www.heutenochverabreden.com Open in urlscan Pro
34.102.151.155 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://reurab.click/blee/4273868628/carping/1711290248/despaired
Effective URL:
https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Submission: On March 27 via api (March 27th 2024, 8:22:48 pm UTC) from BE — Scanned from DE

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 17 domains to perform 45 HTTP transactions. The main IP is 34.102.151.155, located in and belongs to . The main domain is www.heutenochverabreden.com.
TLS certificate: Issued by GTS CA 1D4 on March 3rd 2024. Valid for: 3 months.

This is the only time www.heutenochverabreden.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	46.150.16.70 46.150.16.70	47513 (SKYLINE-U...) (SKYLINE-UA-AS ISP Skyline)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700:303... 2606:4700:3036::ac43:c660	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42:200... 2a04:4e42:200::729	54113 (FASTLY) (FASTLY)
1 2	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.198.96 172.67.198.96	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	18.196.86.59 18.196.86.59	() ()
2 2	63.32.179.238 63.32.179.238	() ()
14	34.102.151.155 34.102.151.155	() ()
3	142.250.185.164 142.250.185.164	() ()
1	34.96.102.137 34.96.102.137	() ()
1	2a00:1450:400... 2a00:1450:4001:802::2003	() ()
10	35.195.163.35 35.195.163.35	() ()
2	2a00:1450:400... 2a00:1450:4001:82a::2008	() ()
1	2001:4860:480... 2001:4860:4802:34::36	() ()
45	13

5 46.150.16.70 (Kharkiv, Ukraine)

ASN47513 (SKYLINE-UA-AS ISP Skyline, UA)

reurab.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3036::ac43:c660 (United States)

ASN13335 (CLOUDFLARENET, US)

bi2.clicktocouple.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::729 (United States)

ASN54113 (FASTLY, US)

js.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.97.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

metatrckpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www2.datedive.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.198.96 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www2-eu.clicktocouple.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.96.3 (Amsterdam, Netherlands) 3 redirects

ASN13335 (CLOUDFLARENET, US)

t0327.redirectsecure.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ab.pdtrcksus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.86.59 (None, ) 2 redirects

ASN- ()

phardingsboodules.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.32.179.238 (None, ) 2 redirects

ASN- ()

padsthai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.102.151.155 (None, )

ASN- ()

www.heutenochverabreden.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.164 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.102.137 (None, )

ASN- ()

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.195.163.35 (None, )

ASN- ()

sammledenkonsens.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.sammledenkonsens.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (None, )

ASN- ()

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (None, )

ASN- ()

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	heutenochverabreden.com www.heutenochverabreden.com	380 KB
10	sammledenkonsens.com sammledenkonsens.com api.sammledenkonsens.com	24 KB
5	reurab.click reurab.click	55 KB
4	clicktocouple.online 1 redirects bi2.clicktocouple.online www2-eu.clicktocouple.online	8 KB
3	google.com www.google.com	2 KB
2	googletagmanager.com www.googletagmanager.com	165 KB
2	padsthai.com 2 redirects padsthai.com	1 KB
2	phardingsboodules.com 2 redirects phardingsboodules.com	1006 B
2	pdtrcksus.com 1 redirects ab.pdtrcksus.com	3 KB
2	redirectsecure.com 2 redirects t0327.redirectsecure.com	1 KB
2	sentry-cdn.com js.sentry-cdn.com — Cisco Umbrella Rank: 6311 browser.sentry-cdn.com — Cisco Umbrella Rank: 4209	42 KB
1	google-analytics.com region1.google-analytics.com	263 B
1	gstatic.com www.gstatic.com	201 KB
1	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	1 KB
1	datedive.online 1 redirects www2.datedive.online	876 B
1	metatrckpixel.com metatrckpixel.com — Cisco Umbrella Rank: 599764	722 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 357	30 KB
45	17

	Domain	Requested by
14	www.heutenochverabreden.com	www.heutenochverabreden.com
8	api.sammledenkonsens.com	sammledenkonsens.com
5	reurab.click	reurab.click ajax.googleapis.com
3	www.google.com	www.heutenochverabreden.com www.gstatic.com
3	bi2.clicktocouple.online	reurab.click bi2.clicktocouple.online
2	www.googletagmanager.com	www.heutenochverabreden.com www.googletagmanager.com
2	sammledenkonsens.com	www.heutenochverabreden.com sammledenkonsens.com
2	padsthai.com	2 redirects
2	phardingsboodules.com	2 redirects
2	ab.pdtrcksus.com	1 redirects bi2.clicktocouple.online
2	t0327.redirectsecure.com	2 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	dev.visualwebsiteoptimizer.com	www.heutenochverabreden.com
1	www2.datedive.online	1 redirects
1	www2-eu.clicktocouple.online	1 redirects
1	browser.sentry-cdn.com	js.sentry-cdn.com
1	metatrckpixel.com	bi2.clicktocouple.online
1	js.sentry-cdn.com	bi2.clicktocouple.online
1	ajax.googleapis.com	reurab.click
45	20

This site contains no links.

