg/ Frame C2C3
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/3NpV0t_ssl6JniOQZDZq0-jr2lBMmb0RSXUDLe8J8DM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f2.1e100.net
Software
sffe /
Resource Hash
dcda55d2dfecb25e899e239064366ad3e8ebda504c99bd114975032def09f033
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 11 Oct 2021 17:41:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
290408
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13493
x-xss-protection
0
last-modified
Mon, 11 Oct 2021 11:08:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="botguard-scs"
expires
Tue, 11 Oct 2022 17:41:33 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 8CF7
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211013&jk=3102084332346618&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211013&jk=3102084332346618&bg=!BAelB0PNAAao6lBpqOo7ACkAdvg8WqavAOTZZ8MGDw_-sI2CsVHAgiByR2O0vhzo-_5RxWwzLX03NQIAAABVUgAAAAxoAQcKAMJHlJGaPeSd2okDn6CZqTTe9ctZRR5xiKJTeRejC2ebk8qPqN5CnNzqvUPWo25KYy0IxmVM4H4dRgJ5UG9AHAMh4nMrn-Pvx7ujWnMhDcz8SyvguymgSCTAJ8HK9xGRbFAa32VIdc4yMhVtdM9NHaZ_I1cUrkJnOcbCJ9u9RVs1m8Efh9cEvHEI8lktAFF6kXwIQjTycjKuYqVgCmZ1KGhaNNgTtE7MSIs0hSaGQA3HIqDZy6ACf0nwxt-pmQhDUVcqhZkCug0UkQATtZLQJ7IYV_nOUOWwFqGGNHMoLKJU-BtdGiS_7GsCag0TdAwdhqmGFbaffp3FApx5LiR8RlDDW2TUTCaDjHlEUGg0dTm2hedojb1pwI7z04XT8fc_ljRifw3haQ1RSTH6MaE2wk6lIVDBmpp52oOULLWdMt9qnxNKVPVjIX_gkoDy1w0-b_-d7Wzdy4_AuCEL5LSi9NK4bLtkhHWk95utED99Kp1PtIVlbPZ3pS9iNHsZDjQv4gi3RChpM6iDJMxp-eT_JbhewvX0Et3VwjpSlvA9kXhJoZrGtKezCjoxlAUSvP7hGnZkMEV7ahIoG2K9ubGZfLicSdvZ4p_t3M-LSor72Zv0NCPRt7-69rRXe8kzchebJdYxOLtHlHdOUmktSFT3zjAkGbj4ZlfIqwOEtv7O9tVJuUgWtCYXODllok4iuet_IWeVK0V30X7Dr2DfkwrouU8rAFP3a8pIVpTsb-WWi2G8vFNAkGiW3MNgjWGCvVI6VZvOgFZwfUzyBML1DtgvrBYqpXwPG85IyAQzIjgKEKngblrzYV18kn-DnanRYdMtqS3LWDLobzFgg4nvXQ24MLPT8Esl23fVqcyYg4EQgNVxDUy1ETncUaHWx-4_DMvBr25sW2uDugwOttqU1GQmqevmzwXaFdc844ICS5tUX37clKgg3H_B9J_E2JHB5Lf1wyLTrY3PiwGQZUL7nPlRMpCqMiEpI8G6yQxWUZZ1S3OUAmVWA7dJjBR_Iyd3Sl8DFvDwvUJAwYwXfPG-g6NYjTbmeoGSve7IddRUICbx1u5zVGrPlouAlm9V8hSsipztwgd1W43oEkP_3_T2Ape-VWxm8_NJJF5sNykqZ-gHzhLldzR_81NmytzIVl5_wjvPqWZzEJnxN3oi7C7kJzjFqijJ-z2bYV2jTlPoDrc4xkEB
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s46-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://142.4.3.228/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 15 Oct 2021 02:21:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect boolean| originAgentCluster string| GoogleAnalyticsObject function| ga object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| adsbygoogle string| google_user_agent_client_hint object| google_sa_queue object| google_sl_win function| google_process_slots boolean| google_apltlad function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| google_sa_impl object| google_persistent_state_async object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages boolean| __@@##MUH function| $ function| jQuery object| jQuery110207738462508652568 function| travellerCal function| showCS function| hideCS undefined| checkorigin undefined| itemname function| getiatamatch function| loadlinks function| renderseparatedls function| cookieinfo object| cbinstance object| addthis_config object| addthis_share object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks object| VK object| GoogleGcLKhOms object| google_image_requests

