dailydeports.pw Open in urlscan Pro
2606:4700:3037::6815:53cd Public Scan

Go To Rescan
Add Verdict Report

URL:
http://dailydeports.pw/hidden.html
Submission Tags: falconsandbox
Submission: On April 29 via api (April 29th 2021, 7:23:35 am UTC) from US

Summary HTTP 184 Redirects Behaviour Indicators

Summary

This website contacted 23 IPs in 4 countries across 25 domains to perform 184 HTTP transactions. The main IP is 2606:4700:3037::6815:53cd, located in United States and belongs to CLOUDFLARENET, US. The main domain is dailydeports.pw.

This is the only time dailydeports.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3037::6815:53cd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	13.226.247.99 13.226.247.99	16509 (AMAZON-02) (AMAZON-02)
3 9	38.140.142.154 38.140.142.154	174 (COGENT-174) (COGENT-174)
1	174.137.133.18 174.137.133.18	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	174.137.133.17 174.137.133.17	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	2606:4700:303... 2606:4700:3035::6815:2cd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	18.205.91.216 18.205.91.216	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:303... 2606:4700:3032::ac43:b512	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	13.224.193.70 13.224.193.70	16509 (AMAZON-02) (AMAZON-02)
1 2	95.211.229.245 95.211.229.245	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	212.32.252.81 212.32.252.81	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	157.230.211.91 157.230.211.91	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
16	128.199.9.173 128.199.9.173	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
6	2600:1f18:43d... 2600:1f18:43d1:2a04:ee05:261e:d408:7ba1	14618 (AMAZON-AES) (AMAZON-AES)
3 3	34.248.5.237 34.248.5.237	16509 (AMAZON-02) (AMAZON-02)
27	2606:4700:303... 2606:4700:3037::ac43:8052	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
3	13.224.118.224 13.224.118.224	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700:303... 2606:4700:3037::ac43:ae36	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700:303... 2606:4700:3032::6815:da	13335 (CLOUDFLAR...) (CLOUDFLARENET)
62	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
3 3	52.117.22.28 52.117.22.28	36351 (SOFTLAYER) (SOFTLAYER)
12	52.117.22.24 52.117.22.24	36351 (SOFTLAYER) (SOFTLAYER)
3	13.224.106.110 13.224.106.110	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
184	23

1 2606:4700:3037::6815:53cd (United States)

ASN13335 (CLOUDFLARENET, US)

dailydeports.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.226.247.99 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

witalfieldt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 38.140.142.154 (Hollywood, United States) 3 redirects

ASN174 (COGENT-174, US)

rtb.froggyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.18 (United States)

ASN27257 (WEBAIR-INTERNET, US)

xml.popmonetizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.17 (United States)

ASN27257 (WEBAIR-INTERNET, US)

xml.adxnexus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:2cd1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

xml.revrtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.205.91.216 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

adro.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:b512 (United States)

ASN13335 (CLOUDFLARENET, US)

maquiags.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.70 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-70.fra2.r.cloudfront.net

gleaminist.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.211.229.245 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

syndication.exoclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.32.252.81 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

click.genesistracker.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.230.211.91 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

bintrck.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 128.199.9.173 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

free3dgame.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1f18:43d1:2a04:ee05:261e:d408:7ba1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

www.bestbeautycare.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.sterlingbestskincare.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.248.5.237 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-5-237.eu-west-1.compute.amazonaws.com

tracking.affid21221il.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2606:4700:3037::ac43:8052 (United States)

ASN13335 (CLOUDFLARENET, US)

the-btc-supersplit.financialmarketsworld.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.118.224 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-118-224.mad50.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3037::ac43:ae36 (United States)

ASN13335 (CLOUDFLARENET, US)

vid-algo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3032::6815:da (United States)

ASN13335 (CLOUDFLARENET, US)

api.the-btc-supersplit.financialmarketsworld.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.117.22.28 (United States) 3 redirects

ASN36351 (SOFTLAYER, US)
PTR: 1c.16.7534.ip4.static.sl-reverse.com

mylivechat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.117.22.24 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 18.16.7534.ip4.static.sl-reverse.com

a7.mylivechat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.106.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-106-110.mad50.r.cloudfront.net

clientcdn.pushengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
63	gstatic.com fonts.gstatic.com	1 MB
36	financialmarketsworld.com the-btc-supersplit.financialmarketsworld.com api.the-btc-supersplit.financialmarketsworld.com	1 MB
16	free3dgame.xyz free3dgame.xyz	1 MB
15	mylivechat.com 3 redirects mylivechat.com a7.mylivechat.com	257 KB
10	googleapis.com fonts.googleapis.com ajax.googleapis.com	22 KB
9	froggyads.com 3 redirects rtb.froggyads.com	11 KB
4	googletagmanager.com www.googletagmanager.com	130 KB
4	witalfieldt.com 3 redirects witalfieldt.com	3 KB
3	pushengage.com clientcdn.pushengage.com	55 KB
3	vid-algo.com vid-algo.com
3	cloudflare.com cdnjs.cloudflare.com	6 KB
3	cloudfront.net d3e54v103j8qbb.cloudfront.net	92 KB
3	affid21221il.com 3 redirects tracking.affid21221il.com	5 KB
3	sterlingbestskincare.xyz www.sterlingbestskincare.xyz	2 KB
3	bestbeautycare.xyz www.bestbeautycare.xyz	3 KB
2	exoclick.com 1 redirects syndication.exoclick.com	3 KB
1	bintrck.xyz 1 redirects bintrck.xyz	418 B
1	genesistracker.xyz 1 redirects click.genesistracker.xyz	340 B
1	gleaminist.info 1 redirects gleaminist.info	640 B
1	maquiags.com maquiags.com
1	adro.pro 1 redirects adro.pro	258 B
1	revrtb.com 1 redirects xml.revrtb.com	723 B
1	adxnexus.com xml.adxnexus.com	165 B
1	popmonetizer.com xml.popmonetizer.com	165 B
1	dailydeports.pw dailydeports.pw	2 KB
184	25

	Domain	Requested by
63	fonts.gstatic.com	fonts.googleapis.com
27	the-btc-supersplit.financialmarketsworld.com	dailydeports.pw the-btc-supersplit.financialmarketsworld.com
16	free3dgame.xyz	syndication.exoclick.com free3dgame.xyz
12	a7.mylivechat.com	the-btc-supersplit.financialmarketsworld.com mylivechat.com
9	api.the-btc-supersplit.financialmarketsworld.com	the-btc-supersplit.financialmarketsworld.com d3e54v103j8qbb.cloudfront.net
9	rtb.froggyads.com	3 redirects dailydeports.pw rtb.froggyads.com
7	fonts.googleapis.com	free3dgame.xyz ajax.googleapis.com mylivechat.com
4	www.googletagmanager.com	free3dgame.xyz the-btc-supersplit.financialmarketsworld.com
4	witalfieldt.com	3 redirects dailydeports.pw
3	clientcdn.pushengage.com	api.the-btc-supersplit.financialmarketsworld.com
3	mylivechat.com	3 redirects
3	vid-algo.com	the-btc-supersplit.financialmarketsworld.com
3	ajax.googleapis.com	the-btc-supersplit.financialmarketsworld.com
3	cdnjs.cloudflare.com	the-btc-supersplit.financialmarketsworld.com
3	d3e54v103j8qbb.cloudfront.net	the-btc-supersplit.financialmarketsworld.com
3	tracking.affid21221il.com	3 redirects
3	www.sterlingbestskincare.xyz	dailydeports.pw
3	www.bestbeautycare.xyz	dailydeports.pw
2	syndication.exoclick.com	1 redirects dailydeports.pw
1	bintrck.xyz	1 redirects
1	click.genesistracker.xyz	1 redirects
1	gleaminist.info	1 redirects
1	maquiags.com	dailydeports.pw
1	adro.pro	1 redirects
1	xml.revrtb.com	1 redirects
1	xml.adxnexus.com	dailydeports.pw
1	xml.popmonetizer.com	dailydeports.pw
1	dailydeports.pw
184	28

This site contains no links.

Subject Issuer	Validity	Valid
*.popmonetizer.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-06` - `2022-01-06`	a year	crt.sh
*.adxnexus.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-09` - `2022-03-09`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-07` - `2022-04-06`	a year	crt.sh
free3dgame.xyz R3	`2021-03-11` - `2021-06-09`	3 months	crt.sh
rtb.froggyads.com R3	`2021-04-22` - `2021-07-21`	3 months	crt.sh
www.bestbeautycare.xyz R3	`2021-04-28` - `2021-07-27`	3 months	crt.sh
www.sterlingbestskincare.xyz R3	`2021-03-05` - `2021-06-03`	3 months	crt.sh
financialmarketsworld.com Cloudflare Inc ECC CA-3	`2021-04-07` - `2022-04-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2021-02-22` - `2022-02-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.mylivechat.com Go Daddy Secure Certificate Authority - G2	`2020-09-03` - `2021-10-05`	a year	crt.sh
*.pushengage.com Amazon	`2021-01-27` - `2022-02-24`	a year	crt.sh

This page contains 9 frames:

Primary Page: http://dailydeports.pw/hidden.html
Frame ID: 8EC21E2971715296413D0D70A672A7B7
Requests: 1 HTTP requests in this frame

Frame: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Frame ID: 91642CB7AB1D86FA44A073634F508D72
Requests: 52 HTTP requests in this frame

Frame: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Frame ID: D1EEA0CECCEDE15D328106E3B008C4A8
Requests: 52 HTTP requests in this frame

Frame: https://xml.popmonetizer.com/redirect?feed=184608&auth=02szyf&pubid=93422
Frame ID: 5C068AB391884625D69173C3DB8F9F87
Requests: 1 HTTP requests in this frame

Frame: https://xml.adxnexus.com/redirect?feed=184609&auth=3IQfNU&pubid=95210
Frame ID: CE57E25A9E412FC83CCCB573C9F7B235
Requests: 1 HTTP requests in this frame

Frame: https://maquiags.com/serve/50299/63786/szqpmqqoapdpgpq/aHR0cDovL2hpY2hhbWVkZDYuY29t
Frame ID: A351DF0FD1C5D898994AAA4F0E1E346D
Requests: 1 HTTP requests in this frame

Frame: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Frame ID: 66573EF2602C659791437FF1DABAC585
Requests: 52 HTTP requests in this frame

Frame: http://witalfieldt.com/redirect?tid=758290&&ref=
Frame ID: D553B9729E337CFE27578BA891AE5447
Requests: 1 HTTP requests in this frame

Frame: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951
Frame ID: AC317BE31CF3D283EE07ACDE99327386
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

184
Requests

90 %
HTTPS

48 %
IPv6

25
Domains

28
Subdomains

23
IPs

4
Countries

4210 kB
Transfer

8331 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER] HTTP 302
http://rtb.froggyads.com/postback/click?key=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c

Request Chain 1

http://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER] HTTP 302
http://rtb.froggyads.com/postback/click?key=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4

Request Chain 4

https://xml.revrtb.com/redirect?feed=184607&auth=cOcGqf&pubid=95209 HTTP 302
http://adro.pro/ad/ad?p=198473&w=584361&d=84b9c2d57bbb443fc97a-1598881844584361&s=263603.184607 HTTP 303
https://maquiags.com/serve/50299/63786/szqpmqqoapdpgpq/aHR0cDovL2hpY2hhbWVkZDYuY29t

Request Chain 5

http://gleaminist.info/redirect?tid=766231&ref=http://www.sebn.me HTTP 302
http://rtb.froggyads.com/postback/click?key=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b

Request Chain 7

http://witalfieldt.com/redirect?tid=780714&&ref=nlsport.net HTTP 302
http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmVyX2lkPTUyOTkmc3ViMT1vb2RSWkhOUExITlJaSE5WUTdYcmQxRlZrdGxsanFiYUtwYTdhM1RTMFR6eXVkVk5NNm1aMDdxWlhTdWxkSzZ5bVowOWRWbHQxVHA2NnJMYnEzU3VsZE82ZDBycFhUT2xkSzZWMmVkZGsxRXV0ZGswdTA5dGRPbHR0M0UydFZuRk52RzFUdHA5OXF0Nk5OWjZkdEpxODZLNTVkcXJwOXA5WnJ0S3RYV1d5MlRVdTJ6Ny5YdHVJSkRGakVsem5TdWxkSzYyNTBycFhCOWcmc3ViMj0zNTcwNzc3XzQyNjk2NDJ8aHR0cHwzNy4xMjAuMTM3LjE1M3xDSEV8NDF8YWQtbWF2ZW4uY29tfDcxNDYxMnw0MzA2NzV8ODE1NDMxfDM1NzA3Nzd8NTExfDQyNjk2NDJ8NDgzNTA2ODZ8NDB8MnwwfDB8NzQxfDc4MDcxNHwwLjA1fDc1fFVTRHxFVVJ8MS4yMDAzfDEuMjAwM3wyMnx8MXxDSEV8fDEwMnw0fDB8fGFhNjcxMzBjNjcxMGQyODY0Yjg4OWYxYzU3ZjQ4ZmQ1fGQyZWQ1ZTNiYzI0ZGIxNmEzNjIwZDU5MmQyYzE5YjVjfDB8MnxkYWlseWRlcG9ydHMucHd8MHw1Mzg3MnwxMDMyMjB8MC4xNXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MjY1Nzg5NXwtMXwwfDI2NTc4OTZ8aG9zdGluZ3x2cG58MHwwfHwyfDB8MHw4OXwwfDB8MXxPS3xhOWY3ZGQ0NDMxM2MxYzFjMmE4YjY3YWVjNjUxZTlhOA--

Request Chain 8

http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmVyX2lkPTUyOTkmc3ViMT1vb2RSWkhOUExITlJaSE5WUTdYcmQxRlZrdGxsanFiYUtwYTdhM1RTMFR6eXVkVk5NNm1aMDdxWlhTdWxkSzZ5bVowOWRWbHQxVHA2NnJMYnEzU3VsZE82ZDBycFhUT2xkSzZWMmVkZGsxRXV0ZGswdTA5dGRPbHR0M0UydFZuRk52RzFUdHA5OXF0Nk5OWjZkdEpxODZLNTVkcXJwOXA5WnJ0S3RYV1d5MlRVdTJ6Ny5YdHVJSkRGakVsem5TdWxkSzYyNTBycFhCOWcmc3ViMj0zNTcwNzc3XzQyNjk2NDJ8aHR0cHwzNy4xMjAuMTM3LjE1M3xDSEV8NDF8YWQtbWF2ZW4uY29tfDcxNDYxMnw0MzA2NzV8ODE1NDMxfDM1NzA3Nzd8NTExfDQyNjk2NDJ8NDgzNTA2ODZ8NDB8MnwwfDB8NzQxfDc4MDcxNHwwLjA1fDc1fFVTRHxFVVJ8MS4yMDAzfDEuMjAwM3wyMnx8MXxDSEV8fDEwMnw0fDB8fGFhNjcxMzBjNjcxMGQyODY0Yjg4OWYxYzU3ZjQ4ZmQ1fGQyZWQ1ZTNiYzI0ZGIxNmEzNjIwZDU5MmQyYzE5YjVjfDB8MnxkYWlseWRlcG9ydHMucHd8MHw1Mzg3MnwxMDMyMjB8MC4xNXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MjY1Nzg5NXwtMXwwfDI2NTc4OTZ8aG9zdGluZ3x2cG58MHwwfHwyfDB8MHw4OXwwfDB8MXxPS3xhOWY3ZGQ0NDMxM2MxYzFjMmE4YjY3YWVjNjUxZTlhOA--&p=http%3A%2F%2Fdailydeports.pw%2F&tested=1&check=5f497cfa7f14d48ebdef6c189431fdcc&screen_resolution=1600x1200&container_resolution=1x8&iframe=1 HTTP 302
https://click.genesistracker.xyz/click?pid=8791&offer_id=5299&sub1=oodRZHNPLHNRZHNVQ7Xrd1FVktlljqbaKpa7a3TS0TzyudVNM6mZ07qZXSuldK6ymZ09dVlt1Tp66rLbq3SuldO6d0rpXTOldK6V2eddk1Eutdk0u09tdOltt3E2tVnFNvG1Ttp99qt6NNZ6dtJq86K55dqrp9p9ZrtKtXWWy2TUu2z7.XtuIJDFjElznSuldK6250rpXB9g&sub2=3570777_4269642&exffir=eyJjIjoiNWY0OTdjZmE3ZjE0ZDQ4ZWJkZWY2YzE4OTQzMWZkY2MiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9 HTTP 302
https://bintrck.xyz/click.php?key=vkbxftvoqw8tq5vg6sia&tsource=&domain=8791&ad=&category=3570777_4269642&campaign=&domainname=&unique=&code=608a5ee26003c20001edab69&base=&keyword= HTTP 302
https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Request Chain 12

http://rtb.froggyads.com/postback/click?key=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&token=b526428a88208b1169ca7d14d9d2f76d&timezone=-120 HTTP 302
https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=da6bd9f645caebd7622ad51ee909604c&SITE_ID=ef5007f144ff0829676152564bc59aea&PLACEMENT_ID=ef5007f144ff0829676152564bc59aea&SOURCE_ID=da6bd9f645caebd7622ad51ee909604c%3Aef5007f144ff0829676152564bc59aea%3Aef5007f144ff0829676152564bc59aea&KEYWORD=Streaming%2CSport