Subject Issuer	Validity	Valid
reurab.click R3	`2024-02-07` - `2024-05-07`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
clicktocouple.online GTS CA 1P5	`2024-01-31` - `2024-04-30`	3 months	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-01` - `2024-09-01`	a year	crt.sh
metatrckpixel.com GTS CA 1P5	`2024-02-13` - `2024-05-13`	3 months	crt.sh
pdtrcksus.com GTS CA 1P5	`2024-03-12` - `2024-06-10`	3 months	crt.sh
heutenochverabreden.com GTS CA 1D4	`2024-03-03` - `2024-06-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh
sammledenkonsens.com R3	`2024-02-27` - `2024-05-27`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Frame ID: 311A64187DDA7E501598D1FF1852C53B
Requests: 40 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly93d3cuaGV1dGVub2NodmVyYWJyZWRlbi5jb206NDQz&hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=ui7etq3y2vss
Frame ID: A1716691BCCDF1C548A6C6CCC8A282DC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://reurab.click/blee/4273868628/carping/1711290248/despaired Page URL
https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com... Page URL
https://www2-eu.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy%40hotmail.c... HTTP 302
https://t0327.redirectsecure.com/track?data=eyJsaW5rIjoiaHR0cHM6XC9cL2FiLnBkdHJja3N1cy5jb21cL3YxXC9yZWRpcmVjd... HTTP 302
https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5... Page URL
https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5... HTTP 302
https://www2.datedive.online/fallback/cxkA/TvSjA2YEgA4 HTTP 302
https://t0327.redirectsecure.com/track?data=eyJsaW5rIjoiaHR0cHM6XC9cL3BoYXJkaW5nc2Jvb2R1bGVzLmNvbVwvZGEyNjYxM... HTTP 302
https://phardingsboodules.com/da266128-166c-4ce1-ad74-6bc210cc521b?var1=3302551869901427452&var2=da266128_... HTTP 307
https://phardingsboodules.com/da266128-166c-4ce1-ad74-6bc210cc521b/2?var1=3302551869901427452&var2=da26612... HTTP 302
https://padsthai.com/?a=10444&c=84195&s1=da266128_2&s2=wl9epn7m8ohr8s5037vj6o30 HTTP 302
https://padsthai.com/?a=10444&c=84195&s1=da266128_2&s2=wl9epn7m8ohr8s5037vj6o30&ch-redir=1&ckmxid... HTTP 302
https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2= Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