10 Cookies

Domain/Path Name / Value
.cookieinfoscript.com/ Name: __cf_bm
Value: fv2GyV3E_lGjLNk2QRwgwEuCT_vFl3V.cEkFBD17Ucg-1634264499-0-Aby0/aq0HwVIzErOrSdmLesW3OWKmkI7qoUZQPcZHVpGuO4LdPxYx0iPu+j/3V/W7MAysUCzQBWPY35ceem1W9U=
142.4.3.228/ Name: _ga
Value: GA1.1.557839887.1634264500
142.4.3.228/ Name: _gid
Value: GA1.1.2045764853.1634264500
142.4.3.228/ Name: _gat
Value: 1
142.4.3.228/ Name: __atuvc
Value: 1%7C41
142.4.3.228/ Name: __atuvs
Value: 6168e5b31975ddbd000
.doubleclick.net/ Name: IDE
Value: AHWqTUnhyS2FgK6ez7dkGuw8M5LMuo057YPFVmISaj0b-OWDNTkzBWGa1Fl2d_on
.addthis.com/ Name: uvc
Value: 1%7C41
.vk.com/ Name: remixlang
Value: 6
.addthis.com/ Name: loc
Value: MDAwMDBFVURFQlkyMjg2MTkwNDAwNTAwMDBDSA==

2 Console Messages

Source Level URL
Text
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=8672360826&adk=1841579268&adf=3128260259&pi=t.ma~as.8672360826&w=730&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=730x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499915&bpp=3&bdt=909&idt=131&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=2511726421019&frm=20&pv=1&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=435&ady=1671&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=lLTsMyZakR&p=https%3A//142.4.3.228&dtd=134
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8581489459044288&output=html&h=280&slotname=1232261827&adk=177228081&adf=3217305161&pi=t.ma~as.1232261827&w=1200&fwrn=4&fwrnh=100&lmt=1634264500&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2F142.4.3.228%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1634264499910&bpp=4&bdt=903&idt=108&shv=r20211013&mjsv=m202110110101&ptt=9&saldr=aa&abxe=1&correlator=2511726421019&frm=20&pv=2&ga_vid=557839887.1634264500&ga_sid=1634264500&ga_hid=220403628&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=200&ady=609&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31062423%2C31063145%2C31062526&oid=2&pvsid=3102084332346618&pem=407&eae=0&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=KFdAzFfWdc&p=https%3A//142.4.3.228&dtd=128
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
api-public.addthis.com
cookieinfoscript.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
m.addthis.com
pagead2.googlesyndication.com
partner.googleadservices.com
s7.addthis.com
stats.g.doubleclick.net
tpc.googlesyndication.com
v1.addthisedge.com
vk.com
www.discountflights.com
www.google-analytics.com
www.google.com
www.google.de
z.moatads.com
s7.addthis.com
104.21.34.18
104.75.88.126
142.250.184.196
142.250.184.206
142.250.185.163
142.250.185.226
142.250.185.66
142.250.185.97
142.250.185.98
142.250.186.162
142.250.186.163
142.4.3.228
172.217.16.138
2.18.235.40
216.58.212.130
64.233.166.154
87.240.190.78
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
025e6e0222f7d39e4d2b657482802afb30bea743eafffd015f24555cdec84717
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
066b2da8989d4d81a9f9c0605164db8041ae6dcca49bf9db3782b4da4bd8c17d
09b8585932e9851125c885d435a53f925d6b4d508b9f49b5cb929690509f1d85
0ab31a97c236988bb6e415187b2197cdbf689664173015dffd6da8eb96b1626f
0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f839003422e5fe9c2dfd0e43d629d2f33a379e98c1558a6f5b7f5ef5cdf99b8
185d9e549f5056cf9ad0438261c11b8569475e328886ef8c2a6367a536a4ae5f
2a08fd7715cf8682c03c3eaf2cf558849b1ffa89845fa763500f853214b12dba