Request Chain 13

http://rtb.froggyads.com/postback/click?key=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&token=5878c9b3552f414a5b2f56b5d648d356&timezone=-120 HTTP 302
https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=f775ec92b8944ea368a62c5554728feb&SITE_ID=bc2dc1d53cca8b7092dfe93e81e34498&PLACEMENT_ID=bc2dc1d53cca8b7092dfe93e81e34498&SOURCE_ID=f775ec92b8944ea368a62c5554728feb%3Abc2dc1d53cca8b7092dfe93e81e34498%3Abc2dc1d53cca8b7092dfe93e81e34498&KEYWORD=Streaming%2CSport

Request Chain 14

http://rtb.froggyads.com/postback/click?key=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&token=fc9fe513d238481acc56252b2ad6cc3d&timezone=-120 HTTP 302
https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=0ad2ae344d0eaf8f30ecabbfd944ca2b&SITE_ID=5d8cebb6ca81c838dab877b7bd768af8&PLACEMENT_ID=5d8cebb6ca81c838dab877b7bd768af8&SOURCE_ID=0ad2ae344d0eaf8f30ecabbfd944ca2b%3A5d8cebb6ca81c838dab877b7bd768af8%3A5d8cebb6ca81c838dab877b7bd768af8&KEYWORD=Streaming%2CSport

Request Chain 23

https://tracking.affid21221il.com/aff_c?offer_id=6718&aff_id=8011 HTTP 302
https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

Request Chain 24

https://tracking.affid21221il.com/aff_c?offer_id=6718&aff_id=8011 HTTP 302
https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

Request Chain 25

https://tracking.affid21221il.com/aff_c?offer_id=6718&aff_id=8011 HTTP 302
https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

Request Chain 155

https://mylivechat.com/chatinline.aspx?hccid=45224259 HTTP 302
https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline

Request Chain 156

https://mylivechat.com/chatinline.aspx?hccid=45224259 HTTP 302
https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline

Request Chain 160

https://mylivechat.com/chatinline.aspx?hccid=45224259 HTTP 302
https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline

184 HTTP transactions
-1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set hidden.html Show response
dailydeports.pw/ 4 KB
2 KB 99ms
82ms Document
text/html 2606:4700:3037::6815:53cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Server: 2606:4700:3037::6815:53cd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5ff19ad3d39ecf31e411a2cd69670717df2151a31ac53dbfd4252deb83a1367

Request headers

Host: dailydeports.pw
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dcc04961674c05dec87c8a2d0e0cdac5d1619680993; expires=Sat, 29-May-21 07:23:13 GMT; path=/; domain=.dailydeports.pw; HttpOnly; SameSite=Lax
Last-Modified: Sat, 09 Jan 2021 15:31:27 GMT
CF-Cache-Status: DYNAMIC
cf-request-id: 09be1bb9860000175ea9aa3000000001
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FnK1QNwgTwJbZ8a6JZN%2BHPEEfNwiGmJOTJsUUyTBVHgIoFSeXjUVgvm37hRvxZKZ9cWtpgSDlORZWaCIkUVQY9DomT4YC%2BVe4c1Tdj0LuWUPiB3%2BxvKPBbpySgg%3D"}],"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6476c8a278c5175e-FRA
Content-Encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1

200

Cookie set click Show response
rtb.froggyads.com/postback/ Frame 9164
Redirect Chain

http://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
http://rtb.froggyads.com/postback/click?key=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c

3 KB
3 KB

325ms
303ms

Document
text/html

38.140.142.154
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: http://rtb.froggyads.com/postback/click?key=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Server: 38.140.142.154 Hollywood, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0a661d3824f4ed387de8e5c9ff28b88d9f7285a5cb6a590ca9047dcde9ad2f9b

Request headers

Host: rtb.froggyads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://dailydeports.pw/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

Server: openresty/1.15.8.3
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 2641
Connection: close
Set-Cookie: platform_user_id=desktop:3ae04c416beba248c29b1a03e810f204 platform_user_id_3rd_party=desktop:3ae04c416beba248c29b1a03e810f204; SameSite=None; Secure; Max-Age=31556952

Redirect headers

Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Thu, 29 Apr 2021 07:23:14 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=a870c55e-97ea-4dc7-81ce-900c83f300ac
Location: http://rtb.froggyads.com/postback/click?key=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c
X-Cache: Miss from cloudfront
Via: 1.1 56cbea46411c374126fd233b4568d81c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FCO50-C1
X-Amz-Cf-Id: 7EqIFdiD5jb0kyMd5qTpbarhoHdhFfez1J9qePrAYnVOw4e3ZvrRpg==

GET
H/1.1

200

Cookie set click Show response
rtb.froggyads.com/postback/ Frame D1EE
Redirect Chain

http://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
http://rtb.froggyads.com/postback/click?key=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4

3 KB
3 KB

326ms
299ms

Document
text/html

38.140.142.154
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: http://rtb.froggyads.com/postback/click?key=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Server: 38.140.142.154 Hollywood, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d4ecda487864ac7565133b4862ce4478d6b5f7877661ad7d89ac8a57fd25dd3f

Request headers

Host: rtb.froggyads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://dailydeports.pw/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

Server: openresty/1.15.8.3
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 2641
Connection: close
Set-Cookie: platform_user_id=desktop:3ae04c416beba248c29b1a03e810f204 platform_user_id_3rd_party=desktop:3ae04c416beba248c29b1a03e810f204; SameSite=None; Secure; Max-Age=31556952

Redirect headers

Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Thu, 29 Apr 2021 07:23:14 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=0311897e-dc66-4c57-9e20-561b4a4b2fa6
Location: http://rtb.froggyads.com/postback/click?key=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4
X-Cache: Miss from cloudfront
Via: 1.1 2484a98c2bb72ea475d1dedc9738ceda.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FCO50-C1
X-Amz-Cf-Id: rHBoT7VoF8AiKl_BN-1Se_zdSGk1ZO43UiaaU4BO-q21e2zrZSmHDw==

GET
H/1.1 200
OK redirect Show response
xml.popmonetizer.com/ Frame 5C06 0
165 B 374ms
131ms Document
text/plain 174.137.133.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.popmonetizer.com/redirect?feed=184608&auth=02szyf&pubid=93422
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.popmonetizer.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://dailydeports.pw/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache

GET
H/1.1 200
OK redirect Show response
xml.adxnexus.com/ Frame CE57 0
165 B 354ms
117ms Document
text/plain 174.137.133.17
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.adxnexus.com/redirect?feed=184609&auth=3IQfNU&pubid=95210
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.17 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.adxnexus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://dailydeports.pw/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache

GET
H2

200

aHR0cDovL2hpY2hhbWVkZDYuY29t
maquiags.com/serve/50299/63786/szqpmqqoapdpgpq/ Frame A351
Redirect Chain

https://xml.revrtb.com/redirect?feed=184607&auth=cOcGqf&pubid=95209
http://adro.pro/ad/ad?p=198473&w=584361&d=84b9c2d57bbb443fc97a-1598881844584361&s=263603.184607
https://maquiags.com/serve/50299/63786/szqpmqqoapdpgpq/aHR0cDovL2hpY2hhbWVkZDYuY29t

0
0

63ms
37ms

Document
text/html

2606:4700:3032::ac43:b512
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maquiags.com/serve/50299/63786/szqpmqqoapdpgpq/aHR0cDovL2hpY2hhbWVkZDYuY29t

Requested by

Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:b512 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

:method: GET
:authority: maquiags.com
:scheme: https
:path: /serve/50299/63786/szqpmqqoapdpgpq/aHR0cDovL2hpY2hhbWVkZDYuY29t
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://dailydeports.pw/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

date: Thu, 29 Apr 2021 07:23:15 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d64ec7d153df4b647d800bbe1da1e013c1619680994; expires=Sat, 29-May-21 07:23:14 GMT; path=/; domain=.maquiags.com; HttpOnly; SameSite=Lax
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
cf-request-id: 09be1bbea100004e68d0add000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=I95mzChQLhY0FLEHEWChHwh4R33UwSCg6iJplqxjpk1ZCyhiCaHUSwh4b71myP0SyMYjFrzAwGncYEXD0DxlZm0MwufX3SV4fyo9ZRq1jj0ihiVvHvq7shk%3D"}],"max_age":604800,"group":"cf-nel"}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6476c8aa9a6f4e68-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Thu, 29 Apr 2021 07:23:14 GMT
Location: https://maquiags.com/serve/50299/63786/szqpmqqoapdpgpq/aHR0cDovL2hpY2hhbWVkZDYuY29t
Server: nginx
Content-Length: 110
Connection: keep-alive

GET
H/1.1

200

Cookie set click Show response
rtb.froggyads.com/postback/ Frame 6657
Redirect Chain

http://gleaminist.info/redirect?tid=766231&ref=http://www.sebn.me
http://rtb.froggyads.com/postback/click?key=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b

3 KB
3 KB

305ms
282ms

Document
text/html

38.140.142.154
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: http://rtb.froggyads.com/postback/click?key=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Server: 38.140.142.154 Hollywood, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3ef07a2e68c3368f7fa043be9ed60f4b06ee2dfbd901971b7524fd23d6db3070

Request headers

Host: rtb.froggyads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://dailydeports.pw/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

Server: openresty/1.15.8.3
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 2641
Connection: close
Set-Cookie: platform_user_id=desktop:3ae04c416beba248c29b1a03e810f204 platform_user_id_3rd_party=desktop:3ae04c416beba248c29b1a03e810f204; SameSite=None; Secure; Max-Age=31556952

Redirect headers

Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Thu, 29 Apr 2021 07:23:14 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=48069133-9811-4054-b1d3-2ede40ec1f9b
Location: http://rtb.froggyads.com/postback/click?key=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b
X-Cache: Miss from cloudfront
Via: 1.1 59d92388a3a66e5f245f384a437fa025.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C1
X-Amz-Cf-Id: rLosjMzJw14Zhinmy3hpMQoGwjiJWhd-g98wubDtFVJ2NdHQy01CgQ==

GET
H/1.1 204
No Content redirect
witalfieldt.com/ Frame D553 0
0 518ms
497ms Document
text/plain 13.226.247.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://witalfieldt.com/redirect?tid=758290&&ref=
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Server: 13.226.247.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: openresty/1.17.8.2 /
Resource Hash

Request headers

Host: witalfieldt.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://dailydeports.pw/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

Content-Type: text/plain
Connection: keep-alive
Date: Thu, 29 Apr 2021 07:23:14 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=cab3ed90-a8ed-43ea-836c-578e04af61f5
X-Cache: Miss from cloudfront
Via: 1.1 4cc953035401a6d0e91ee55c85817068.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FCO50-C1
X-Amz-Cf-Id: uImXxTwsuzLOUtXHhlp65uKFKs6IepTX7r9HcMau6Gu1c3hEvjvX_Q==

GET
H/1.1

200
OK

Cookie set cimp.php Show response
syndication.exoclick.com/ Frame AC31
Redirect Chain

http://witalfieldt.com/redirect?tid=780714&&ref=nlsport.net
http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmV...

4 KB
2 KB

74ms
45ms

Document
text/html

95.211.229.245
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmVyX2lkPTUyOTkmc3ViMT1vb2RSWkhOUExITlJaSE5WUTdYcmQxRlZrdGxsanFiYUtwYTdhM1RTMFR6eXVkVk5NNm1aMDdxWlhTdWxkSzZ5bVowOWRWbHQxVHA2NnJMYnEzU3VsZE82ZDBycFhUT2xkSzZWMmVkZGsxRXV0ZGswdTA5dGRPbHR0M0UydFZuRk52RzFUdHA5OXF0Nk5OWjZkdEpxODZLNTVkcXJwOXA5WnJ0S3RYV1d5MlRVdTJ6Ny5YdHVJSkRGakVsem5TdWxkSzYyNTBycFhCOWcmc3ViMj0zNTcwNzc3XzQyNjk2NDJ8aHR0cHwzNy4xMjAuMTM3LjE1M3xDSEV8NDF8YWQtbWF2ZW4uY29tfDcxNDYxMnw0MzA2NzV8ODE1NDMxfDM1NzA3Nzd8NTExfDQyNjk2NDJ8NDgzNTA2ODZ8NDB8MnwwfDB8NzQxfDc4MDcxNHwwLjA1fDc1fFVTRHxFVVJ8MS4yMDAzfDEuMjAwM3wyMnx8MXxDSEV8fDEwMnw0fDB8fGFhNjcxMzBjNjcxMGQyODY0Yjg4OWYxYzU3ZjQ4ZmQ1fGQyZWQ1ZTNiYzI0ZGIxNmEzNjIwZDU5MmQyYzE5YjVjfDB8MnxkYWlseWRlcG9ydHMucHd8MHw1Mzg3MnwxMDMyMjB8MC4xNXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MjY1Nzg5NXwtMXwwfDI2NTc4OTZ8aG9zdGluZ3x2cG58MHwwfHwyfDB8MHw4OXwwfDB8MXxPS3xhOWY3ZGQ0NDMxM2MxYzFjMmE4YjY3YWVjNjUxZTlhOA--
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: HTTP/1.1
Server: 95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx /
Resource Hash: 640821feba1494cfcb8501cef7520c029f234bcfcee123bc18292b3fdb95a108

Request headers

Host: syndication.exoclick.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://dailydeports.pw/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://dailydeports.pw/

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22608a5ee2547181.901489663546804387%22%3B%7D; expires=Sat, 29 Apr 2023 07:23:14 GMT; path=; domain=.exoclick.com;
Content-Encoding: gzip

Redirect headers

Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Thu, 29 Apr 2021 07:23:14 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
set-cookie: csu=0c2aba64-db11-46da-a120-18df3f616e86
Location: http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmVyX2lkPTUyOTkmc3ViMT1vb2RSWkhOUExITlJaSE5WUTdYcmQxRlZrdGxsanFiYUtwYTdhM1RTMFR6eXVkVk5NNm1aMDdxWlhTdWxkSzZ5bVowOWRWbHQxVHA2NnJMYnEzU3VsZE82ZDBycFhUT2xkSzZWMmVkZGsxRXV0ZGswdTA5dGRPbHR0M0UydFZuRk52RzFUdHA5OXF0Nk5OWjZkdEpxODZLNTVkcXJwOXA5WnJ0S3RYV1d5MlRVdTJ6Ny5YdHVJSkRGakVsem5TdWxkSzYyNTBycFhCOWcmc3ViMj0zNTcwNzc3XzQyNjk2NDJ8aHR0cHwzNy4xMjAuMTM3LjE1M3xDSEV8NDF8YWQtbWF2ZW4uY29tfDcxNDYxMnw0MzA2NzV8ODE1NDMxfDM1NzA3Nzd8NTExfDQyNjk2NDJ8NDgzNTA2ODZ8NDB8MnwwfDB8NzQxfDc4MDcxNHwwLjA1fDc1fFVTRHxFVVJ8MS4yMDAzfDEuMjAwM3wyMnx8MXxDSEV8fDEwMnw0fDB8fGFhNjcxMzBjNjcxMGQyODY0Yjg4OWYxYzU3ZjQ4ZmQ1fGQyZWQ1ZTNiYzI0ZGIxNmEzNjIwZDU5MmQyYzE5YjVjfDB8MnxkYWlseWRlcG9ydHMucHd8MHw1Mzg3MnwxMDMyMjB8MC4xNXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MjY1Nzg5NXwtMXwwfDI2NTc4OTZ8aG9zdGluZ3x2cG58MHwwfHwyfDB8MHw4OXwwfDB8MXxPS3xhOWY3ZGQ0NDMxM2MxYzFjMmE4YjY3YWVjNjUxZTlhOA--
X-Cache: Miss from cloudfront
Via: 1.1 2862752c63edb38e4edc7a47a3960f89.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FCO50-C1
X-Amz-Cf-Id: obzy6uIFnzlzaUd15fnYGxluvGL-5wqBK7b0HjEw1aTgcgpygXmvsA==

GET
H2

200

/ Show response
free3dgame.xyz/BC/Erotic_games_v2/ Frame AC31
Redirect Chain

http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmV...
https://click.genesistracker.xyz/click?pid=8791&offer_id=5299&sub1=oodRZHNPLHNRZHNVQ7Xrd1FVktlljqbaKpa7a3TS0TzyudVNM6mZ07qZXSuldK6ymZ09dVlt1Tp66rLbq3SuldO6d0rpXTOldK6V2eddk1Eutdk0u09tdOltt3E2tVnFNv...
https://bintrck.xyz/click.php?key=vkbxftvoqw8tq5vg6sia&tsource=&domain=8791&ad=&category=3570777_4269642&campaign=&domainname=&unique=&code=608a5ee26003c20001edab69&base=&keyword=
https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