45
Requests

100 %
HTTPS

38 %
IPv6

17
Domains

20
Subdomains

13
IPs

4
Countries

910 kB
Transfer

2116 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://reurab.click/blee/4273868628/carping/1711290248/despaired Page URL
https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876 Page URL
https://www2-eu.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy%40hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876&sub6=www2-eu&tbrid64=BwYnFGYEgA0&bdata=eyJkYXRhIjp7InZlbmRvciI6IkludGVsIEluYy4iLCJyZW5kZXJlciI6IkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsInBsYXRmb3JtIjoiV2luMzIifSwiZXh0cmEiOnsiTmF2aWdhdG9yLmFwcENvZGVOYW1lIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmFwcE5hbWUiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IuYXBwVmVyc2lvbiI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci5jb25uZWN0aW9uIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmRldmljZU1lbW9yeSI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci5oYXJkd2FyZUNvbmN1cnJlbmN5IjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmxhbmd1YWdlIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmxhbmd1YWdlcyI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIiwiZmFpbGVkIGF0IHRvbyBtdWNoIHJlY3Vyc2lvbiBlcnJvciJdLCJOYXZpZ2F0b3IubWF4VG91Y2hQb2ludHMiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IubWltZVR5cGVzIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnBsYXRmb3JtIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnBsdWdpbnMiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IucHJvZHVjdCI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci5wcm9kdWN0U3ViIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnNlcnZpY2VXb3JrZXIiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IudXNlckFnZW50IjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnZlbmRvciI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci52ZW5kb3JTdWIiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdfSwiZXJyb3JzIjp7ImlmcmFtZSI6WyJDYW5ub3QgcmVhZCBwcm9wZXJ0aWVzIG9mIG51bGwgKHJlYWRpbmcgJ2FwcGVuZENoaWxkJykiXX0sImJvdFNjb3JlIjoiNTAifQ%253D%253D&bt=1711570957&bth=1396411354&tbsession=34103012704419854&c=3861561651&tags=%7B%7D HTTP 302
https://t0327.redirectsecure.com/track?data=eyJsaW5rIjoiaHR0cHM6XC9cL2FiLnBkdHJja3N1cy5jb21cL3YxXC9yZWRpcmVjdFwvMTcwOTU%2FdXRtX3Rlcm09MzMwMjU1MTg2OTkwMTQyNzQ1MiZlbWFpbF9lbmNvZGVkPWRtRnVMbUZ6YzJOb1pTNWtZWFo1UUdodmRHMWhhV3d1WTI5dCZjbGlja2lkPVR2U2pBMllFZ0E0JnN1YmlkPTE3MDk1JnV0bV9jb250ZW50PTIwMjQwMzI3XzIwMjIzOCIsInZlcnNpb24iOiJ2MiIsImNsaWNrX2lkIjoiVHZTakEyWUVnQTQiLCJ0aW1lIjoxNzExNTcwOTU4Ljg5OTY5OH0%3D&cs=620d0452d3fa789b9911a9bb9ce19981 HTTP 302
https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t&clickid=TvSjA2YEgA4&subid=17095&utm_content=20240327_202238 Page URL
https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t&clickid=TvSjA2YEgA4&subid=17095&utm_content=20240327_202238 HTTP 302
https://www2.datedive.online/fallback/cxkA/TvSjA2YEgA4 HTTP 302
https://t0327.redirectsecure.com/track?data=eyJsaW5rIjoiaHR0cHM6XC9cL3BoYXJkaW5nc2Jvb2R1bGVzLmNvbVwvZGEyNjYxMjgtMTY2Yy00Y2UxLWFkNzQtNmJjMjEwY2M1MjFiP3ZhcjE9MzMwMjU1MTg2OTkwMTQyNzQ1MiZ2YXIyPWRhMjY2MTI4XzImZW1haWw9dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29tJnNjcj10YiZjbGlja2lkPVppV3J0bVlFZ0JBIiwidmVyc2lvbiI6InYyIiwiY2xpY2tfaWQiOiJaaVdydG1ZRWdCQSIsInRpbWUiOjE3MTE1NzA5NjAuODE4NTl9&cs=1d2457355ea1d616b4477cf74bf025ca HTTP 302
https://phardingsboodules.com/da266128-166c-4ce1-ad74-6bc210cc521b?var1=3302551869901427452&var2=da266128_2&email=van.assche.davy@hotmail.com&scr=tb&clickid=ZiWrtmYEgBA HTTP 307
https://phardingsboodules.com/da266128-166c-4ce1-ad74-6bc210cc521b/2?var1=3302551869901427452&var2=da266128_2&email=van.assche.davy@hotmail.com&scr=tb&clickid=ZiWrtmYEgBA HTTP 302
https://padsthai.com/?a=10444&c=84195&s1=da266128_2&s2=wl9epn7m8ohr8s5037vj6o30 HTTP 302
https://padsthai.com/?a=10444&c=84195&s1=da266128_2&s2=wl9epn7m8ohr8s5037vj6o30&ch-redir=1&ckmxid=co28048d0001ff3h8qvg HTTP 302
https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://www2-eu.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy%40hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876&sub6=www2-eu&tbrid64=BwYnFGYEgA0&bdata=eyJkYXRhIjp7InZlbmRvciI6IkludGVsIEluYy4iLCJyZW5kZXJlciI6IkludGVsIElyaXMgT3BlbkdMIEVuZ2luZSIsInBsYXRmb3JtIjoiV2luMzIifSwiZXh0cmEiOnsiTmF2aWdhdG9yLmFwcENvZGVOYW1lIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmFwcE5hbWUiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IuYXBwVmVyc2lvbiI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci5jb25uZWN0aW9uIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmRldmljZU1lbW9yeSI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci5oYXJkd2FyZUNvbmN1cnJlbmN5IjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmxhbmd1YWdlIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLmxhbmd1YWdlcyI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIiwiZmFpbGVkIGF0IHRvbyBtdWNoIHJlY3Vyc2lvbiBlcnJvciJdLCJOYXZpZ2F0b3IubWF4VG91Y2hQb2ludHMiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IubWltZVR5cGVzIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnBsYXRmb3JtIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnBsdWdpbnMiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IucHJvZHVjdCI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci5wcm9kdWN0U3ViIjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnNlcnZpY2VXb3JrZXIiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdLCJOYXZpZ2F0b3IudXNlckFnZW50IjpbImZhaWxlZCBvYmplY3QgdG9TdHJpbmcgZXJyb3IiXSwiTmF2aWdhdG9yLnZlbmRvciI6WyJmYWlsZWQgb2JqZWN0IHRvU3RyaW5nIGVycm9yIl0sIk5hdmlnYXRvci52ZW5kb3JTdWIiOlsiZmFpbGVkIG9iamVjdCB0b1N0cmluZyBlcnJvciJdfSwiZXJyb3JzIjp7ImlmcmFtZSI6WyJDYW5ub3QgcmVhZCBwcm9wZXJ0aWVzIG9mIG51bGwgKHJlYWRpbmcgJ2FwcGVuZENoaWxkJykiXX0sImJvdFNjb3JlIjoiNTAifQ%253D%253D&bt=1711570957&bth=1396411354&tbsession=34103012704419854&c=3861561651&tags=%7B%7D HTTP 302
https://t0327.redirectsecure.com/track?data=eyJsaW5rIjoiaHR0cHM6XC9cL2FiLnBkdHJja3N1cy5jb21cL3YxXC9yZWRpcmVjdFwvMTcwOTU%2FdXRtX3Rlcm09MzMwMjU1MTg2OTkwMTQyNzQ1MiZlbWFpbF9lbmNvZGVkPWRtRnVMbUZ6YzJOb1pTNWtZWFo1UUdodmRHMWhhV3d1WTI5dCZjbGlja2lkPVR2U2pBMllFZ0E0JnN1YmlkPTE3MDk1JnV0bV9jb250ZW50PTIwMjQwMzI3XzIwMjIzOCIsInZlcnNpb24iOiJ2MiIsImNsaWNrX2lkIjoiVHZTakEyWUVnQTQiLCJ0aW1lIjoxNzExNTcwOTU4Ljg5OTY5OH0%3D&cs=620d0452d3fa789b9911a9bb9ce19981 HTTP 302
https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t&clickid=TvSjA2YEgA4&subid=17095&utm_content=20240327_202238