2d2ad11e3c1a0fd81bb085050d4b3170beab2964b5b848a5309a6343322e3898
30c7c639fd48a0186026f900282a3b92893c32043019a5efb0ddf7e0805e296f
337a2f411eab4e33b237c03254a4c1cecd6171ce4a97a100e2bf365f66e2258a
345e41c382a42a0ef1017065d3fba90961cbaf41741dd519c7b5f77d52886f7a
432f9a7186d240aa7ab963e07f2a5038662542343facbe3bf32f25a1ea1bae8c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
451575204ff8e8fb6a42a669185d8480a461132285ebf960c9368513f910457f
4d122fd37259339d532446babc7444b0f4e62c5e71cdf44f923ab9bce87397ca
4d3a130015ee27ab670d9569d9c0d9fe9a95c867cf03f23b770c300b4eff069d
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5a6ac2cb9eb314212a8feb693841203c7579169b6b0bd7da8852837e42cde318
5c883fd81aa6616988d11949a780dfa476f39ba7aca55f1cfeaec60b5d19cbe4
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
628ce33c4485b6de0f53e3f4d230f392d3619c02ee0fe77dc518ce4a1db47508
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
6708356dee698a3efd6a12a2c5985c8c4d9401736da1e1c2b76dfb7f2135d590
6cb9626bee36031e6363e719508bb920729decfd4880732c52af0de572096cfa
71a49aa79f725f354ceca723099f7a41466cbf837988f4f6385c4977ff5ad4e2
731c436dc5c09cdcabc6a778fea3cbaddb481e032f4ea189a4691c5005a1a4df
742cfdd064b1e63af44fff6f6083b13f21d0c703e616dea858c0ea5605d8522c
7b276e3efcab42f3a4621be8212ad5d2bb900e6f1a738fde82351a236735a95d
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8dd3b91ca60e6a0486326c5c275590dd1d753240c2efa9f94730815813997fee
8f297a42c731c5e6412ef47dff5d7697e142a28abe98d34b515951d40e5e9f7d
9096318ef1c1cf4b3b42fb751ff4ea85e002926dbb8e36a4bea3d82da0bcee02
91f589cb227313d4eb170bd8919eb2640922689cc63143bd8095197cb152ad87
98fea16c244a263f7b73622fd41594fc9271cb260576cceb78c419f975d733d6
a33715085fa455982ebfdc0b249f294e5700709ae5defda17be6e4ca38fc66ca
a426f4bca2a310c645b680d68926ba947689052359728c427a1ffa669aeef0b6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
ac0d2c9fc0a5f57d932b7d3275f65fa81f17ea9724c3103cb41920210d982006
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b304a86c864028574108eb09666e65d28cba78782bee67deeda4d6bc19a50c7b
b4d0aae65248562dafb17d792149cb376a93d6cbfc70cb7052422356391864fb
b8f6aefbb47472521c0b9f3afefb6698d30a762ab666446eb90ec08baa9459dc
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bead0dd7087a0e308af27792e78a8681682339aaa86a3db9c19b66c5db833352
ca50b505ad260b27fcc8ddaf3afa328a22e5dca8f84f8cdda0c1c318b5ed00d4
cadde1f465d2cb9aac080f03758af0c34187c2ead088d25ec6d191d99830d356
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d0dae7f2e596097b2d28222966883a24ea85407312eef214ff423553bb3ae759
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d70f46d49842e5fd313259c3e10b39b4fa50c1552c93f959787da7e7a0deca60
db2659ed86753167ae5f4b0723e3d10e1bd3bb21ac5df55a261bff3753201076
db87f8b61387743b2450c1b9874e02b35ed8d61a98f12436e132526938d6f661
dcda55d2dfecb25e899e239064366ad3e8ebda504c99bd114975032def09f033
dea4baedf0a744a8a6019bf930c228210c5549b84955373ed3ba69d20657776b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebea925c8e646a901f659dbb087d94d70f5ab422e6bb7f9c3d009bfc93657bc2
ede055d18b7ee2504080ddf2e77576d094737085a98fed65874761cd23ba7793
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5b49529ed3d6c1dbc8bf1b8d05afba725cc9cc723b26df2c2b529b36515f2d2
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62