11 KB
4 KB

566ms
177ms

Document
text/html

128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Requested by

Host: syndication.exoclick.com
URL: http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmVyX2lkPTUyOTkmc3ViMT1vb2RSWkhOUExITlJaSE5WUTdYcmQxRlZrdGxsanFiYUtwYTdhM1RTMFR6eXVkVk5NNm1aMDdxWlhTdWxkSzZ5bVowOWRWbHQxVHA2NnJMYnEzU3VsZE82ZDBycFhUT2xkSzZWMmVkZGsxRXV0ZGswdTA5dGRPbHR0M0UydFZuRk52RzFUdHA5OXF0Nk5OWjZkdEpxODZLNTVkcXJwOXA5WnJ0S3RYV1d5MlRVdTJ6Ny5YdHVJSkRGakVsem5TdWxkSzYyNTBycFhCOWcmc3ViMj0zNTcwNzc3XzQyNjk2NDJ8aHR0cHwzNy4xMjAuMTM3LjE1M3xDSEV8NDF8YWQtbWF2ZW4uY29tfDcxNDYxMnw0MzA2NzV8ODE1NDMxfDM1NzA3Nzd8NTExfDQyNjk2NDJ8NDgzNTA2ODZ8NDB8MnwwfDB8NzQxfDc4MDcxNHwwLjA1fDc1fFVTRHxFVVJ8MS4yMDAzfDEuMjAwM3wyMnx8MXxDSEV8fDEwMnw0fDB8fGFhNjcxMzBjNjcxMGQyODY0Yjg4OWYxYzU3ZjQ4ZmQ1fGQyZWQ1ZTNiYzI0ZGIxNmEzNjIwZDU5MmQyYzE5YjVjfDB8MnxkYWlseWRlcG9ydHMucHd8MHw1Mzg3MnwxMDMyMjB8MC4xNXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MjY1Nzg5NXwtMXwwfDI2NTc4OTZ8aG9zdGluZ3x2cG58MHwwfHwyfDB8MHw4OXwwfDB8MXxPS3xhOWY3ZGQ0NDMxM2MxYzFjMmE4YjY3YWVjNjUxZTlhOA--

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

f325a62ca01f04b3d744aefeaa2854046aa3b18c280d4ef72842cf87afb3c6b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: free3dgame.xyz
:scheme: https
:path: /BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://syndication.exoclick.com/cimp.php?data=TVRZeE9UWTRNRGs1Tkh4aFkyUTRZalV6TW1SbE9UWXhZMk13TURrM1pXTmlObUUyWVRSa1pqSTNNUS0tfGh0dHBzOi8vY2xpY2suZ2VuZXNpc3RyYWNrZXIueHl6L2NsaWNrP3BpZD04NzkxJm9mZmVyX2lkPTUyOTkmc3ViMT1vb2RSWkhOUExITlJaSE5WUTdYcmQxRlZrdGxsanFiYUtwYTdhM1RTMFR6eXVkVk5NNm1aMDdxWlhTdWxkSzZ5bVowOWRWbHQxVHA2NnJMYnEzU3VsZE82ZDBycFhUT2xkSzZWMmVkZGsxRXV0ZGswdTA5dGRPbHR0M0UydFZuRk52RzFUdHA5OXF0Nk5OWjZkdEpxODZLNTVkcXJwOXA5WnJ0S3RYV1d5MlRVdTJ6Ny5YdHVJSkRGakVsem5TdWxkSzYyNTBycFhCOWcmc3ViMj0zNTcwNzc3XzQyNjk2NDJ8aHR0cHwzNy4xMjAuMTM3LjE1M3xDSEV8NDF8YWQtbWF2ZW4uY29tfDcxNDYxMnw0MzA2NzV8ODE1NDMxfDM1NzA3Nzd8NTExfDQyNjk2NDJ8NDgzNTA2ODZ8NDB8MnwwfDB8NzQxfDc4MDcxNHwwLjA1fDc1fFVTRHxFVVJ8MS4yMDAzfDEuMjAwM3wyMnx8MXxDSEV8fDEwMnw0fDB8fGFhNjcxMzBjNjcxMGQyODY0Yjg4OWYxYzU3ZjQ4ZmQ1fGQyZWQ1ZTNiYzI0ZGIxNmEzNjIwZDU5MmQyYzE5YjVjfDB8MnxkYWlseWRlcG9ydHMucHd8MHw1Mzg3MnwxMDMyMjB8MC4xNXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MjY1Nzg5NXwtMXwwfDI2NTc4OTZ8aG9zdGluZ3x2cG58MHwwfHwyfDB8MHw4OXwwfDB8MXxPS3xhOWY3ZGQ0NDMxM2MxYzFjMmE4YjY3YWVjNjUxZTlhOA--

Response headers

server: nginx
date: Thu, 29 Apr 2021 07:23:15 GMT
content-type: text/html
last-modified: Thu, 11 Mar 2021 18:44:43 GMT
vary: Accept-Encoding
etag: W/"604a651b-2d7c"
strict-transport-security: max-age=31536000
content-encoding: gzip

Redirect headers

server: nginx/1.18.0
date: Thu, 29 Apr 2021 07:23:14 GMT
content-type: text/html; charset=UTF-8
location: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951
set-cookie: uclick=bz4pktbgi4; expires=Fri, 30-Apr-2021 07:23:14 GMT; Max-Age=86400; path=/; secure; SameSite=none uclickhash=bz4pktbgi4-bz4pktbgi4-dufe-0-irib3y-2t9rfv-2tb4uq-253bc4; expires=Fri, 30-Apr-2021 07:23:14 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000

POST
H2 200 realtime Show response
rtb.froggyads.com/services/druid/ingestion/ Frame 6657 14 B
149 B 471ms
152ms XHR
text/html 38.140.142.154
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.froggyads.com/services/druid/ingestion/realtime?datasource=test
Requested by: Host: rtb.froggyads.com
URL: http://rtb.froggyads.com/postback/click?key=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 38.140.142.154 Hollywood, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7f12005693694cf30a113bb4e3b720c44d6d9fe5f191525a979b0095b15f0b8a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: null
date: Thu, 29 Apr 2021 07:23:14 GMT
access-control-allow-credentials: true
server: openresty/1.15.8.3
content-length: 14
content-type: text/html;charset=UTF-8

POST
H2 200 realtime Show response
rtb.froggyads.com/services/druid/ingestion/ Frame 9164 14 B
148 B 426ms
153ms XHR
text/html 38.140.142.154
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.froggyads.com/services/druid/ingestion/realtime?datasource=test
Requested by: Host: rtb.froggyads.com
URL: http://rtb.froggyads.com/postback/click?key=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 38.140.142.154 Hollywood, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7f12005693694cf30a113bb4e3b720c44d6d9fe5f191525a979b0095b15f0b8a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: null
date: Thu, 29 Apr 2021 07:23:14 GMT
access-control-allow-credentials: true
server: openresty/1.15.8.3
content-length: 14
content-type: text/html;charset=UTF-8

POST
H2 200 realtime Show response
rtb.froggyads.com/services/druid/ingestion/ Frame D1EE 14 B
148 B 410ms
152ms XHR
text/html 38.140.142.154
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.froggyads.com/services/druid/ingestion/realtime?datasource=test
Requested by: Host: rtb.froggyads.com
URL: http://rtb.froggyads.com/postback/click?key=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 38.140.142.154 Hollywood, United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7f12005693694cf30a113bb4e3b720c44d6d9fe5f191525a979b0095b15f0b8a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: null
date: Thu, 29 Apr 2021 07:23:14 GMT
access-control-allow-credentials: true
server: openresty/1.15.8.3
content-length: 14
content-type: text/html;charset=UTF-8

GET
H/1.1

200
OK

Cookie set e9530a70-0f02-4ed5-a680-99e176c9e9d0 Show response
www.bestbeautycare.xyz/go/ Frame 6657
Redirect Chain

http://rtb.froggyads.com/postback/click?key=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&token=b526428a88208b1169ca7d14d9d2f76d&timezone=-120
https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619...

260 B
983 B

317ms
107ms

Document
text/html

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=da6bd9f645caebd7622ad51ee909604c&SITE_ID=ef5007f144ff0829676152564bc59aea&PLACEMENT_ID=ef5007f144ff0829676152564bc59aea&SOURCE_ID=da6bd9f645caebd7622ad51ee909604c%3Aef5007f144ff0829676152564bc59aea%3Aef5007f144ff0829676152564bc59aea&KEYWORD=Streaming%2CSport

Requested by

Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

288f8c30b5e7269bf91485bbf2cf043d4cfe016f00787e948d58f04a557fef2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Host: www.bestbeautycare.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: bemob-uniq-visit:e9530a70-0f02-4ed5-a680-99e176c9e9d0=1; Domain=www.bestbeautycare.xyz; Path=/; Expires=Fri, 30 Apr 2021 07:23:15 GMT; HttpOnly; Secure; SameSite=None bemob-click-id=R79LxBt8hWx6XJu1FdnPBX; Domain=www.bestbeautycare.xyz; Path=/; Expires=Fri, 30 Apr 2021 07:23:15 GMT; HttpOnly; Secure; SameSite=None
ETag: W/"104-Grde+ILrnxPV8k4OiXimcYwrCCo"
X-Response-Time: 5.219ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubDomains
Content-Encoding: gzip

Redirect headers

Server: openresty/1.15.8.3
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Length: 0
Connection: close
Location: https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993894-4-2418-996119-7af36b55-4ead-4722-88c3-fd94d49a331b&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=da6bd9f645caebd7622ad51ee909604c&SITE_ID=ef5007f144ff0829676152564bc59aea&PLACEMENT_ID=ef5007f144ff0829676152564bc59aea&SOURCE_ID=da6bd9f645caebd7622ad51ee909604c%3Aef5007f144ff0829676152564bc59aea%3Aef5007f144ff0829676152564bc59aea&KEYWORD=Streaming%2CSport

GET
H/1.1

200
OK

Cookie set e9530a70-0f02-4ed5-a680-99e176c9e9d0 Show response
www.bestbeautycare.xyz/go/ Frame 9164
Redirect Chain

http://rtb.froggyads.com/postback/click?key=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&token=5878c9b3552f414a5b2f56b5d648d356&timezone=-120
https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619...

260 B
983 B

294ms
101ms

Document
text/html

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=f775ec92b8944ea368a62c5554728feb&SITE_ID=bc2dc1d53cca8b7092dfe93e81e34498&PLACEMENT_ID=bc2dc1d53cca8b7092dfe93e81e34498&SOURCE_ID=f775ec92b8944ea368a62c5554728feb%3Abc2dc1d53cca8b7092dfe93e81e34498%3Abc2dc1d53cca8b7092dfe93e81e34498&KEYWORD=Streaming%2CSport

Requested by

Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

288f8c30b5e7269bf91485bbf2cf043d4cfe016f00787e948d58f04a557fef2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Host: www.bestbeautycare.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: bemob-uniq-visit:e9530a70-0f02-4ed5-a680-99e176c9e9d0=1; Domain=www.bestbeautycare.xyz; Path=/; Expires=Fri, 30 Apr 2021 07:23:15 GMT; HttpOnly; Secure; SameSite=None bemob-click-id=R7GH3yDXNmzHXDQG5XJQJd; Domain=www.bestbeautycare.xyz; Path=/; Expires=Fri, 30 Apr 2021 07:23:15 GMT; HttpOnly; Secure; SameSite=None
ETag: W/"104-Grde+ILrnxPV8k4OiXimcYwrCCo"
X-Response-Time: 5.177ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubDomains
Content-Encoding: gzip

Redirect headers

Server: openresty/1.15.8.3
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Length: 0
Connection: close
Location: https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993915-4-2418-996119-e18b0794-3d50-4fa0-92cb-ab7b9f69059c&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=f775ec92b8944ea368a62c5554728feb&SITE_ID=bc2dc1d53cca8b7092dfe93e81e34498&PLACEMENT_ID=bc2dc1d53cca8b7092dfe93e81e34498&SOURCE_ID=f775ec92b8944ea368a62c5554728feb%3Abc2dc1d53cca8b7092dfe93e81e34498%3Abc2dc1d53cca8b7092dfe93e81e34498&KEYWORD=Streaming%2CSport

GET
H/1.1

200
OK

Cookie set e9530a70-0f02-4ed5-a680-99e176c9e9d0 Show response
www.bestbeautycare.xyz/go/ Frame D1EE
Redirect Chain

http://rtb.froggyads.com/postback/click?key=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&token=fc9fe513d238481acc56252b2ad6cc3d&timezone=-120
https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619...

260 B
983 B

294ms
103ms

Document
text/html

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=0ad2ae344d0eaf8f30ecabbfd944ca2b&SITE_ID=5d8cebb6ca81c838dab877b7bd768af8&PLACEMENT_ID=5d8cebb6ca81c838dab877b7bd768af8&SOURCE_ID=0ad2ae344d0eaf8f30ecabbfd944ca2b%3A5d8cebb6ca81c838dab877b7bd768af8%3A5d8cebb6ca81c838dab877b7bd768af8&KEYWORD=Streaming%2CSport

Requested by

Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

288f8c30b5e7269bf91485bbf2cf043d4cfe016f00787e948d58f04a557fef2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Host: www.bestbeautycare.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: bemob-uniq-visit:e9530a70-0f02-4ed5-a680-99e176c9e9d0=1; Domain=www.bestbeautycare.xyz; Path=/; Expires=Fri, 30 Apr 2021 07:23:15 GMT; HttpOnly; Secure; SameSite=None bemob-click-id=R7JWJFrq2FcCmgdommnhEh; Domain=www.bestbeautycare.xyz; Path=/; Expires=Fri, 30 Apr 2021 07:23:15 GMT; HttpOnly; Secure; SameSite=None
ETag: W/"104-Grde+ILrnxPV8k4OiXimcYwrCCo"
X-Response-Time: 6.861ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubDomains
Content-Encoding: gzip

Redirect headers

Server: openresty/1.15.8.3
Date: Thu, 29 Apr 2021 07:23:14 GMT
Content-Length: 0
Connection: close
Location: https://www.bestbeautycare.xyz/go/e9530a70-0f02-4ed5-a680-99e176c9e9d0?BID_PRICE=0.3&CLICK_ID=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&DOMAIN=DOMAIN&IMPRESSION_ID=v2-1619680993899-4-2418-996119-075e28d8-76ce-4f20-9fad-37a1a04296e4&USER_ID=desktop%3A3ae04c416beba248c29b1a03e810f204&CAMPAIGN_ID=2090982&CREATIVE_ID=2093704&PUBLISHER_ID=0ad2ae344d0eaf8f30ecabbfd944ca2b&SITE_ID=5d8cebb6ca81c838dab877b7bd768af8&PLACEMENT_ID=5d8cebb6ca81c838dab877b7bd768af8&SOURCE_ID=0ad2ae344d0eaf8f30ecabbfd944ca2b%3A5d8cebb6ca81c838dab877b7bd768af8%3A5d8cebb6ca81c838dab877b7bd768af8&KEYWORD=Streaming%2CSport

GET
H/1.1 200
OK / Show response
www.sterlingbestskincare.xyz/ Frame 6657 193 B
594 B 339ms
111ms Document
text/html 2600:1f18:43d1:2a04:ee05:261e:d408:7ba1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sterlingbestskincare.xyz/?redirectUrl=https%3A%2F%2Ftracking.affid21221il.com%2Faff_c%3Foffer_id%3D6718%26aff_id%3D8011

Requested by

Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

2d73b52fe44577f83a4cb0b40520bf7ab2b7b12294c4a01bdf3e568811dcefa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Host: www.sterlingbestskincare.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"c1-H3PL/0ZoaUihRWBgTXWXWUCuGJg"
X-Response-Time: 4.333ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubDomains
Content-Encoding: gzip

GET
H/1.1 200
OK / Show response
www.sterlingbestskincare.xyz/ Frame 9164 193 B
594 B 313ms
112ms Document
text/html 2600:1f18:43d1:2a04:ee05:261e:d408:7ba1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sterlingbestskincare.xyz/?redirectUrl=https%3A%2F%2Ftracking.affid21221il.com%2Faff_c%3Foffer_id%3D6718%26aff_id%3D8011

Requested by

Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

2d73b52fe44577f83a4cb0b40520bf7ab2b7b12294c4a01bdf3e568811dcefa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Host: www.sterlingbestskincare.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"c1-H3PL/0ZoaUihRWBgTXWXWUCuGJg"
X-Response-Time: 4.096ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubDomains
Content-Encoding: gzip

GET
H/1.1 200
OK / Show response
www.sterlingbestskincare.xyz/ Frame D1EE 193 B
594 B 304ms
112ms Document
text/html 2600:1f18:43d1:2a04:ee05:261e:d408:7ba1
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sterlingbestskincare.xyz/?redirectUrl=https%3A%2F%2Ftracking.affid21221il.com%2Faff_c%3Foffer_id%3D6718%26aff_id%3D8011

Requested by

Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:43d1:2a04:ee05:261e:d408:7ba1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

nginx /

Resource Hash

2d73b52fe44577f83a4cb0b40520bf7ab2b7b12294c4a01bdf3e568811dcefa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Host: www.sterlingbestskincare.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"c1-H3PL/0ZoaUihRWBgTXWXWUCuGJg"
X-Response-Time: 4.290ms
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=0; includeSubDomains
Content-Encoding: gzip

GET
H2 200 lang.js Show response
free3dgame.xyz/BC/Erotic_games_v2/files/ Frame AC31 39 KB
10 KB 185ms
184ms Script
application/javascript 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/lang.js

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

71c8885a8a59ba26afa5b32e610a43cdaee1a88cf0eecf064a66d76db13a6bbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:15 GMT
content-encoding: gzip
last-modified: Thu, 11 Mar 2021 18:45:49 GMT
server: nginx
etag: W/"604a655d-9d0a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Thu, 29 Apr 2021 19:23:15 GMT

GET
H2 200 main.css
free3dgame.xyz/BC/Erotic_games_v2/files/ Frame AC31 20 KB
5 KB 180ms
180ms Stylesheet
text/css 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/main.css

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

c30e8e573b911520fa347bf04d19a43c064a952a5a4500791514b5dbfc170a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:15 GMT
content-encoding: gzip
last-modified: Thu, 11 Mar 2021 18:45:50 GMT
server: nginx
etag: W/"604a655e-4ec6"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Thu, 29 Apr 2021 19:23:15 GMT