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK despaired Show response
reurab.click/blee/4273868628/carping/1711290248/ 1 KB
2 KB 335ms
186ms Document
text/html 46.150.16.70
SKYLINE-UA-AS ISP...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurab.click/blee/4273868628/carping/1711290248/despaired
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 46.150.16.70 Kharkiv, Ukraine, ASN47513 (SKYLINE-UA-AS ISP Skyline, UA),
Reverse DNS
Software: nginx /
Resource Hash: 53c2b2fca2b91b196f92afcfa5e08d31b26923f75927ebd94050deea6261df10

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 27 Mar 2024 20:22:36 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 85 KB
30 KB 35ms
8ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: reurab.click
URL: https://reurab.click/blee/4273868628/carping/1711290248/despaired

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 12:13:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30306
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 27 Mar 2025 12:13:36 GMT

GET
H/1.1 200
OK 941704597.4901671692.2339093312.627886184
reurab.click/ 14 KB
15 KB 201ms
201ms Image
image/gif 46.150.16.70
SKYLINE-UA-AS ISP...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reurab.click/941704597.4901671692.2339093312.627886184
Requested by: Host: reurab.click
URL: https://reurab.click/blee/4273868628/carping/1711290248/despaired
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 46.150.16.70 Kharkiv, Ukraine, ASN47513 (SKYLINE-UA-AS ISP Skyline, UA),
Reverse DNS
Software: nginx /
Resource Hash: 8effef18a817c22d929eb3955cd32d2ffb4859b8d7035c8e2f4ade2bb41e77f6

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Wed, 27 Mar 2024 20:22:36 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 14742
Expires: 0

POST
H/1.1 200
OK despaired&p=a
reurab.click/blee/4273868628/carping/1711290248/ 157 B
354 B 474ms
381ms XHR
text/html 46.150.16.70
SKYLINE-UA-AS ISP...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurab.click/blee/4273868628/carping/1711290248/despaired&p=a
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 46.150.16.70 Kharkiv, Ukraine, ASN47513 (SKYLINE-UA-AS ISP Skyline, UA),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: */*
Referer
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 27 Mar 2024 20:22:36 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK dGE4YlhWMD0= Show response
reurab.click/M1k4em1MS/Cs1dE1YOWk4/Z/Fc/5VUh5Vy8yS3NxNmgxMDU1N09v/ 38 KB
38 KB 329ms
236ms Script
text/html 46.150.16.70
SKYLINE-UA-AS ISP...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurab.click/M1k4em1MS/Cs1dE1YOWk4/Z/Fc/5VUh5Vy8yS3NxNmgxMDU1N09v/dGE4YlhWMD0=
Requested by: Host: reurab.click
URL: https://reurab.click/blee/4273868628/carping/1711290248/despaired
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 46.150.16.70 Kharkiv, Ukraine, ASN47513 (SKYLINE-UA-AS ISP Skyline, UA),
Reverse DNS
Software: nginx /
Resource Hash: 667fb3374e9c1c677dd86bfee7541d0c7bf588ad9a482ee5974cf91e55b76d65

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 27 Mar 2024 20:22:36 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK favicon.ico
reurab.click/ 43 B
229 B 127ms
127ms Other
image/gif 46.150.16.70
SKYLINE-UA-AS ISP...

General

Check archive.org

Show headers Download Go to

Full URL: https://reurab.click/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 46.150.16.70 Kharkiv, Ukraine, ASN47513 (SKYLINE-UA-AS ISP Skyline, UA),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 27 Mar 2024 20:22:36 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 AgAA Show response
bi2.clicktocouple.online/ 8 KB
2 KB 348ms
231ms Document
text/html 2606:4700:3036::ac43:c660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
Requested by: Host: reurab.click
URL: https://reurab.click/blee/4273868628/carping/1711290248/despaired
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:c660 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2d6f363809b0b7f0a67ecf523387d5ff1f09d1d565e86e225c67125a66417bd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 86b217f60807b7e4-AMS
content-encoding: br
content-type: text/html
date: Wed, 27 Mar 2024 20:22:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EyqQ5mMG%2BpNLWnMNvTO7YGAjiyvULH7umEWpZjww8hAwHIaNBZCqki9GEPtRoOc4KZKU3ITopsKp6XR63dKAghnR%2F9gzuQDth%2B4xsiJT%2B5Q%2BF8nxAnJ5CuJovwCZizebcISwzw%2Bfwy8Df%2B7GIBTvad472TN1JcA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 8e586a14295f3544b7c3c55e6e25ea85.min.js Show response
js.sentry-cdn.com/ 3 KB
2 KB 31ms
8ms Script
text/javascript 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.sentry-cdn.com/8e586a14295f3544b7c3c55e6e25ea85.min.js

Requested by

Host: bi2.clicktocouple.online
URL: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

36fe98741a6dd789d4605c81b6eb69d459110444dd2ed2e3139a4cdf99429343

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self' .algolia.net .algolianet.com .algolia.io sentry.io .sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; default-src 'none'; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; base-uri 'none'; worker-src blob:; frame-ancestors 'self' .sentry.io; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; style-src 'unsafe-inline' ; font-src * data:; img-src blob: data: ; object-src 'none'; media-src ; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=051dbf52cf70c04f4fd406773a1a7e17973a5f6d
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://bi2.clicktocouple.online/
Origin: https://bi2.clicktocouple.online
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; default-src 'none'; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; base-uri 'none'; worker-src blob:; frame-ancestors 'self' *.sentry.io; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; style-src 'unsafe-inline' *; font-src * data:; img-src blob: data: *; object-src 'none'; media-src *; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=051dbf52cf70c04f4fd406773a1a7e17973a5f6d
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 27 Mar 2024 20:22:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
age: 34
x-envoy-upstream-service-time: 19
content-length: 1280
x-xss-protection: 1; mode=block
x-served-by: getsentry-web-default-common-production-549cbb6cbc-hwz9c, cache-chi-klot8100094-CHI, cache-fra-etou8220159-FRA
x-frame-options: deny
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
x-envoy-attempt-count: 1
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 pixel.js Show response
metatrckpixel.com/ 257 B
722 B 53ms
21ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://metatrckpixel.com/pixel.js?tbsession=
Requested by: Host: bi2.clicktocouple.online
URL: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3a1eefb9b9b935776f509eefb32295daeb3b76364e907f7fae7c68060e25cdb

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://bi2.clicktocouple.online/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:38 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2F3uPe6LFaBh3jdlwzT%2FYaioF49A8RVAGk7hg65jIlGwZw%2FLFk0WJ6qxAKzeAFfJXSL6juK2szziiknyi1F88fGcxjQfPt6tTVSH%2Fk5o2iWYSXFHQcZRtiDw1pG20rPlVl%2BnxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=UTF-8
cf-ray: 86b217f82b634d8f-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 bd.js Show response
bi2.clicktocouple.online/static/js/build/ 9 KB
4 KB 35ms
35ms Script
application/javascript 2606:4700:3036::ac43:c660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bi2.clicktocouple.online/static/js/build/bd.js
Requested by: Host: bi2.clicktocouple.online
URL: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:c660 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56f971147c45eee57e6c99f09f4cd65f7a1a47a87b9be4814708de41decb0cd5