GET
H2 200 jquery.js Show response
free3dgame.xyz/BC/Erotic_games_v2/files/ Frame AC31 90 KB
36 KB 341ms
340ms Script
application/javascript 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/jquery.js

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

8c574e0a06396dfa7064b8b460e0e4a8d5d0748c4aa66eb2e4efdfcb46da4b31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:15 GMT
content-encoding: gzip
last-modified: Thu, 11 Mar 2021 18:45:48 GMT
server: nginx
etag: W/"604a655c-1698b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
strict-transport-security: max-age=31536000
expires: Thu, 29 Apr 2021 19:23:15 GMT

GET
H2 200 mute.png
free3dgame.xyz/BC/Erotic_games_v2/files/ Frame AC31 4 KB
4 KB 304ms
304ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/mute.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

718bb6618f7a9a005a73d1a227f78ef5d11bb87b46d53eaa881ef715502c6a20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:15 GMT
last-modified: Thu, 11 Mar 2021 18:45:51 GMT
server: nginx
etag: "604a655f-102f"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4143
expires: Sat, 29 May 2021 07:23:15 GMT

GET
H2 200 no-mute.png
free3dgame.xyz/BC/Erotic_games_v2/files/ Frame AC31 15 KB
16 KB 182ms
182ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/no-mute.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

d7393ed3b4b27a79b14917919acbfabd6e518294728ddfa8a0e60278a3e886ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:45:52 GMT
server: nginx
etag: "604a6560-3da9"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 15785
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2

200

/ Show response
the-btc-supersplit.financialmarketsworld.com/ Frame 6657
Redirect Chain

https://tracking.affid21221il.com/aff_c?offer_id=6718&aff_id=8011
https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

39 KB
8 KB

89ms
59ms

Document
text/html

2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2a5522aa6db1905f0279dbb1b4c2a8a1eec6ebe3b05edfce42b778cc50c9a76

Request headers

:method: GET
:authority: the-btc-supersplit.financialmarketsworld.com
:scheme: https
:path: /?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sterlingbestskincare.xyz/?redirectUrl=https%3A%2F%2Ftracking.affid21221il.com%2Faff_c%3Foffer_id%3D6718%26aff_id%3D8011

Response headers

date: Thu, 29 Apr 2021 07:23:15 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dfdfcd36fb99ba6c5f1e074373bc37c161619680995; expires=Sat, 29-May-21 07:23:15 GMT; path=/; domain=.financialmarketsworld.com; HttpOnly; SameSite=Lax; Secure SERVERID=5; path=/
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
cache-control: private
cf-cache-status: DYNAMIC
cf-request-id: 09be1bc25d00004e1aa1bbf000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qbC6%2FgMQR6dx5fIQ3vYPNq95RTEne7anYB%2FBfRjk5ld6gM1%2Fp2itDPM%2FwRjdswu6CAXNPsBfRpHowQAZ1CfJgzhRFx7JkUz4Nx1ZjIo4gO3%2F5tFK5IwkHmQLU%2BM%2BKirraCUlgcgWeWmNArjcskLuOwF2yRxxdGgMxg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6476c8b09b1d4e1a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 344
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_6718=ENC0331780fbbca1969f674d8c8a77eec3e1483886ffdffbbdc6785ed2071efad28a399315b2c972fbb9902a2817eede91770d9edb62e06ebdb290dbed8548319d2ce89cc066644926704dd832879ad46db15c4c94b5185a8df6ddce29f857716f28c85e1449b1003bb0f2514b35f9888899a7060382fa3c0d49acd579c3ece90e64f2ff6aaee; expires=Tue, 29 Jun 2021 07:23:15 GMT; path=/; SameSite=None; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI4OS4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImFjY2VwdF9sYW5ndWFnZSI6ImVuLVVTIiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9; expires=Sat, 23 Mar 2024 18:03:15 GMT; path=/; SameSite=None; Secure
Tracking_id: 102b8cc0ffdbed26f733d0831f93f9
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: 0daacb9b7ef7e0aa524dfe6425796395
Access-Control-Allow-Headers: Tune-SDK-Version

GET
H2

200

/ Show response
the-btc-supersplit.financialmarketsworld.com/ Frame D1EE
Redirect Chain

https://tracking.affid21221il.com/aff_c?offer_id=6718&aff_id=8011
https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

39 KB
8 KB

58ms
58ms

Document
text/html

2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2a5522aa6db1905f0279dbb1b4c2a8a1eec6ebe3b05edfce42b778cc50c9a76

Request headers

:method: GET
:authority: the-btc-supersplit.financialmarketsworld.com
:scheme: https
:path: /?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sterlingbestskincare.xyz/?redirectUrl=https%3A%2F%2Ftracking.affid21221il.com%2Faff_c%3Foffer_id%3D6718%26aff_id%3D8011

Response headers

date: Thu, 29 Apr 2021 07:23:15 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dfdfcd36fb99ba6c5f1e074373bc37c161619680995; expires=Sat, 29-May-21 07:23:15 GMT; path=/; domain=.financialmarketsworld.com; HttpOnly; SameSite=Lax; Secure SERVERID=7; path=/
last-modified: Thu, 25 Mar 2021 14:16:22 GMT
cache-control: private
cf-cache-status: DYNAMIC
cf-request-id: 09be1bc25f00004e1a8b273000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tCck%2FA39BmwdcMpaIeoRcmaZMF7TL0jUBPsliTVH4AhkYu7AoDIve4eAwGfVg9wNqPVHI1ni%2BihL3hlRvL3%2BuoLPn2eWgq5XJgw2tb2ThnsZlaZWPVuLg%2BjuhKRbroWmTjHPDaMItx2vyy14%2Bh%2BngkT3F9tBTiCNgg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6476c8b09b214e1a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 344
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_6718=ENC03234716b6fbecd439261601f24dd4679dbcf4c069075647fafe2ab6baea85534296e3939d062d5985264ff4484f483cbedf845ea5c5714bc08b9e3b9a61af1fcac860979d73049341c05cd9f9cf95976b4ed7bfdd776c469f3db8f88eae49945daccffdc3779e326518b18c8a5a78a7359373547e8698fce0768ab4a8b0b0942810facce8; expires=Tue, 29 Jun 2021 07:23:15 GMT; path=/; SameSite=None; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI4OS4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImFjY2VwdF9sYW5ndWFnZSI6ImVuLVVTIiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9; expires=Sat, 23 Mar 2024 18:03:15 GMT; path=/; SameSite=None; Secure
Tracking_id: 102b8cc0ffdbed26f733d0831f93f9
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: e6dfdb668453864a8b7bfc39f19eb4e4
Access-Control-Allow-Headers: Tune-SDK-Version

GET
H2

200

/ Show response
the-btc-supersplit.financialmarketsworld.com/ Frame 9164
Redirect Chain

https://tracking.affid21221il.com/aff_c?offer_id=6718&aff_id=8011
https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

39 KB
8 KB

62ms
62ms

Document
text/html

2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Requested by: Host: dailydeports.pw
URL: http://dailydeports.pw/hidden.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2a5522aa6db1905f0279dbb1b4c2a8a1eec6ebe3b05edfce42b778cc50c9a76

Request headers

:method: GET
:authority: the-btc-supersplit.financialmarketsworld.com
:scheme: https
:path: /?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sterlingbestskincare.xyz/?redirectUrl=https%3A%2F%2Ftracking.affid21221il.com%2Faff_c%3Foffer_id%3D6718%26aff_id%3D8011

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dfdfcd36fb99ba6c5f1e074373bc37c161619680995; expires=Sat, 29-May-21 07:23:15 GMT; path=/; domain=.financialmarketsworld.com; HttpOnly; SameSite=Lax; Secure SERVERID=6; path=/
last-modified: Thu, 25 Mar 2021 14:16:19 GMT
cache-control: private
cf-cache-status: DYNAMIC
cf-request-id: 09be1bc27200004e1a9a061000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5A9OG%2FL8wCf9OZrZ9%2FqBpmziEmiWd0tYatWYgglODmhVfLhd41rGw9YCDMUhcnulcuVaZmP7mrCrrFP81Z8bY2NVH8kG4F3fJ2f6rXjVZpRyjbHj%2FxjsRfdiFExSsZXjSSgUeKjuuzyFXWtUM7K%2Fs3H0CJswT0VSgQ%3D%3D"}],"max_age":604800,"group":"cf-nel"}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6476c8b0bb5a4e1a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Server: nginx
Date: Thu, 29 Apr 2021 07:23:15 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 344
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_6718=ENC0338ef8395be17d68ed3f8f558e5f4c8e18218b956a435d03ae3180998c2cc6b4c145a58512231f9f2ea7cf58f12d9e408aee6aa0dd92bb28d482f411f7391b8ca8e90fe38ff6d83c45f144fa7ef9e36132f3aa8e1e3a0babec9e0d3002cbe445523b8dd0953f9b2cec0752e881ef293eaefca1112ee501a7975c61038f4dd749b11e5ea0a; expires=Tue, 29 Jun 2021 07:23:15 GMT; path=/; SameSite=None; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI4OS4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImFjY2VwdF9sYW5ndWFnZSI6ImVuLVVTIiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9; expires=Sat, 23 Mar 2024 18:03:15 GMT; path=/; SameSite=None; Secure
Tracking_id: 102b8cc0ffdbed26f733d0831f93f9
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: 8615889c066ec2cacd6967309e2da90c
Access-Control-Allow-Headers: Tune-SDK-Version

GET
H3-29 200 css
fonts.googleapis.com/ Frame AC31 10 KB
772 B 35ms
20ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/files/main.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

586341b2e23993a5c8d45db157b5e2d287121303d207cddf4139a0e06c3b866d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://free3dgame.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:14:22 GMT
server: ESF
date: Thu, 29 Apr 2021 07:23:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 07:23:15 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame AC31 137 KB
43 KB 24ms
22ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PVSSXTS

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d266da1930ccaa5ca8c657d56db25adba17036c0a616e601768d035d60aafea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44276
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 29 Apr 2021 07:23:16 GMT

GET
H3-29 200 normalize.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame 6657 8 KB
3 KB 72ms
61ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/normalize.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: W/"1e5c-5be5d0f4f9dc2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=G5xXw76WiCyI6R6zeiUHh6OGs%2B%2FT9GPw5bmk6nY5QGe7rEM2K3NJWdAVoJcUm%2FM7inhBUTAvkBLD36bG06goz2nb6rpDRWv%2BEnKRKiUwucfxqpssyuYL2aJnk2tFiNupgzvwa1cafgnlKDcR0Si9C5gdcDy%2FRhx5Gw%3D%3D"}]}
content-type: text/css
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b11c934a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2b200004a616707e000000001

GET
H3-29 200 components.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame 6657 38 KB
10 KB 96ms
88ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/components.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7deeee24b8c80bcca6c1c3ba09aaf3811aa99f88028732f2fce9e31e83a435f6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:19 GMT
server: cloudflare
etag: W/"988f-5be5d0f303009"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5dIlkTgLZOVQQIsNSsdVgANvCQiqRXZGQGpCtN4z7BIcb%2FfeDpRTGCWpokXSgpJxYf1p2bEPJN1qW%2FfF9c4yBUNwGtuoZdMmWmLqjMsuA84WFn0UHH2PiSMuhgh%2BiWs6tSfjHiYngaHQSnvn3AgcJ0hEdVBe5A92OQ%3D%3D"}]}
content-type: text/css
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b11c944a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2b200004a610f248000000001

GET
H3-29 200 bitcoin-white4.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame 6657 31 KB
5 KB 80ms
73ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9663ee1fb3b65f231a214f5db12a0220adf23d6a67ad4337f94f2711f17fc3d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:22 GMT
server: cloudflare
etag: W/"7b58-5be5d0f60be71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OzY83aFaqcoIeA4YaU0AgM2%2FR5KK%2FtNmaUPBsgGocM0RP1Xv1eFhO5EHSrYwRlCULjnc8K13xTbRP7aM3pUrVZEE1NSbkGmhSDPiAvWxVqifISmnqHlb5SxVOgQXkFSvPspD8XHKGZ3zHM5%2B0nPYzXFU3kpd5kscvw%3D%3D"}]}
content-type: text/css
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b11c954a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2b200004a6141a0f000000001

GET poster_index.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 6657 0
0

GET
H3-29 200 normalize.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame D1EE 8 KB
3 KB 72ms
67ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/normalize.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: W/"1e5c-5be5d0f51aaa6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jHQUwTaUfHXmfnVVAxRQvvGzo2mAWAcBJ%2F3aqzlQpSAt37a0WaMNYBbGJukEz8pWkZ0l7Pcs%2F2AojukWOHev8Jv1oBPuD3Zr8i0wHcyuyWDs9jrxvgbo8srRxIauxaeCeIuafZc8AYWrqjdhdPQZXsBOfkR4dbsSoQ%3D%3D"}]}
content-type: text/css
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b11c964a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2b300004a612e38f000000001

GET
H3-29 200 components.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame D1EE 38 KB
10 KB 71ms
66ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/components.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7deeee24b8c80bcca6c1c3ba09aaf3811aa99f88028732f2fce9e31e83a435f6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: W/"988f-5be5d0f4f9dc2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xlvEhVgfvc72Q5f%2FvieA0loQJZ4NwW7Mc%2Fl5PNw5JFhryOVbFxfhQ30XYLxLNa0zmvyA6ag60DZsPBhKrhsKDFXkBRiEbbUvVKD%2FNvggkSbIN66qlGqbtjUTne0h2l08Wi1aTp6jSPmv2OqfVBMF7HhcIFNvPxnXIg%3D%3D"}]}
content-type: text/css
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b11c974a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2b300004a6182080000000001

GET
H3-29 200 bitcoin-white4.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame D1EE 31 KB
5 KB 144ms
139ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9663ee1fb3b65f231a214f5db12a0220adf23d6a67ad4337f94f2711f17fc3d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:19 GMT
server: cloudflare
etag: W/"7b58-5be5d0f303009"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Im3BM0XddytKR0h6XiZsOakGjwdkc1j8Twp%2F3flsxOLUyC8BX9nj57AX73Hje0gYxkaxij1p4nV9x2UHzGmmQIk8yqrnTdXzdBCHoP14MtftMxBPTW%2BiVQB5DCbClDJDpPsqp2JsNPmWKaeHLM9XzzsSJwfV3cIAYQ%3D%3D"}]}
content-type: text/css
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b11c984a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2b300004a61399ca000000001

GET poster_index.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame D1EE 0
0

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ Frame 6657 87 KB
31 KB 567ms
435ms Script
application/javascript 13.224.118.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=5f904b43e6f4b9da348ac3a7
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.118.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-118-224.mad50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Origin: null
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: gzip
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
x-amz-cf-pop: MAD50-C1
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=84600, must-revalidate
x-cache: Hit from cloudfront
x-amz-cf-id: 3EoEoNEaDk_r4bFP6rsvrWModN62_4JXlzdxn_NlJCaZ3pj0qOxOPQ==
via: 1.1 06bb36c6f8415e5c64e03df316bffb5b.cloudfront.net (CloudFront)

GET
H3-29 200 bitcoin-white4.js Show response
the-btc-supersplit.financialmarketsworld.com/js/ Frame 6657 44 KB
15 KB 89ms
88ms Script
application/javascript 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/js/bitcoin-white4.js
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67e085d7126563c044594122b86487953e077441c1671dc80cfbb8c40e0a06e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: W/"af5a-5be5d0f4fa1aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=thuDXlN8bmP9xM2u7IGBHwMx%2FyFt4viLmSPO81BpDOgfolHTmbd4%2Bnh0QU7CZZ0lc4%2Ff28heu7s3%2BAuIKcI%2F9vJHoUOp9xsxM8i05MskELyeVDhQJsjVcB3tQmgVl1kXJkxpKhiH1HlFUIBBS1ZY6myigS48hXqMDQ%3D%3D"}]}
content-type: application/javascript
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b1bdaa4a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc31800004a616e391000000001

GET
H2 200 flag-icon.min.css
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/ Frame 6657 33 KB
2 KB 26ms
25ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/flag-icon.min.css

Requested by

Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

623702bd791d4553ae7226c2f48e26052e359573eb59fa98d819e9b248593e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2234603
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1466
cf-request-id: 09be1bc31a0000bed86a8fd000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:05 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5d-841a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SIZL6ZJuiamFpDXpCKCVENiL%2BfyDg5X51NyHCq%2FH%2Frrd6Ix68ftMA3EMGyhY5J6dLduK53RLiMoDFEFDpsTzoDLY%2B11vy8SjOVE9Q8xVkxK8ujE0nFPOYxbjnL9kFG1qPQ%3D%3D"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6476c8b1cad8bed8-FRA
expires: Tue, 19 Apr 2022 07:23:16 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ Frame 6657 13 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:05:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1088
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Apr 2022 07:05:08 GMT

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ Frame D1EE 87 KB
31 KB 550ms
408ms Script
application/javascript 13.224.118.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=5f904b43e6f4b9da348ac3a7
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.118.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-118-224.mad50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Origin: null
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-encoding: gzip
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
x-amz-cf-pop: MAD50-C1
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=84600, must-revalidate
x-cache: Miss from cloudfront
x-amz-cf-id: KwS9RBJQ_Nh4W9ZhfnjH2Wv1kEnW9MDXKS17U4b5HoHGNz52UUDoXQ==
via: 1.1 06bb36c6f8415e5c64e03df316bffb5b.cloudfront.net (CloudFront)

GET
H3-29 200 bitcoin-white4.js Show response
the-btc-supersplit.financialmarketsworld.com/js/ Frame D1EE 44 KB
15 KB 34ms
30ms Script
application/javascript 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/js/bitcoin-white4.js
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67e085d7126563c044594122b86487953e077441c1671dc80cfbb8c40e0a06e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: W/"af5a-5be5d0f4fa1aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DkORVprHPy4%2Fe8h%2BacXe1br9791Zc%2BbbfoqbAsPjhEVKIOo6L5ACglT%2F1VRWe%2Bn8ngpJBbRQFGumUYhYjYwYpYANiDVq8Veahf2K35JomTpJdA3Su268%2Bvb0UqYx31BQ3z8v7YXtSChnaY7fRUpZmQAZYrbpGeHrPg%3D%3D"}]}
content-type: application/javascript
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b2bfd54a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc3af00004a616e39b000000001

GET
H3-29 200 flag-icon.min.css
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/ Frame D1EE 33 KB
2 KB 35ms
16ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/flag-icon.min.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

623702bd791d4553ae7226c2f48e26052e359573eb59fa98d819e9b248593e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2234603
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1466
cf-request-id: 09be1bc3cc00009704f5057000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:05 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5d-841a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yLvjJU4T23oQInInIBdDauLBo%2BtK12jyhcIXJbfAqWvTwIJtIgPt3muY%2Bn0pTAMBir7qblSXLmpdc%2FLOsLZNqQQN4LmAfScpjLTleOqWmbZUpr%2F8YiRL7ICkT0rwr1wbLg%3D%3D"}],"max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6476c8b2d95c9704-FRA
expires: Tue, 19 Apr 2022 07:23:16 GMT

GET
H3-29 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ Frame D1EE 13 KB
5 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:05:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1088
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Apr 2022 07:05:08 GMT

GET
H3-29 200 normalize.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame 9164 8 KB
3 KB 62ms
61ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/normalize.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:22 GMT
server: cloudflare
etag: W/"1e5c-5be5d0f60be71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WSIOvJqo%2FdL%2BCXdIuqRE5DP3mlBWUd5PRAOMneAyddLLSzC4lWIXrzK0iYrjmoOkK8q52Dl4t6BCP7QK8n%2FZtr0OmRrwBFL9GNOLfHMJ5gl0yD9B3DJjIXzAZG7ro3g9dPz0ZZn%2FPIRq7VHf%2FwqFI%2BmqGCJoDaafsQ%3D%3D"}]}
content-type: text/css
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b13cc54a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2c500004a612896c000000001

GET
H3-29 200 components.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame 9164 38 KB
10 KB 62ms
61ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/components.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7deeee24b8c80bcca6c1c3ba09aaf3811aa99f88028732f2fce9e31e83a435f6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: W/"988f-5be5d0f4f9dc2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bTXRazahRDxHe8YCqwnJ3cHXJC0xwV19g2XJd7IydKvveklxXJ4OGUXuKIBADv75dAEp%2FNR8l6mmFLeiscoQmafZw%2BGUh7T4SNrUk1a2flIpM0G9JZ%2Bpgyn9CtUUFDafVsVgKZAel7Q6DbTtnP3xxROkwm%2F77mauLQ%3D%3D"}]}
content-type: text/css
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b13cc64a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2c600004a6147164000000001

GET
H3-29 200 bitcoin-white4.css
the-btc-supersplit.financialmarketsworld.com/css/ Frame 9164 31 KB
5 KB 259ms
258ms Stylesheet
text/css 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9663ee1fb3b65f231a214f5db12a0220adf23d6a67ad4337f94f2711f17fc3d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:22 GMT
server: cloudflare
etag: W/"7b58-5be5d0f60be71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=27sleBfPb7G7%2Bo0BtukED%2Bmg3DMI5NcvsF0Avi4n9uaMk%2FdbOXTpvVeu6qKpgkYp9A7Yx%2BEoI94XGrk3bE9PaoeRyqV3ExAWWDH3VxYzPlaa090yzT346PhH8%2F1MMVPobdfhhbNDdAvyrS4WWphfxiCY8iaY5KuMVg%3D%3D"}]}
content-type: text/css
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b13cc74a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc2c600004a61730f6000000001

GET poster_index.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 9164 0
0

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ Frame 9164 87 KB
31 KB 660ms
534ms Script
application/javascript 13.224.118.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=5f904b43e6f4b9da348ac3a7
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.118.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-118-224.mad50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Origin: null
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: gzip
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
x-amz-cf-pop: MAD50-C1
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=84600, must-revalidate
x-cache: Hit from cloudfront
x-amz-cf-id: q1UvXaolqrr3FHSPcOSs_8Jh1-kQe3Y2S_FZsTtk1kPtfGei4zzPOA==
via: 1.1 06bb36c6f8415e5c64e03df316bffb5b.cloudfront.net (CloudFront)

GET
H3-29 200 bitcoin-white4.js Show response
the-btc-supersplit.financialmarketsworld.com/js/ Frame 9164 44 KB
15 KB 106ms
101ms Script
application/javascript 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://the-btc-supersplit.financialmarketsworld.com/js/bitcoin-white4.js
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67e085d7126563c044594122b86487953e077441c1671dc80cfbb8c40e0a06e2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: W/"af5a-5be5d0f4fa1aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=n0Z4OgI1FGZdv1NYmGWw5dj2LSMbrSaCXN4L1hWY32O7NX2Xad9XENkIE1B9XhwJL5qs831sdNzX8WONSW5z2PYJRdimPylwYNLmBRQj1RpXb9AdpwTCGb3HkyEyF3lNcujNhqVa6W9gLuStQv9zEtDUhTsNjJGCaQ%3D%3D"}]}
content-type: application/javascript
cache-control: private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6476c8b379644a61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc42600004a6112ab3000000001

GET
H3-29 200 flag-icon.min.css
cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/ Frame 9164 33 KB
2 KB 26ms
24ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/3.4.6/css/flag-icon.min.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

623702bd791d4553ae7226c2f48e26052e359573eb59fa98d819e9b248593e7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2234603
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1466
cf-request-id: 09be1bc43400009704ae157000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:05 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5d-841a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Wik%2FbOqeLhLaX35Mwnrx%2FgGEDLoD4pH6a1sGUdsQZWBi6RFAIKG0LZ0gIdqTBsM3W1szey13TkSsRaSHJ%2BPch%2Bd8uArmddlmQ7gnwELtSIvJVoIQ97X1ALEiOG9F%2FZo2tw%3D%3D"}],"max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6476c8b3898c9704-FRA
expires: Tue, 19 Apr 2022 07:23:16 GMT

GET
H3-29 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ Frame 9164 13 KB
5 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:05:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1088
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Apr 2022 07:05:08 GMT

GET
H2 200 gender.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 36 KB
36 KB 184ms
182ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/gender.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

2ae751169bc521812543cd09a37585c17a8a838c812a77b622e427489695f0de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:49:04 GMT
server: nginx
etag: "604a6620-8f1c"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 36636
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 male.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 7 KB
7 KB 195ms
193ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/male.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

c25c043561e65a24241a985a1fcd4c3bfcc8d8fc5c83725931e4e85cd482bc40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:49:04 GMT
server: nginx
etag: "604a6620-1b60"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7008
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 female.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 8 KB
8 KB 196ms
195ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/female.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

ee7e1e23847601965a23bd3679a144a968a6c9713aa0741675b3c9abb3d0e5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:49:01 GMT
server: nginx
etag: "604a661d-1f2b"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7979
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 character.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 37 KB
37 KB 327ms
325ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/character.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

a97c066cc56655679373cae95f0b9ac4dff92269d6addc009626e3b34c7fdc3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:49:00 GMT
server: nginx
etag: "604a661c-93a4"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 37796
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 female1.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 8 KB
8 KB 328ms
327ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/female1.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

b3aa424c73c7fa2118edd6e0a7bfae1add0be09c74be76fbb8da65acd2442e7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:49:01 GMT
server: nginx
etag: "604a661d-1fff"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 8191
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 female2.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 7 KB
8 KB 328ms
328ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/female2.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

af5c31f830557e21037618fe8b4819107896d7bba427100709ff24cbcc2e348f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:49:02 GMT
server: nginx
etag: "604a661e-1dbd"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 7613
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 confirm_age.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 35 KB
35 KB 328ms
327ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/confirm_age.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

23e0e2429a8069d441134b89295f54505096818eecd5942e3d1625c14fd00c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:49:00 GMT
server: nginx
etag: "604a661c-8ccf"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 36047
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 age.png
free3dgame.xyz/BC/Erotic_games_v2/files/en/ Frame AC31 19 KB
19 KB 328ms
327ms Image
image/png 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/en/age.png

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

1d7b96eae49baab00cc107bdda099e85d8e51c39d58d55c01617a97f384efe46

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:48:58 GMT
server: nginx
etag: "604a661a-4c05"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 19461
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 200 bg-1-mobile.jpg
free3dgame.xyz/BC/Erotic_games_v2/files/ Frame AC31 442 KB
442 KB 320ms
320ms Image
image/jpeg 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/bg-1-mobile.jpg

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/files/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

a742be77dc39541f6a90844e1504a85324916fce7a34c22a57963f621c8b4673

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://free3dgame.xyz/BC/Erotic_games_v2/files/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:45:34 GMT
server: nginx
etag: "604a654e-6e6f8"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 452344
expires: Sat, 29 May 2021 07:23:16 GMT

GET
H2 206 intro.mp3
free3dgame.xyz/BC/Erotic_games_v2/files/ Frame AC31 562 KB
563 KB 295ms
279ms Media
audio/mpeg 128.199.9.173
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://free3dgame.xyz/BC/Erotic_games_v2/files/intro.mp3

Requested by

Host: free3dgame.xyz
URL: https://free3dgame.xyz/BC/Erotic_games_v2/?clickid=2eb61bz4pktbgi41c2&country=CH&m1=Chrome&voluum_id=951&tsource={campaign.name}&campaign=951

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

128.199.9.173 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e11f6066ad66768d9fada2e9a9b13338e99f62c5aae402baeef2d2994ba5a63a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
last-modified: Thu, 11 Mar 2021 18:45:47 GMT
server: nginx
etag: "604a655b-8c8a7"
strict-transport-security: max-age=31536000
content-type: audio/mpeg
Content-Range: bytes 0-575654/575655
Content-Length: 575655

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 6657 73 KB
29 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M7ZXHHP

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c42560e8fb69403206efd73ef655cf803a520ca63c21a040d38cd553100ec94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29591
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 29 Apr 2021 07:23:16 GMT

GET
H3-29 200 Main-Picture-4a.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 6657 99 KB
100 KB 80ms
79ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/Main-Picture-4a.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 811cdbcef216e6ed1c797403135bb37e17628d0a1df43df64c10014dab36da65

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 101188
cf-request-id: 09be1bc32400004a6184b1e000000001
last-modified: Thu, 25 Mar 2021 14:16:22 GMT
server: cloudflare
etag: "18b44-5be5d0f60a319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=q9HF6HtLuHaX3xgFIyFaG6Ai5dChWJa0N9%2Bqvv%2BquFWyqxX96eTgKQ9%2B11McUWjzWBxpWG8kPsSxN6gLNt13LfcXdyhEz88RULWeoT%2FjlvEaob2j%2Fn%2FcxKQQso1%2FEjO2pVprk1eMCNE%2FJSipLhArACPPIa2LxCqiMQ%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b1ddda4a61-FRA

GET
H3-29 200 Main-Picture-2b.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 6657 124 KB
125 KB 108ms
107ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/Main-Picture-2b.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2763de4b12b2ea6847cf3f70e7125184816cfe5fafee5c31477ffd9c7bf07bb8

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 126956
cf-request-id: 09be1bc32500004a6185a40000000001
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: "1efec-5be5d0f4fbd03"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9m9tLy5CV39eCaY9TWmZhZYXd89xJ7zkTrVKWYQteA%2BMww%2BIGWpEdhmbYWOu6e5edtMZoNt4HXrPUcFLRVbsSkahNSmQ3u5BxVHTKstI2xIJZCA2QXIu9EpA%2BJMAfsTlmSjpRUIA2KRnm4PX0ULaW1U1PVlj6fFwTA%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b1dddc4a61-FRA

GET
H3-29 200 play-button-inverse_1play-button-inverse.png
the-btc-supersplit.financialmarketsworld.com/images/ Frame 6657 3 KB
3 KB 61ms
61ms Image
image/png 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/play-button-inverse_1play-button-inverse.png
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc8054dc8b67414e2a9c3465c60eca6df59573fde73d1d9b472d4bd5ae3a363b

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2561
cf-request-id: 09be1bc32500004a61882dc000000001
last-modified: Thu, 25 Mar 2021 14:16:22 GMT
server: cloudflare
etag: "a01-5be5d0f60a701"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pG8W9afdCsuVlv1IRtotC3%2B7L58ZGDQAOy3Fbo%2B%2FaRSyOFBUMdtU1%2BCk3vU63bkwTGbFYipRqYD9xwtmQvC3HlIjnpldXu89SMLC8N%2BEPKCPSyXsZ8LMw4fc6Iha7m7vs4ODSWplUQg3uN%2FhNQDHp%2By4HiFLvrBeyA%3D%3D"}]}
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b1dddd4a61-FRA

GET Lato-Regular.ttf
the-btc-supersplit.financialmarketsworld.com/fonts/ Frame 6657 0
0

GET Lato-Semibold.ttf
the-btc-supersplit.financialmarketsworld.com/fonts/ Frame 6657 0
0

GET
H3-29 200 poster_index.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 6657 77 KB
78 KB 145ms
145ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/poster_index.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1bf258c8ff0278fc6d730346e56a228accc438d859868f23b7994a98c5dcf3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 79307
cf-request-id: 09be1bc32900004a6169a35000000001
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: "135cb-5be5d0f519eee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GgCfjqXgcbNE47%2FPnHEbiA2UOqgrV1aBsz0EK9Ewj00FrFquS5hCITS6gEZPMroVnc94FoSheXJ13wLm2uIAKDIZoqsBZ%2B1H0gt40MTOtjTyFk8rLFA8o5jdT%2BdywFY4UMTTLihpEpmxqYRhRnkcGvK%2F%2F6XQYrB54g%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b1dde54a61-FRA

GET
H2 206 video_EN.mp4
vid-algo.com/funnel_video/ Frame 6657 480 KB
0 128ms
85ms Media
video/mp4 2606:4700:3037::ac43:ae36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-algo.com/funnel_video/video_EN.mp4
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:ae36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 19 Jan 2021 11:18:00 GMT
server: cloudflare
etag: "6006bfe8-2b775b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QSmILFTDq02zCaphrLy21i8qo%2FzgEQHvlSuEEA9op4VMiQIK0RftTDMiMZCTBogyIsqQwdeH12F8A2Wk%2FucXI5TCrMBvbeegHc8y4zqVLUHaPhjFfMpu0FE%3D"}]}
content-type: video/mp4
Content-Range: bytes 0-45577655/45577656
cf-ray: 6476c8b2dde02b22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 45577656
cf-request-id: 09be1bc3cc00002b228a2da000000001

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame D1EE 73 KB
29 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M7ZXHHP

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f18bc8a397e17860aace152763820140c3b54f4c613abf1e2b993930a0698b87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29592
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 29 Apr 2021 07:23:16 GMT

GET
H2 206 video_EN.mp4
vid-algo.com/funnel_video/ Frame D1EE 480 KB
0 83ms
82ms Media
video/mp4 2606:4700:3037::ac43:ae36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-algo.com/funnel_video/video_EN.mp4
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:ae36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 19 Jan 2021 11:18:00 GMT
server: cloudflare
etag: "6006bfe8-2b775b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vBwkOpLXF4NqvX%2BEdPbTPu8KF36u0rqQTZr9WibKrJpZ%2B1fHvUzpYmbr0Wpnp6%2FhzrkzaLvjS0Hl448jTBLQHQv0oOyrBpJzOgcG6FnKkUYzgJbqBp7LawQ%3D"}]}
content-type: video/mp4
Content-Range: bytes 0-45577655/45577656
cf-ray: 6476c8b2fe022b22-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 45577656
cf-request-id: 09be1bc3d700002b22db043000000001

GET
H3-29 200 Main-Picture-4a.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame D1EE 99 KB
100 KB 90ms
87ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/Main-Picture-4a.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 811cdbcef216e6ed1c797403135bb37e17628d0a1df43df64c10014dab36da65

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 101188
cf-request-id: 09be1bc3db00004a611abb9000000001
last-modified: Thu, 25 Mar 2021 14:16:19 GMT
server: cloudflare
etag: "18b44-5be5d0f2fe1e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QMNiQxp%2BGX6dYJEtcpkBAcFUMXCKV6YYssYl5mmLuiF8sx63Du4EvAKRJErudYXE5QkO%2F16Ku8C3HBH0G2sl%2BHg79Lc70HPQ4qB%2FFyuZuS%2BJ8LSnrSf5SKP%2BeEhBUA1yO2kDLDU%2F1TNmTdOECSawW1xeRM1TMpY1Bg%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b2f8744a61-FRA

GET
H3-29 200 Main-Picture-2b.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame D1EE 124 KB
125 KB 38ms
35ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/Main-Picture-2b.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2763de4b12b2ea6847cf3f70e7125184816cfe5fafee5c31477ffd9c7bf07bb8

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 126956
cf-request-id: 09be1bc3dc00004a6185a50000000001
last-modified: Thu, 25 Mar 2021 14:16:19 GMT
server: cloudflare
etag: "1efec-5be5d0f2feda1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AYhmjrZkynhvfIC18Ep3Hav3EXXZzl75H4kNa8LdFF%2BuM9NptGXUz3FaJbnjsd8HtWVoOUY2bLlHGoB43wLzWU62y9viSqDPl1OdsjwNSQOHtYKOPtoPahHfginpjBGatMw7pUlT2dh2ivlTJ7z75zYdCLJnWSnQRg%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b2f8764a61-FRA