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7585
etag: W/"static/js/build/bd.3ad9d77bdd.js"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FLYQ7pxEIq78rd%2B90qdnQPcaOJ%2BvjaOqiK8eMKYM9W4nZeIRFLIdRfqLjyhpQDLwLcC84P7ev%2FmJppaJ14PVbkynAYZvcX30v2zmGE9J470tz1E597PviifJFP7Opup%2BmJEcQ%2F1sXqctLmKMgFLAlnvy9%2B%2FoYaw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 86b217f7f97bb7e4-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 bundle.tracing.es5.min.js
browser.sentry-cdn.com/7.108.0/ 127 KB
40 KB 14ms
8ms Script
application/javascript 2a04:4e42:200::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/7.108.0/bundle.tracing.es5.min.js

Requested by

Host: js.sentry-cdn.com
URL: https://js.sentry-cdn.com/8e586a14295f3544b7c3c55e6e25ea85.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://bi2.clicktocouple.online/
Origin: https://bi2.clicktocouple.online
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 22 Mar 2024 08:50:10 GMT
server: Fastly
age: 469017
etag: "d00bd11e222421765284f64392e258db"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 40358
expires: Sat, 22 Mar 2025 10:05:41 GMT

POST
H2 200 beacon
bi2.clicktocouple.online/ 2 B
312 B 21ms
21ms Ping
text/plain 2606:4700:3036::ac43:c660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bi2.clicktocouple.online/beacon
Requested by: Host: bi2.clicktocouple.online
URL: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:c660 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryeTAp3yI3cPUhgNnh

Response headers

date: Wed, 27 Mar 2024 20:22:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SohaGa6zTTGI%2B8cSvuZrtudUzWrsVTM%2FcMTLl1qPLtcc%2BZK7q76iY58cjOv7R%2Bzm44fPchNUzAgqwPSc4lcIjmq3piQiWfOJ5JSs3bYnhlS6K3xnOOIDb%2Bvb8swiwimBywd2WUleXM3awCq2wBPctudJkHxaVyE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
cf-ray: 86b217f829a2b7e4-AMS
alt-svc: h3=":443"; ma=86400
content-length: 2

GET
H3

200

17095 Show response
ab.pdtrcksus.com/v1/redirect/
Redirect Chain

https://www2-eu.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy%40hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876&sub6=www2-eu&tbrid64=BwYnFGYEgA0&...
https://t0327.redirectsecure.com/track?data=eyJsaW5rIjoiaHR0cHM6XC9cL2FiLnBkdHJja3N1cy5jb21cL3YxXC9yZWRpcmVjdFwvMTcwOTU%2FdXRtX3Rlcm09MzMwMjU1MTg2OTkwMTQyNzQ1MiZlbWFpbF9lbmNvZGVkPWRtRnVMbUZ6YzJOb1p...
https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t&clickid=TvSjA2YEgA4&subid=17095&utm_content=20240327_202238

7 KB
2 KB

557ms
222ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t&clickid=TvSjA2YEgA4&subid=17095&utm_content=20240327_202238
Requested by: Host: bi2.clicktocouple.online
URL: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.14
Resource Hash: 99db5b3e44b37fec92a9a13dfd3107490af00d001a9509ba60347db318c936c3

Request headers

Referer: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store
cf-cache-status: DYNAMIC
cf-ray: 86b217ffed1d4d54-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 27 Mar 2024 20:22:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CsER4NnpXVNFpzvYYZlQPbmUuDTV9an5Q7y0HbHy%2BGd5NvEvEmLKnLevBPJrGrrJujyyiXWprvognd9%2Bpj023QMDqR%2BzuOYs4yIczHmFmlJod0IgaasLKojQUfA3v2OzuuC"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/8.2.14

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-ray: 86b217fdaa158b43-AMS
content-length: 0
date: Wed, 27 Mar 2024 20:22:38 GMT
location: https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t&clickid=TvSjA2YEgA4&subid=17095&utm_content=20240327_202238
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UXXgIKrwMQtygv8hNRxNHXpkbBSIBsLlkU%2BZ8e%2B%2FHZ7%2FDCxlR2q8nIOryHVDM2S8qGuZq5W%2Fm0MPvwZV9oCXgDshpevzmoxUSIV4N9H0cqMUCNZKa7y%2BP9YDEuM28h3wDlkewI3eWTap9s%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2

200

Primary Request landing1 Show response
www.heutenochverabreden.com/
Redirect Chain

https://ab.pdtrcksus.com/v1/redirect/17095?utm_term=3302551869901427452&email_encoded=dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t&clickid=TvSjA2YEgA4&subid=17095&utm_content=20240327_202238
https://www2.datedive.online/fallback/cxkA/TvSjA2YEgA4
https://t0327.redirectsecure.com/track?data=eyJsaW5rIjoiaHR0cHM6XC9cL3BoYXJkaW5nc2Jvb2R1bGVzLmNvbVwvZGEyNjYxMjgtMTY2Yy00Y2UxLWFkNzQtNmJjMjEwY2M1MjFiP3ZhcjE9MzMwMjU1MTg2OTkwMTQyNzQ1MiZ2YXIyPWRhMjY2M...
https://phardingsboodules.com/da266128-166c-4ce1-ad74-6bc210cc521b?var1=3302551869901427452&var2=da266128_2&email=van.assche.davy@hotmail.com&scr=tb&clickid=ZiWrtmYEgBA
https://phardingsboodules.com/da266128-166c-4ce1-ad74-6bc210cc521b/2?var1=3302551869901427452&var2=da266128_2&email=van.assche.davy@hotmail.com&scr=tb&clickid=ZiWrtmYEgBA
https://padsthai.com/?a=10444&c=84195&s1=da266128_2&s2=wl9epn7m8ohr8s5037vj6o30
https://padsthai.com/?a=10444&c=84195&s1=da266128_2&s2=wl9epn7m8ohr8s5037vj6o30&ch-redir=1&ckmxid=co28048d0001ff3h8qvg
https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=

19 KB
5 KB

204ms
162ms

Document
text/html

34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 / PHP/7.2.34
Resource Hash: 72a2331e34b160c0b94624043ec36aad887c2ac4e31a62d096ae19207a899ad5

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ab.pdtrcksus.com
Referer: https://ab.pdtrcksus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: max-age=300
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 27 Mar 2024 20:22:41 GMT
server: nginx/1.14.2
vary: Accept-Encoding
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
x-cache: MISS
x-cacheable: YES
x-host: heutenochverabreden.com
x-powered-by: PHP/7.2.34
x-varnish: 108800175
xkey: lander

Redirect headers

Cache-Control: private
Connection: close
Content-Length: 249
Content-Type: text/html; charset=utf-8
Date: Wed, 27 Mar 2024 20:22:41 GMT
Location: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 landing001.css
www.heutenochverabreden.com/landers/css/ 19 KB
3 KB 280ms
278ms Stylesheet
text/css 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/css/landing001.css
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 / PHP/7.2.34
Resource Hash: 70c625efd4be3f6f73901bb902563c709ef67aa4b57aebe308637f6a942daa34

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:41 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
x-cacheable: YES
xkey: lander
age: 0
x-powered-by: PHP/7.2.34
x-cache: MISS
x-host: heutenochverabreden.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
server: nginx/1.14.2
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
x-varnish: 164456064
cache-control: max-age=300
accept-ranges: bytes

GET
H2 200 pornhub.css
www.heutenochverabreden.com/landers/css/theme/ 15 KB
2 KB 51ms
50ms Stylesheet
text/css 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/css/theme/pornhub.css
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 / PHP/7.2.34
Resource Hash: 918d4d0a5f5b7ffa92c314d003aaacdb7163d35c696093f201c5e2246585de9f

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 19:57:12 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
x-cacheable: YES
xkey: lander
age: 0
x-powered-by: PHP/7.2.34
x-cache: HIT
x-host: heutenochverabreden.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
server: nginx/1.14.2
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
x-varnish: 164323857 164614848
cache-control: max-age=300
accept-ranges: bytes

GET
H2 200 fontawesome-all.min.css
www.heutenochverabreden.com/landers/css/ 50 KB
11 KB 54ms
52ms Stylesheet
text/css 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/css/fontawesome-all.min.css
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 5986f251d278ae72106ef1d7302798a2e14f69a4d35b80087b9e61905a15e75e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 19:57:58 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
x-cacheable: YES
xkey: lander
age: 0
x-cache: HIT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Thu, 29 Feb 2024 10:40:37 GMT
server: nginx/1.14.2
etag: W/"65e05f25-c970"
vary: Accept-Encoding
content-type: text/css
x-varnish: 289111 618691
cache-control: max-age=300
accept-ranges: bytes

GET
H2 200 ad-provider.js Show response
www.heutenochverabreden.com/landers/js/ 1019 B
643 B 53ms
52ms Script
application/javascript 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/js/ad-provider.js
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 38b34bce7e5ad8268f51a16a6633c17923130b2fac9eeb6ceaca6beb50990681