GET
H3-29 200 play-button-inverse_1play-button-inverse.png
the-btc-supersplit.financialmarketsworld.com/images/ Frame D1EE 3 KB
3 KB 60ms
57ms Image
image/png 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/play-button-inverse_1play-button-inverse.png
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc8054dc8b67414e2a9c3465c60eca6df59573fde73d1d9b472d4bd5ae3a363b

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2561
cf-request-id: 09be1bc3dd00004a6193364000000001
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: "a01-5be5d0f4fc0eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6RRBDx0AD%2BA3thttRZL2hEoyalz9R53INto9GKzPcIWutHJhBYu3wuayLLmJ65OZIp1ZUjIcsEmU5MtCPXbRELC3FanAWY2oiytMrbnTR8EMbG%2ByKrGwSRYHByvjPfJBBERxWet2GFTOwaN%2FfD7tIHyJsjvx%2BY8bYw%3D%3D"}]}
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b2f8784a61-FRA

GET Lato-Regular.ttf
the-btc-supersplit.financialmarketsworld.com/fonts/ Frame D1EE 0
0

GET Lato-Semibold.ttf
the-btc-supersplit.financialmarketsworld.com/fonts/ Frame D1EE 0
0

GET
H3-29 200 poster_index.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame D1EE 77 KB
78 KB 83ms
83ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/poster_index.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1bf258c8ff0278fc6d730346e56a228accc438d859868f23b7994a98c5dcf3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 79307
cf-request-id: 09be1bc3df00004a6184b32000000001
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: "135cb-5be5d0f519eee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fecBxMkmNJCZUzsFIddO%2B822sIhMIZnn7S%2BxTJlrkKkxKLrwSbsGBtpU5c%2BI4S4Q5JJbifOSLsfXV3isLULOqYbCgUXsqjpuZp6feZbOTzrHYqMSgr8aymv41GsdrfZ9lHXFWf6sMPEhrcrmh3dmOzCwbD1EBjN3nA%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b2f8844a61-FRA

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ Frame 9164 73 KB
29 KB 24ms
16ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M7ZXHHP

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f18bc8a397e17860aace152763820140c3b54f4c613abf1e2b993930a0698b87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29592
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 29 Apr 2021 07:23:16 GMT

GET
H3-29 206 video_EN.mp4
vid-algo.com/funnel_video/ Frame 9164 395 KB
0 132ms
110ms Media
video/mp4 2606:4700:3037::ac43:ae36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-algo.com/funnel_video/video_EN.mp4
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:ae36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 19 Jan 2021 11:18:00 GMT
server: cloudflare
etag: "6006bfe8-2b775b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"max_age":604800,"report_to":"cf-nel"}
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BM%2BNEEmgMLFurviuPkRPMmCSlhScBKMMclMC3CK6f9UT9M6CBWJ0Cwn4Bmwqqd7BqUKH0NsUN7ZNhNF3xJQvn1dE03XDgArA4C2SxHJ7QJUijsxkZGPBye0%3D"}],"max_age":604800}
content-type: video/mp4
Content-Range: bytes 0-45577655/45577656
cf-ray: 6476c8b3ab764a9e-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 45577656
cf-request-id: 09be1bc44c00004a9ef21f6000000001

GET
H3-29 200 Main-Picture-4a.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 9164 99 KB
100 KB 92ms
88ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/Main-Picture-4a.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 811cdbcef216e6ed1c797403135bb37e17628d0a1df43df64c10014dab36da65

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 101188
cf-request-id: 09be1bc44a00004a6173116000000001
last-modified: Thu, 25 Mar 2021 14:16:22 GMT
server: cloudflare
etag: "18b44-5be5d0f60a319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wTuMtbKh9VHvOdf7aIdbvEZFZGxTH53Px3%2BvCqEBteaE7aVtQm9GPMEbTjZOGyXDFY2WqPyw3YnckxYQ%2Bizs5Ps9b%2FguKCJ0DDTx3QCPJnAqJaKZHFdbcKsahO%2FXuS8lTKWWW3Y5A54mwPT6aXx6u70YohJUF5z9HA%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b3a9f14a61-FRA

GET
H3-29 200 Main-Picture-2b.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 9164 124 KB
125 KB 114ms
105ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/Main-Picture-2b.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2763de4b12b2ea6847cf3f70e7125184816cfe5fafee5c31477ffd9c7bf07bb8

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 126956
cf-request-id: 09be1bc45000004a6184b3b000000001
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: "1efec-5be5d0f518f4e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bNNqDAZvyfsnvNrU3XiIgP9s9ZpaJWBa8YsYSLMRqgFdbp7c0g71jEqc%2FMKOTmoRRzV2ONAHxQlF5WWcnC4CzQ06KZVJPiKuR8VcsJFcFAljN4rGC8tLRrtNvNFBXrlAtZFP2jGAHJAKRDe5ILhpvA3uRb2QImeHmA%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b3ba044a61-FRA

GET
H3-29 200 play-button-inverse_1play-button-inverse.png
the-btc-supersplit.financialmarketsworld.com/images/ Frame 9164 3 KB
3 KB 38ms
29ms Image
image/png 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/play-button-inverse_1play-button-inverse.png
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc8054dc8b67414e2a9c3465c60eca6df59573fde73d1d9b472d4bd5ae3a363b

Request headers

Referer: https://the-btc-supersplit.financialmarketsworld.com/css/bitcoin-white4.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2561
cf-request-id: 09be1bc45000004a611c87a000000001
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: "a01-5be5d0f4fc0eb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KJYzTsiLrUTDvIq4fMVGouqFM%2F7DETrZ4a89wtR7i5QlPcKrWQhFreb2PGZ3Y%2FDDFCLjt1v%2FZlNZ2RS1C573l6S7Qtz15%2F5TTzNQKtddJlRbDs9r4HBpjTCvt2gLyOaMzgC98id%2BnvlOxuuaLb5jIrMCsSESTz9Rog%3D%3D"}]}
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b3ba054a61-FRA

GET Lato-Regular.ttf
the-btc-supersplit.financialmarketsworld.com/fonts/ Frame 9164 0
0

GET Lato-Semibold.ttf
the-btc-supersplit.financialmarketsworld.com/fonts/ Frame 9164 0
0

GET
H3-29 200 poster_index.jpg
the-btc-supersplit.financialmarketsworld.com/images/ Frame 9164 77 KB
78 KB 87ms
84ms Image
image/jpeg 2606:4700:3037::ac43:8052
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://the-btc-supersplit.financialmarketsworld.com/images/poster_index.jpg
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8052 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1bf258c8ff0278fc6d730346e56a228accc438d859868f23b7994a98c5dcf3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 79307
cf-request-id: 09be1bc45000004a613a048000000001
last-modified: Thu, 25 Mar 2021 14:16:21 GMT
server: cloudflare
etag: "135cb-5be5d0f4fbd03"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=58eB%2F%2FpOhT%2F1H6vGyKRBUOHrzN1qIcPSSALrCeAM1Qx0bxvLMZtdFOu%2Fyy7dC9BBTqJmRp3jB6vv3hvApvkIprnti8NjcrguSgB5U2YkOsEPnxqnxtH3ILeL%2Fn9UodoBwnb%2BvMf7kExGjzlZ1KjvY7Mk65yEBicWFw%3D%3D"}]}
content-type: image/jpeg
cache-control: private
accept-ranges: bytes
cf-ray: 6476c8b3ba014a61-FRA

GET
H2 200 integration.js Show response
api.the-btc-supersplit.financialmarketsworld.com/dist/js/ Frame 9164 323 KB
80 KB 276ms
245ms Script
application/javascript 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 198432eabe25fd2193824f29f02d7fa3370b348a40ed4e5c1b6fdaccb96af3e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Fri, 09 Apr 2021 07:57:20 GMT
server: cloudflare
etag: W/"50b2b-5bf85836d5a5b;5bf85837dd52c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qZ3K4iIa6f6RdICMo%2FTXO1T2hQKp5oIt6bx8SmzmzoFecA2pOIAqkAorNR22uSVWaEB5SqvhwIAk7esEYW8RpKNwQssI2HQldtkUHGL4NiEpeyqInCgXSn9LgTdHpbB4%2BUOvAPmG9WdoZbfJAMP33FDDcTok%2BXX3bItFC6I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 6476c8b66b58d6c1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc6030000d6c1cc22b000000001

GET
H2 200 integration.css
api.the-btc-supersplit.financialmarketsworld.com/dist/css/ Frame 9164 30 KB
5 KB 202ms
171ms Stylesheet
text/css 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/css/integration.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18cab66279a0a8cdc442d84c19d9be718918acf4e4b6e3ab64eb57fc89565a3a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Fri, 09 Apr 2021 07:57:48 GMT
server: cloudflare
etag: W/"78da-5bf85852076cd;5bf8585315f07"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mG78Y48%2B1%2BYNoM3Z2YdWEdYqyZxCkEIXR9%2BSpOxecUkWjN8enTLED%2F0Mt0eAsCAfNR68704P2PKyg%2F4FJxwg6XEgYNwY9hf2a0uFUdCUc2RPEgZZF5BGRZ6fWi6a9MGuozm%2BNwALiIza5reAHWl2gcz%2BfZ5Q%2FYvvb6e%2BmsE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 6476c8b66b55d6c1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc6030000d6c181a36000000001

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9164 27 KB
1 KB 18ms
16ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,100italic,300,300italic,400,400italic,700,700italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e82fca4a73f892a8633ba141c6d84e9b71c1e1267bc916d0a51028e7f8c2c3b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 07:15:15 GMT
server: ESF
date: Thu, 29 Apr 2021 07:23:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 07:23:16 GMT

GET
H2 200 integration.js Show response
api.the-btc-supersplit.financialmarketsworld.com/dist/js/ Frame D1EE 323 KB
80 KB 337ms
324ms Script
application/javascript 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 198432eabe25fd2193824f29f02d7fa3370b348a40ed4e5c1b6fdaccb96af3e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Fri, 09 Apr 2021 07:57:31 GMT
server: cloudflare
etag: W/"50b2b-5bf858421d09f;5bf858433d9e3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kgh5n1Bpoqgt44nCcD4%2FQkLocHmlaffEOaSDEuVTBpbpUMoV7JxMFec6pBkzN75cPHsHh43kUeeS2RyCfptPslEeGdJgNYvpbwbEzFZ%2FprXS3yKe4%2BlC6f2eV18pJ7lr1sNmKJ38%2B2y%2BlE3s%2FiBZfMicjgDkfgz53rUGVWg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 6476c8b66b59d6c1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc6030000d6c175820000000001

GET
H2 200 integration.css
api.the-btc-supersplit.financialmarketsworld.com/dist/css/ Frame D1EE 30 KB
5 KB 271ms
268ms Stylesheet
text/css 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/css/integration.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18cab66279a0a8cdc442d84c19d9be718918acf4e4b6e3ab64eb57fc89565a3a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Fri, 09 Apr 2021 07:57:20 GMT
server: cloudflare
etag: W/"78da-5bf85836d4ea3;5bf85837dd52c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=w0d21QrA%2F37ixQ%2FzxFQWhWed3NKhhFzmiFV31JxPHr2CUMSm9ybo7mKy7byniA5bnZo4SvtMC2lC7RxryOr05ZtW3ys8jRtOnRtM1RbvZ0R8fp2p%2FNwEnzMuO2GiUiSDoi7B1kzlNJCRGlTB178xTMWjdwAX9GjOZ3uMHOg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 6476c8b66b57d6c1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc6030000d6c1a6093000000001

GET
H3-29 200 css
fonts.googleapis.com/ Frame D1EE 27 KB
1 KB 49ms
48ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,100italic,300,300italic,400,400italic,700,700italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e82fca4a73f892a8633ba141c6d84e9b71c1e1267bc916d0a51028e7f8c2c3b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 07:16:31 GMT
server: ESF
date: Thu, 29 Apr 2021 07:23:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 07:23:16 GMT

GET
H2 200 integration.js Show response
api.the-btc-supersplit.financialmarketsworld.com/dist/js/ Frame 6657 323 KB
80 KB 146ms
146ms Script
application/javascript 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 198432eabe25fd2193824f29f02d7fa3370b348a40ed4e5c1b6fdaccb96af3e8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Fri, 09 Apr 2021 07:57:01 GMT
server: cloudflare
etag: W/"50b2b-5bf85824c2cb6;5bf85825c4dad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bIOAUBTImPUv69GSbiJ%2FBItENym5E4KcRyXTsLEsrebX9xSdXL9%2BbgVWBxAt5QyNaIacdfFF1hjcHe4sfK8jNfuQe6m8CtynEOePdhQQUzE4BHt9SZn3MU72BBmH%2Bz2f%2FMxm6VeWytemSdhJxRXPAf%2B%2BJSp9D6tEO8rH6B8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 6476c8b67b6fd6c1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc60b0000d6c1ed079000000001

GET
H2 200 integration.css
api.the-btc-supersplit.financialmarketsworld.com/dist/css/ Frame 6657 30 KB
6 KB 97ms
97ms Stylesheet
text/css 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/css/integration.css
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18cab66279a0a8cdc442d84c19d9be718918acf4e4b6e3ab64eb57fc89565a3a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:23:16 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Fri, 09 Apr 2021 07:57:20 GMT
server: cloudflare
etag: W/"78da-5bf85836d4ea3;5bf85837dd52c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QLCn%2B0j0IRflX%2B1ob7iFh9P2WA0a9WhC22KxWjG9gxcKfRCinTo2GCI1x9%2B%2BiL3R7S9FpoLYZ1MFtgOBAd%2FbBYKHz5gSeGE0n73Y56HLa%2BtwB3ghGvq6rCWpT%2BTLyeXgfII2JyAcCNsMFxqOB81V2LMXITkeUhmHACOOyyQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: private
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 6476c8b67b71d6c1-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09be1bc60b0000d6c18cb2c000000001

GET
H3-29 200 css
fonts.googleapis.com/ Frame 6657 27 KB
1 KB 19ms
19ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,100italic,300,300italic,400,400italic,700,700italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e82fca4a73f892a8633ba141c6d84e9b71c1e1267bc916d0a51028e7f8c2c3b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 07:16:28 GMT
server: ESF
date: Thu, 29 Apr 2021 07:23:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 07:23:16 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 23 KB
23 KB 17ms
12ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:100,100italic,300,300italic,400,400italic,700,700italic,900,900italic%7COpen+Sans:300,300italic,400,400italic,600,600italic,700,700italic,800,800italic

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 574749
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:07 GMT

GET
H3-29 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 22 KB
22 KB 19ms
16ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:32:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
age: 193873
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:32:03 GMT

GET
H3-29 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 22 KB
22 KB 16ms
12ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 22:35:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:30 GMT
server: sffe
age: 118060
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
expires: Wed, 27 Apr 2022 22:35:36 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 15 KB
15 KB 14ms
12ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 124958
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 27 Apr 2022 20:40:38 GMT

GET
H3-29 200 S6u8w4BMUTPHh30AXC-q.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 21 KB
21 KB 39ms
34ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHh30AXC-q.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 03:41:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:43 GMT
server: sffe
age: 358890
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21580
x-xss-protection: 0
expires: Mon, 25 Apr 2022 03:41:46 GMT

GET
H3-29 200 S6u-w4BMUTPHjxsIPx-oPCI.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 17 KB
17 KB 38ms
33ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u-w4BMUTPHjxsIPx-oPCI.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d10280e8071d96d42984b8a0fe9eb713babef562cfe8e31bc28fbf65c46e126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 22:58:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:02 GMT
server: sffe
age: 548670
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17024
x-xss-protection: 0
expires: Fri, 22 Apr 2022 22:58:46 GMT

GET
H3-29 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 23 KB
23 KB 42ms
37ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 21:58:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:05 GMT
server: sffe
age: 120304
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23248
x-xss-protection: 0
expires: Wed, 27 Apr 2022 21:58:12 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI9w2_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 17 KB
17 KB 41ms
36ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI9w2_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afdd5b03f94d18d31b86e4bdf19ad063f6917233f5605f2e4b34d055a2502b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:43:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:31 GMT
server: sffe
age: 574760
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17640
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:43:56 GMT

GET
H3-29 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 24 KB
24 KB 43ms
37ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:06 GMT
server: sffe
age: 574743
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24440
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:13 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 24 KB
24 KB 49ms
44ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI5wq_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ad012803e63980f185a7ee45c983ff2ab99b7751fc8f817f86420d620f244d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:34 GMT
server: sffe
age: 19208
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24428
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:08 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI3wi_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame 9164 23 KB
23 KB 46ms
41ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI3wi_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad68b1eebdd10516b4cd884ca26e3f2f6086efc2a025badffb5f08e7fb110807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 11:02:49 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:41 GMT
server: sffe
age: 591627
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23696
x-xss-protection: 0
expires: Fri, 22 Apr 2022 11:02:49 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 15 KB
15 KB 46ms
40ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 05:52:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:21 GMT
server: sffe
age: 5443
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14932
x-xss-protection: 0
expires: Fri, 29 Apr 2022 05:52:33 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 14 KB
14 KB 45ms
40ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

453e6eb293c6b89bee1e1ac35780b6061d92b91af5e339d57460fc9bc230e678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 11:04:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:25 GMT
server: sffe
age: 591499
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13860
x-xss-protection: 0
expires: Fri, 22 Apr 2022 11:04:57 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 14 KB
14 KB 43ms
38ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 192759
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:50:37 GMT

GET
H3-29 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 13 KB
13 KB 49ms
44ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:37 GMT
server: sffe
age: 574754
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13780
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:02 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 15 KB
15 KB 50ms
45ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 335978
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Mon, 25 Apr 2022 10:03:38 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 14 KB
14 KB 56ms
51ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10879c90d675623954d308fa8d34ab038c915646aa4167764fd8bb02804cbbf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 19213
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13852
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:03 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 14 KB
14 KB 55ms
51ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d850554475a4336419ae7485d6381151d076a6db032975f193197af9fc775af2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:48 GMT
server: sffe
age: 193149
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13880
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:44:07 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 15 KB
15 KB 54ms
50ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75db69592337280529fdc6448185b1cb88a50dbe9b498718f45ba52907e8aba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 22:00:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:38 GMT
server: sffe
age: 552172
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15088
x-xss-protection: 0
expires: Fri, 22 Apr 2022 22:00:24 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 9164 14 KB
14 KB 52ms
48ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49512fd44c952848dd006a4319334a7eafd140f92a68081aec2b13673ba5f4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:15 GMT
server: sffe
age: 19208
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13960
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:08 GMT

GET
H3-29 200 S6u8w4BMUTPHh30AXC-q.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 21 KB
21 KB 45ms
44ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHh30AXC-q.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 03:41:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:43 GMT
server: sffe
age: 358890
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21580
x-xss-protection: 0
expires: Mon, 25 Apr 2022 03:41:46 GMT

GET
H3-29 200 S6u-w4BMUTPHjxsIPx-oPCI.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 17 KB
17 KB 47ms
46ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u-w4BMUTPHjxsIPx-oPCI.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d10280e8071d96d42984b8a0fe9eb713babef562cfe8e31bc28fbf65c46e126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 22:58:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:02 GMT
server: sffe
age: 548670
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17024
x-xss-protection: 0
expires: Fri, 22 Apr 2022 22:58:46 GMT

GET
H3-29 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 23 KB
23 KB 51ms
50ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 21:58:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:05 GMT
server: sffe
age: 120304
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23248
x-xss-protection: 0
expires: Wed, 27 Apr 2022 21:58:12 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI9w2_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 17 KB
17 KB 51ms
50ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI9w2_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afdd5b03f94d18d31b86e4bdf19ad063f6917233f5605f2e4b34d055a2502b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:43:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:31 GMT
server: sffe
age: 574760
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17640
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:43:56 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 23 KB
23 KB 51ms
51ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 574749
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:07 GMT

GET
H3-29 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 24 KB
24 KB 24ms
19ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:06 GMT
server: sffe
age: 574744
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24440
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:13 GMT

GET
H3-29 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 22 KB
22 KB 40ms
26ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:32:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
age: 193874
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:32:03 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 24 KB
24 KB 23ms
18ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI5wq_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ad012803e63980f185a7ee45c983ff2ab99b7751fc8f817f86420d620f244d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:34 GMT
server: sffe
age: 19209
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24428
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:08 GMT

GET
H3-29 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 22 KB
22 KB 45ms
30ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 22:35:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:30 GMT
server: sffe
age: 118061
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
expires: Wed, 27 Apr 2022 22:35:36 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI3wi_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame D1EE 23 KB
23 KB 26ms
21ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI3wi_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad68b1eebdd10516b4cd884ca26e3f2f6086efc2a025badffb5f08e7fb110807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 11:02:49 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:41 GMT
server: sffe
age: 591628
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23696
x-xss-protection: 0
expires: Fri, 22 Apr 2022 11:02:49 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 15 KB
15 KB 29ms
24ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 05:52:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:21 GMT
server: sffe
age: 5444
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14932
x-xss-protection: 0
expires: Fri, 29 Apr 2022 05:52:33 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 14 KB
14 KB 29ms
23ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

453e6eb293c6b89bee1e1ac35780b6061d92b91af5e339d57460fc9bc230e678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 11:04:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:25 GMT
server: sffe
age: 591500
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13860
x-xss-protection: 0
expires: Fri, 22 Apr 2022 11:04:57 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 14 KB
14 KB 29ms
24ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 192760
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:50:37 GMT

GET
H3-29 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 13 KB
13 KB 32ms
26ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:37 GMT
server: sffe
age: 574755
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13780
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:02 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 15 KB
15 KB 32ms
26ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 335979
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Mon, 25 Apr 2022 10:03:38 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 14 KB
14 KB 34ms
28ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10879c90d675623954d308fa8d34ab038c915646aa4167764fd8bb02804cbbf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 19214
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13852
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:03 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 15 KB
15 KB 44ms
28ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 124959
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 27 Apr 2022 20:40:38 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 14 KB
14 KB 34ms
29ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d850554475a4336419ae7485d6381151d076a6db032975f193197af9fc775af2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:48 GMT
server: sffe
age: 193150
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13880
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:44:07 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 15 KB
15 KB 34ms
29ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75db69592337280529fdc6448185b1cb88a50dbe9b498718f45ba52907e8aba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 22:00:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:38 GMT
server: sffe
age: 552173
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15088
x-xss-protection: 0
expires: Fri, 22 Apr 2022 22:00:24 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame D1EE 14 KB
14 KB 31ms
26ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49512fd44c952848dd006a4319334a7eafd140f92a68081aec2b13673ba5f4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:15 GMT
server: sffe
age: 19209
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13960
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:08 GMT

GET
H3-29 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 23 KB
23 KB 20ms
15ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 574750
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:07 GMT

GET
H3-29 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 22 KB
22 KB 21ms
15ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:32:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
age: 193874
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:32:03 GMT

GET
H3-29 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 22 KB
22 KB 23ms
17ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 22:35:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:30 GMT
server: sffe
age: 118061
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
expires: Wed, 27 Apr 2022 22:35:36 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 15 KB
15 KB 23ms
18ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 124959
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 27 Apr 2022 20:40:38 GMT

GET
H3-29 200 S6u8w4BMUTPHh30AXC-q.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 21 KB
21 KB 60ms
44ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHh30AXC-q.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 03:41:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:43 GMT
server: sffe
age: 358891
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21580
x-xss-protection: 0
expires: Mon, 25 Apr 2022 03:41:46 GMT

GET
H3-29 200 S6u-w4BMUTPHjxsIPx-oPCI.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 17 KB
17 KB 58ms
44ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u-w4BMUTPHjxsIPx-oPCI.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d10280e8071d96d42984b8a0fe9eb713babef562cfe8e31bc28fbf65c46e126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 22:58:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:02 GMT
server: sffe
age: 548671
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17024
x-xss-protection: 0
expires: Fri, 22 Apr 2022 22:58:46 GMT

GET
H3-29 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 23 KB
23 KB 15ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 21:58:12 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:05 GMT
server: sffe
age: 120305
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23248
x-xss-protection: 0
expires: Wed, 27 Apr 2022 21:58:12 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI9w2_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 17 KB
17 KB 58ms
45ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI9w2_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afdd5b03f94d18d31b86e4bdf19ad063f6917233f5605f2e4b34d055a2502b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:43:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:31 GMT
server: sffe
age: 574761
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17640
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:43:56 GMT

GET
H3-29 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 24 KB
24 KB 61ms
48ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:06 GMT
server: sffe
age: 574744
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24440
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:13 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI5wq_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 24 KB
24 KB 63ms
51ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI5wq_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8ad012803e63980f185a7ee45c983ff2ab99b7751fc8f817f86420d620f244d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:34 GMT
server: sffe
age: 19209
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24428
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:08 GMT

GET
H3-29 200 S6u_w4BMUTPHjxsI3wi_Gwft.woff2
fonts.gstatic.com/s/lato/v17/ Frame 6657 23 KB
23 KB 64ms
51ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u_w4BMUTPHjxsI3wi_Gwft.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad68b1eebdd10516b4cd884ca26e3f2f6086efc2a025badffb5f08e7fb110807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 11:02:49 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:41 GMT
server: sffe
age: 591628
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23696
x-xss-protection: 0
expires: Fri, 22 Apr 2022 11:02:49 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 15 KB
15 KB 65ms
53ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 05:52:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:21 GMT
server: sffe
age: 5444
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14932
x-xss-protection: 0
expires: Fri, 29 Apr 2022 05:52:33 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 14 KB
14 KB 65ms
53ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

453e6eb293c6b89bee1e1ac35780b6061d92b91af5e339d57460fc9bc230e678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 11:04:57 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:25 GMT
server: sffe
age: 591500
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13860
x-xss-protection: 0
expires: Fri, 22 Apr 2022 11:04:57 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 14 KB
14 KB 65ms
54ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 192760
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:50:37 GMT

GET
H3-29 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 13 KB
13 KB 67ms
55ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:44:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:37 GMT
server: sffe
age: 574755
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13780
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:44:02 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UNirkOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 15 KB
15 KB 67ms
56ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:47 GMT
server: sffe
age: 335979
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14880
x-xss-protection: 0
expires: Mon, 25 Apr 2022 10:03:38 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 14 KB
14 KB 15ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10879c90d675623954d308fa8d34ab038c915646aa4167764fd8bb02804cbbf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 19214
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13852
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:03 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 14 KB
14 KB 11ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d850554475a4336419ae7485d6381151d076a6db032975f193197af9fc775af2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 01:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:48 GMT
server: sffe
age: 193150
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13880
x-xss-protection: 0
expires: Wed, 27 Apr 2022 01:44:07 GMT

GET
H3-29 200 mem5YaGs126MiZpBA-UN8rsOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 15 KB
15 KB 64ms
56ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75db69592337280529fdc6448185b1cb88a50dbe9b498718f45ba52907e8aba3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 22:00:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:38 GMT
server: sffe
age: 552173
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15088
x-xss-protection: 0
expires: Fri, 22 Apr 2022 22:00:24 GMT

GET
H3-29 200 memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 6657 14 KB
14 KB 67ms
59ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hrIqM.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49512fd44c952848dd006a4319334a7eafd140f92a68081aec2b13673ba5f4a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 02:03:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:15 GMT
server: sffe
age: 19209
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13960
x-xss-protection: 0
expires: Fri, 29 Apr 2022 02:03:08 GMT

GET
H/1.1

200
OK

livechat2.aspx Show response
a7.mylivechat.com/livechat2/ Frame 6657
Redirect Chain

https://mylivechat.com/chatinline.aspx?hccid=45224259
https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline

10 KB
4 KB

811ms
168ms

Script
text/javascript

52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e58400a91a46b3a56369d5cf18c4f544e3d54e57a2893f8e2a1c46c3a0b0a8f2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Content-Length: 4065
Expires: -1

Redirect headers

Date: Thu, 29 Apr 2021 07:23:21 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Location: https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Length: 205

GET
H/1.1

200
OK

livechat2.aspx Show response
a7.mylivechat.com/livechat2/ Frame 9164
Redirect Chain

https://mylivechat.com/chatinline.aspx?hccid=45224259
https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline

10 KB
4 KB

786ms
176ms

Script
text/javascript

52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 9e30b9ef3c5e6b5ffd96115cbaf52334e318e639ae30923f5c85f2d7f02ea60d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Content-Length: 4066
Expires: -1

Redirect headers

Date: Thu, 29 Apr 2021 07:23:21 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Location: https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Length: 205

OPTIONS
H3-29 200 funnel-info
api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/ Frame 0
0 105ms
67ms Preflight
text/html 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/funnel-info?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-api-funnel-code
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
access-control-allow-origin
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Content-Type, Accept, Authorization, X-Requested-With, Application, X-Api-Funnel-Code
access-control-allow-credentials: true
cache-control: private
cf-cache-status: DYNAMIC
cf-request-id: 09be1bc88700004eb079a1e000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dxYdvKTtb%2F1766VzRRgdK0QRWT3u0un3s7hzm3g8E%2FqJPJaU%2Bq%2BIiTzflI%2Bu5LlgVQwSG5wPbQ0Z4W3XiQhhxHGSgP0TQ8qfm1IrtMGfYGkMKxK3cCtsFM%2FJsQdOjAYMHv4A%2FhRYdZ2SfS9p5BZUVn3YXUAefQ7kKN%2B3LNg%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6476c8ba7f8f4eb0-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 c57fb05f59c56eff2015c868ffc41f42.js Show response
clientcdn.pushengage.com/core/ Frame 6657 74 KB
18 KB 233ms
91ms Script
application/javascript 13.224.106.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://clientcdn.pushengage.com/core/c57fb05f59c56eff2015c868ffc41f42.js
Requested by: Host: api.the-btc-supersplit.financialmarketsworld.com
URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.106.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-106-110.mad50.r.cloudfront.net
Software: nginx /
Resource Hash: a49d1a33755aeb843093532f6eace11cb1601ebec75d93d08a48d1f3d9cc3f70

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:21:47 GMT
content-encoding: gzip
server: nginx
age: 90
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=120
x-amz-cf-pop: MAD50-C1
x-amz-cf-id: mLAvQ3DOonOzXTRrs35eInf7hJZI8y1_FrlDBEglUvhK8-M1MW9CFA==
via: 1.1 8698da0cfd5dac9801848770e0d61b63.cloudfront.net (CloudFront)

POST funnel-info
api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/ Frame 6657 0
0

GET
H/1.1

200
OK

livechat2.aspx Show response
a7.mylivechat.com/livechat2/ Frame D1EE
Redirect Chain

https://mylivechat.com/chatinline.aspx?hccid=45224259
https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline

10 KB
4 KB

766ms
157ms

Script
text/javascript

52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline
Requested by: Host: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 692469fad363eeebf3b9483c4713726afca2edc53eaa4d385af1bb72a8478751

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Content-Length: 4066
Expires: -1

Redirect headers

Date: Thu, 29 Apr 2021 07:23:21 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Location: https://a7.mylivechat.com/livechat2/livechat2.aspx?hccid=45224259&apimode=chatinline
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private
Content-Length: 205

OPTIONS
H3-29 200 funnel-info
api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/ Frame 0
0 79ms
79ms Preflight
text/html 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/funnel-info?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-api-funnel-code
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
access-control-allow-origin
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Content-Type, Accept, Authorization, X-Requested-With, Application, X-Api-Funnel-Code
access-control-allow-credentials: true
cache-control: private
cf-cache-status: DYNAMIC
cf-request-id: 09be1bc89b00004eb0913d9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oORmGjKxZqdx8PJoA2PhXvXn5UkunxQFwImz9ImCkczKBicJb%2Fq5Te2jaSUv9jY8olrhnawm61rQpjQGjGgOd4sdtluo1LBg3hDDLlGAlxLnEXoF3rlKhAn%2FPc6mOLLOx0hXt7Ee2sEvBZbRYkZE8liDSuPL9nI4zw%2Fa4mA%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6476c8ba9fcf4eb0-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 c57fb05f59c56eff2015c868ffc41f42.js Show response
clientcdn.pushengage.com/core/ Frame 9164 74 KB
18 KB 174ms
92ms Script
application/javascript 13.224.106.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://clientcdn.pushengage.com/core/c57fb05f59c56eff2015c868ffc41f42.js
Requested by: Host: api.the-btc-supersplit.financialmarketsworld.com
URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.106.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-106-110.mad50.r.cloudfront.net
Software: nginx /
Resource Hash: a49d1a33755aeb843093532f6eace11cb1601ebec75d93d08a48d1f3d9cc3f70

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:21:47 GMT
content-encoding: gzip
server: nginx
age: 90
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=120
x-amz-cf-pop: MAD50-C1
x-amz-cf-id: -9jKCpGFy_VURSwM9au0HSMkLY4mIqNNVN_GNxMQV3I15aqzrUBQ1Q==
via: 1.1 8698da0cfd5dac9801848770e0d61b63.cloudfront.net (CloudFront)

POST funnel-info
api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/ Frame 9164 0
0

OPTIONS
H3-29 200 funnel-info
api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/ Frame 0
0 67ms
67ms Preflight
text/html 2606:4700:3032::6815:da
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/funnel-info?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1
Protocol: H3-29
Server: 2606:4700:3032::6815:da , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-api-funnel-code
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 29 Apr 2021 07:23:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
access-control-allow-origin
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-headers: Content-Type, Accept, Authorization, X-Requested-With, Application, X-Api-Funnel-Code
access-control-allow-credentials: true
cache-control: private
cf-cache-status: DYNAMIC
cf-request-id: 09be1bc8ab00004eb03ead6000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tH2YrN0iyFI%2BLttvdrH3gmBJQIiVqqIBGt0mHSQL7A5wFliRznEKCaAHIrUgRJCVjOu5AjmUeTKN%2F5gJLeodEzrGyQpuRqlatrohvnLecSQd5WS2%2Fw%2FOU9gby1kuEV4KUD7g8THyjBdu7Vo9aOBenezl%2FSxr5ZWVe6l%2FKnw%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6476c8baa8014eb0-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 c57fb05f59c56eff2015c868ffc41f42.js Show response
clientcdn.pushengage.com/core/ Frame D1EE 74 KB
18 KB 176ms
110ms Script
application/javascript 13.224.106.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://clientcdn.pushengage.com/core/c57fb05f59c56eff2015c868ffc41f42.js
Requested by: Host: api.the-btc-supersplit.financialmarketsworld.com
URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.106.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-106-110.mad50.r.cloudfront.net
Software: nginx /
Resource Hash: a49d1a33755aeb843093532f6eace11cb1601ebec75d93d08a48d1f3d9cc3f70

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 29 Apr 2021 07:21:47 GMT
content-encoding: gzip
server: nginx
age: 90
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600, s-maxage=120
x-amz-cf-pop: MAD50-C1
x-amz-cf-id: do90pGG2B62-qvYccr6c2AzXN3i4G5iQuGdKkGt9BMmCNUFUR7kHDA==
via: 1.1 8698da0cfd5dac9801848770e0d61b63.cloudfront.net (CloudFront)

POST funnel-info
api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/ Frame D1EE 0
0

GET
H2 200 css
fonts.googleapis.com/ Frame 6657 5 KB
643 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700

Requested by

Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4806fbf823b46dcffd67e4cf0580f77b9e436dc2657d2ccaed92d79ca6159082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:14:17 GMT
server: ESF
date: Thu, 29 Apr 2021 07:23:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 07:23:19 GMT

GET
H/1.1 200
OK chatinline.css
a7.mylivechat.com/livechat2/ Frame 6657 26 KB
5 KB 156ms
154ms Stylesheet
text/css 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/chatinline.css?&culture=en-US&mlcv=3015&template=5
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c9e71f864bcc8aef60a3dc5a8de9eb253852bed712fdd6b6ff2704617a375911

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
ETag: "807dadb6bfbd61:0"
Last-Modified: Fri, 05 Feb 2021 03:00:23 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=2160000
Accept-Ranges: bytes
Content-Length: 4838

GET
H/1.1 200
OK resources2.aspx Show response
a7.mylivechat.com/livechat2/ Frame 6657 192 KB
55 KB 311ms
301ms Script
text/javascript 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/resources2.aspx?HCCID=45224259&culture=en-US&mlcv=3015&template=5
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 230d3294899dcb853b58c66bb7b6230f8465faf33e3bcf6c7512891c5ef34082

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
ETag: "A0JJEbGaAb+/HWwSsPGB90bx6ubgrTUqy30HU/3jT0o="
Last-Modified: Thu, 29 Apr 2021 05:00:00 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Length: 55898
Expires: Fri, 29 Apr 2022 07:23:22 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D1EE 5 KB
621 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700

Requested by

Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4806fbf823b46dcffd67e4cf0580f77b9e436dc2657d2ccaed92d79ca6159082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:09:14 GMT
server: ESF
date: Thu, 29 Apr 2021 07:23:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 07:23:19 GMT

GET
H/1.1 200
OK chatinline.css
a7.mylivechat.com/livechat2/ Frame D1EE 26 KB
5 KB 173ms
165ms Stylesheet
text/css 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/chatinline.css?&culture=en-US&mlcv=3015&template=5
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c9e71f864bcc8aef60a3dc5a8de9eb253852bed712fdd6b6ff2704617a375911

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
ETag: "807dadb6bfbd61:0"
Last-Modified: Fri, 05 Feb 2021 03:00:23 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=2160000
Accept-Ranges: bytes
Content-Length: 4838

GET
H/1.1 200
OK resources2.aspx Show response
a7.mylivechat.com/livechat2/ Frame D1EE 192 KB
55 KB 382ms
207ms Script
text/javascript 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/resources2.aspx?HCCID=45224259&culture=en-US&mlcv=3015&template=5
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 230d3294899dcb853b58c66bb7b6230f8465faf33e3bcf6c7512891c5ef34082

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
ETag: "A0JJEbGaAb+/HWwSsPGB90bx6ubgrTUqy30HU/3jT0o="
Last-Modified: Thu, 29 Apr 2021 05:00:00 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Length: 55898
Expires: Fri, 29 Apr 2022 07:23:22 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ Frame 6657 8 KB
8 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Apr 2021 10:03:38 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
age: 335981
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
expires: Mon, 25 Apr 2022 10:03:38 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9164 5 KB
537 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700

Requested by

Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4806fbf823b46dcffd67e4cf0580f77b9e436dc2657d2ccaed92d79ca6159082

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 29 Apr 2021 06:16:09 GMT
server: ESF
date: Thu, 29 Apr 2021 07:23:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Apr 2021 07:23:19 GMT

GET
H/1.1 200
OK chatinline.css
a7.mylivechat.com/livechat2/ Frame 9164 26 KB
5 KB 280ms
154ms Stylesheet
text/css 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/chatinline.css?&culture=en-US&mlcv=3015&template=5
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c9e71f864bcc8aef60a3dc5a8de9eb253852bed712fdd6b6ff2704617a375911

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
ETag: "807dadb6bfbd61:0"
Last-Modified: Fri, 05 Feb 2021 03:00:23 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=2160000
Accept-Ranges: bytes
Content-Length: 4838

GET
H/1.1 200
OK resources2.aspx Show response
a7.mylivechat.com/livechat2/ Frame 9164 192 KB
55 KB 568ms
295ms Script
text/javascript 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/resources2.aspx?HCCID=45224259&culture=en-US&mlcv=3015&template=5
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 230d3294899dcb853b58c66bb7b6230f8465faf33e3bcf6c7512891c5ef34082

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:22 GMT
Content-Encoding: gzip
ETag: "A0JJEbGaAb+/HWwSsPGB90bx6ubgrTUqy30HU/3jT0o="
Last-Modified: Thu, 29 Apr 2021 05:00:00 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Length: 55898
Expires: Fri, 29 Apr 2022 07:23:23 GMT

GET
H3-29 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ Frame D1EE 8 KB
8 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:43:44 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
age: 574775
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:43:44 GMT

GET
H3-29 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ Frame 9164 8 KB
8 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:300,400,500,600,700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 15:43:44 GMT
x-content-type-options: nosniff
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
age: 574775
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
expires: Fri, 22 Apr 2022 15:43:44 GMT

GET
H/1.1 200
OK livechatinit2.js Show response
a7.mylivechat.com/livechat2/script/ Frame 6657 105 KB
21 KB 162ms
162ms Script
application/javascript 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/script/livechatinit2.js
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 155c8773561a28ae69c533bf6a8e741161bc9d9bb822d51361da99ef49469b45

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:23 GMT
Content-Encoding: gzip
ETag: "807a44a2dfcd61:0"
Last-Modified: Sat, 06 Feb 2021 02:10:51 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2160000
Accept-Ranges: bytes
Content-Length: 21006

GET
H/1.1 200
OK livechatinit2.js Show response
a7.mylivechat.com/livechat2/script/ Frame D1EE 105 KB
21 KB 165ms
165ms Script
application/javascript 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/script/livechatinit2.js
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 155c8773561a28ae69c533bf6a8e741161bc9d9bb822d51361da99ef49469b45

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:23 GMT
Content-Encoding: gzip
ETag: "807a44a2dfcd61:0"
Last-Modified: Sat, 06 Feb 2021 02:10:51 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2160000
Accept-Ranges: bytes
Content-Length: 21006

GET
H/1.1 200
OK livechatinit2.js Show response
a7.mylivechat.com/livechat2/script/ Frame 9164 105 KB
21 KB 153ms
153ms Script
application/javascript 52.117.22.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://a7.mylivechat.com/livechat2/script/livechatinit2.js
Requested by: Host: mylivechat.com
URL: https://mylivechat.com/chatinline.aspx?hccid=45224259
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 52.117.22.24 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.16.7534.ip4.static.sl-reverse.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 155c8773561a28ae69c533bf6a8e741161bc9d9bb822d51361da99ef49469b45

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 29 Apr 2021 07:23:23 GMT
Content-Encoding: gzip
ETag: "807a44a2dfcd61:0"
Last-Modified: Sat, 06 Feb 2021 02:10:51 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=2160000
Accept-Ranges: bytes
Content-Length: 21006

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/images/poster_index.jpg

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/images/poster_index.jpg

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/images/poster_index.jpg

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/fonts/Lato-Regular.ttf

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/fonts/Lato-Semibold.ttf

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/fonts/Lato-Regular.ttf

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/fonts/Lato-Semibold.ttf

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/fonts/Lato-Regular.ttf

Domain: the-btc-supersplit.financialmarketsworld.com
URL: https://the-btc-supersplit.financialmarketsworld.com/fonts/Lato-Semibold.ttf

Domain: api.the-btc-supersplit.financialmarketsworld.com
URL: https://api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/funnel-info?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

Domain: api.the-btc-supersplit.financialmarketsworld.com
URL: https://api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/funnel-info?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

Domain: api.the-btc-supersplit.financialmarketsworld.com
URL: https://api.the-btc-supersplit.financialmarketsworld.com/postal/ajax/funnel-info?TrackingID=8087&ClickID=102b8cc0ffdbed26f733d0831f93f9&SubCampaignID=8011&FID=&NetworkID=1

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js(Line 2) Message: undefined
console-api	error	URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js(Line 2) Message: undefined
console-api	error	URL: https://api.the-btc-supersplit.financialmarketsworld.com/dist/js/integration.js(Line 2) Message: undefined

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a7.mylivechat.com
adro.pro
ajax.googleapis.com
api.the-btc-supersplit.financialmarketsworld.com
bintrck.xyz
cdnjs.cloudflare.com
click.genesistracker.xyz
clientcdn.pushengage.com
d3e54v103j8qbb.cloudfront.net
dailydeports.pw
fonts.googleapis.com
fonts.gstatic.com
free3dgame.xyz
gleaminist.info
maquiags.com
mylivechat.com
rtb.froggyads.com
syndication.exoclick.com
the-btc-supersplit.financialmarketsworld.com
tracking.affid21221il.com
vid-algo.com
witalfieldt.com
www.bestbeautycare.xyz
www.googletagmanager.com
www.sterlingbestskincare.xyz
xml.adxnexus.com
xml.popmonetizer.com
xml.revrtb.com
api.the-btc-supersplit.financialmarketsworld.com
the-btc-supersplit.financialmarketsworld.com
128.199.9.173
13.224.106.110
13.224.118.224
13.224.193.70
13.226.247.99
157.230.211.91
174.137.133.17
174.137.133.18
18.205.91.216
212.32.252.81
2600:1f18:43d1:2a04:ee05:261e:d408:7ba1
2606:4700:3032::6815:da
2606:4700:3032::ac43:b512
2606:4700:3035::6815:2cd1
2606:4700:3037::6815:53cd
2606:4700:3037::ac43:8052
2606:4700:3037::ac43:ae36
2606:4700::6810:125e
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:811::2008
2a00:1450:4001:827::200a
2a00:1450:4001:828::200a
2a00:1450:4001:829::2003
34.248.5.237
38.140.142.154
52.117.22.24
52.117.22.28
95.211.229.245
0a661d3824f4ed387de8e5c9ff28b88d9f7285a5cb6a590ca9047dcde9ad2f9b
10879c90d675623954d308fa8d34ab038c915646aa4167764fd8bb02804cbbf9
1491de1b31182d38593bcf660c99bc6018af8e192d91663f67ec9d045a3b5ccc
155c8773561a28ae69c533bf6a8e741161bc9d9bb822d51361da99ef49469b45
18cab66279a0a8cdc442d84c19d9be718918acf4e4b6e3ab64eb57fc89565a3a
198432eabe25fd2193824f29f02d7fa3370b348a40ed4e5c1b6fdaccb96af3e8
1d7b96eae49baab00cc107bdda099e85d8e51c39d58d55c01617a97f384efe46
230d3294899dcb853b58c66bb7b6230f8465faf33e3bcf6c7512891c5ef34082
23e0e2429a8069d441134b89295f54505096818eecd5942e3d1625c14fd00c67
2763de4b12b2ea6847cf3f70e7125184816cfe5fafee5c31477ffd9c7bf07bb8
288f8c30b5e7269bf91485bbf2cf043d4cfe016f00787e948d58f04a557fef2f
2ae751169bc521812543cd09a37585c17a8a838c812a77b622e427489695f0de
2b1bf258c8ff0278fc6d730346e56a228accc438d859868f23b7994a98c5dcf3
2d73b52fe44577f83a4cb0b40520bf7ab2b7b12294c4a01bdf3e568811dcefa2
3ef07a2e68c3368f7fa043be9ed60f4b06ee2dfbd901971b7524fd23d6db3070
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
453e6eb293c6b89bee1e1ac35780b6061d92b91af5e339d57460fc9bc230e678
4806fbf823b46dcffd67e4cf0580f77b9e436dc2657d2ccaed92d79ca6159082
49512fd44c952848dd006a4319334a7eafd140f92a68081aec2b13673ba5f4a7
4d266da1930ccaa5ca8c657d56db25adba17036c0a616e601768d035d60aafea
586341b2e23993a5c8d45db157b5e2d287121303d207cddf4139a0e06c3b866d
5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81
623702bd791d4553ae7226c2f48e26052e359573eb59fa98d819e9b248593e7c
640821feba1494cfcb8501cef7520c029f234bcfcee123bc18292b3fdb95a108
67e085d7126563c044594122b86487953e077441c1671dc80cfbb8c40e0a06e2
692469fad363eeebf3b9483c4713726afca2edc53eaa4d385af1bb72a8478751
6d971119a046fb86eeec343e50c680c36a72eb2df85521c8f343dc9678924398
718bb6618f7a9a005a73d1a227f78ef5d11bb87b46d53eaa881ef715502c6a20
71c8885a8a59ba26afa5b32e610a43cdaee1a88cf0eecf064a66d76db13a6bbe
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
75db69592337280529fdc6448185b1cb88a50dbe9b498718f45ba52907e8aba3
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
7deeee24b8c80bcca6c1c3ba09aaf3811aa99f88028732f2fce9e31e83a435f6
7f12005693694cf30a113bb4e3b720c44d6d9fe5f191525a979b0095b15f0b8a
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
811cdbcef216e6ed1c797403135bb37e17628d0a1df43df64c10014dab36da65
8ad012803e63980f185a7ee45c983ff2ab99b7751fc8f817f86420d620f244d9
8c574e0a06396dfa7064b8b460e0e4a8d5d0748c4aa66eb2e4efdfcb46da4b31
8d10280e8071d96d42984b8a0fe9eb713babef562cfe8e31bc28fbf65c46e126
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
9e30b9ef3c5e6b5ffd96115cbaf52334e318e639ae30923f5c85f2d7f02ea60d
a49d1a33755aeb843093532f6eace11cb1601ebec75d93d08a48d1f3d9cc3f70
a742be77dc39541f6a90844e1504a85324916fce7a34c22a57963f621c8b4673
a97c066cc56655679373cae95f0b9ac4dff92269d6addc009626e3b34c7fdc3d
ad68b1eebdd10516b4cd884ca26e3f2f6086efc2a025badffb5f08e7fb110807
af5c31f830557e21037618fe8b4819107896d7bba427100709ff24cbcc2e348f
afdd5b03f94d18d31b86e4bdf19ad063f6917233f5605f2e4b34d055a2502b0e
b3aa424c73c7fa2118edd6e0a7bfae1add0be09c74be76fbb8da65acd2442e7e
b5ff19ad3d39ecf31e411a2cd69670717df2151a31ac53dbfd4252deb83a1367
c25c043561e65a24241a985a1fcd4c3bfcc8d8fc5c83725931e4e85cd482bc40
c2a5522aa6db1905f0279dbb1b4c2a8a1eec6ebe3b05edfce42b778cc50c9a76
c30e8e573b911520fa347bf04d19a43c064a952a5a4500791514b5dbfc170a37
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c42560e8fb69403206efd73ef655cf803a520ca63c21a040d38cd553100ec94f
c9e71f864bcc8aef60a3dc5a8de9eb253852bed712fdd6b6ff2704617a375911
ccb5febf8ac335a1b768a7a2087fa4362cb3a0a9392e2e451df9d9825e88e5db
d4ecda487864ac7565133b4862ce4478d6b5f7877661ad7d89ac8a57fd25dd3f
d7393ed3b4b27a79b14917919acbfabd6e518294728ddfa8a0e60278a3e886ec
d850554475a4336419ae7485d6381151d076a6db032975f193197af9fc775af2
da407a15b1ea0c1b4bb774bd77bb608d6b1c90397b5a75b8895bbccfda5feb63
e11f6066ad66768d9fada2e9a9b13338e99f62c5aae402baeef2d2994ba5a63a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58400a91a46b3a56369d5cf18c4f544e3d54e57a2893f8e2a1c46c3a0b0a8f2
e82fca4a73f892a8633ba141c6d84e9b71c1e1267bc916d0a51028e7f8c2c3b9
e9663ee1fb3b65f231a214f5db12a0220adf23d6a67ad4337f94f2711f17fc3d
ee7e1e23847601965a23bd3679a144a968a6c9713aa0741675b3c9abb3d0e5b6
f18bc8a397e17860aace152763820140c3b54f4c613abf1e2b993930a0698b87
f325a62ca01f04b3d744aefeaa2854046aa3b18c280d4ef72842cf87afb3c6b4
f677ee2d82dfb11f08175f673cf3f065b0d5e491b4485e01259a492715c746e2
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fc8054dc8b67414e2a9c3465c60eca6df59573fde73d1d9b472d4bd5ae3a363b

dailydeports.pw Open in urlscan Pro 2606:4700:3037::6815:53cd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

184 Requests

90 %HTTPS

48 %IPv6

25 Domains

28 Subdomains

23 IPs

4 Countries

4210 kBTransfer

8331 kBSize

0 Cookies

0 Outgoing links

Redirected requests

184 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

dailydeports.pw Open in urlscan Pro
2606:4700:3037::6815:53cd Public Scan

Screenshot
Live screenshot

Full Image

184
Requests

90 %
HTTPS

48 %
IPv6

25
Domains

28
Subdomains

23
IPs

4
Countries

4210 kB
Transfer

8331 kB
Size

0
Cookies

184 HTTP transactions
-1 data transactions