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:00:56 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
x-cacheable: YES
xkey: lander
age: 0
x-cache: HIT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 512
last-modified: Thu, 29 Feb 2024 10:40:50 GMT
server: nginx/1.14.2
etag: "65e05f32-3fb-gzip"
vary: Accept-Encoding
content-type: application/javascript
x-varnish: 521180 89650
cache-control: max-age=300
accept-ranges: bytes

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
926 B 46ms
21ms Script
text/javascript 142.250.185.164

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s

Requested by

Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.164 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

b28737160c8a71677acfdc37262393dea522b89307c52f83aa69a7a972265b32

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 27 Mar 2024 20:22:41 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
886 B 19ms
19ms Script
text/javascript 142.250.185.164

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js

Requested by

Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.164 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

ac38b85fc07d640017b9e82d569b7602ef678ca625e6f7e6b43b78a0e7ac729a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 27 Mar 2024 20:22:41 GMT

GET
H2 200 logo.png
www.heutenochverabreden.com/img/ 24 KB
24 KB 15ms
14ms Image
image/png 34.102.151.155

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heutenochverabreden.com/img/logo.png
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: Apache/2.4.58 (Ubuntu) /
Resource Hash: 3bb46c7a65a64f2a70357e6bf105658631b9ab2fd4b4a9f402791e93eebb3a2b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:41 GMT
via: 1.1 google
last-modified: Wed, 27 Mar 2024 09:48:17 GMT
server: Apache/2.4.58 (Ubuntu)
etag: "6046-614a14e5be3e9"
vary: X-Forwarded-Proto
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24646
x-ua-compatible: IE=edge,chrome=1

GET
H2 200 google-logo.svg
www.heutenochverabreden.com/landers/images/general/ 688 B
814 B 51ms
51ms Image
image/svg+xml 34.102.151.155

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heutenochverabreden.com/landers/images/general/google-logo.svg
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 0cf576a5dab9315daac7ffe29d29ed585e0ff9850e59408d0f25f38dc1da037b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:14:57 GMT
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
last-modified: Thu, 29 Feb 2024 10:40:37 GMT
server: nginx/1.14.2
xkey: lander
x-cacheable: YES
age: 0
etag: "65e05f25-2b0"
x-cache: HIT
content-type: image/svg+xml
x-varnish: 108393315 108392287
cache-control: max-age=300
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 688

GET
H3 200 loading.gif
www.heutenochverabreden.com/landers/images/loader/ 3 KB
3 KB 38ms
38ms Image
image/gif 34.102.151.155

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heutenochverabreden.com/landers/images/loader/loading.gif
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 06f91f1bc360e7c486515b416a564445652e40585f94f2d089239b981d6421f6

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:18:54 GMT
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
last-modified: Thu, 29 Feb 2024 10:40:38 GMT
server: nginx/1.14.2
xkey: lander
x-cacheable: YES
age: 0
etag: "65e05f26-b4c"
x-cache: HIT
content-type: image/gif
x-varnish: 164930063 164832628
cache-control: max-age=300
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2892

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 2 KB
1 KB 38ms
14ms Script
application/javascript 34.96.102.137

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=795793&u=https%3A%2F%2Fwww.heutenochverabreden.com%2Flanding1%3Fcat%3Dmature%26pi%3D10444%26pt1%3D112729470%26pe%3Dda266128_2%26email_encoded%3D%26pt2%3D&vn=2
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 -, , ASN (),
Reverse DNS
Software: gfra1 /
Resource Hash: 2633c072d006a9989c82d9be67bbad57250f832792c2777f7b777db471740397

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:40 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 vendor.js Show response
www.heutenochverabreden.com/landers/js/ 121 KB
43 KB 31ms
31ms Script
application/javascript 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/js/vendor.js
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 5d99c8a533c03a57b7dc050ca30d10a2e2f6109b08c571441ae79a6c7ef6610b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:14:57 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
x-cacheable: YES
xkey: lander
age: 0
x-cache: HIT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Thu, 29 Feb 2024 10:40:50 GMT
server: nginx/1.14.2
etag: W/"65e05f32-1e2ae"
vary: Accept-Encoding
content-type: application/javascript
x-varnish: 521181 288391
cache-control: max-age=300
accept-ranges: bytes

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/ 502 KB
201 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:802::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
Origin: https://www.heutenochverabreden.com
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 18:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7338
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204859
x-xss-protection: 0
last-modified: Mon, 25 Mar 2024 04:00:24 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Mar 2025 18:20:23 GMT

GET
H2 200 cc.js Show response
sammledenkonsens.com/ 118 KB
14 KB 95ms
41ms Script
application/javascript 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://sammledenkonsens.com/cc.js?wId=4tsZscPN1uhuThHXBbv19&domain=heutenochverabreden.com&languageCode=de&languageTerritory=DE&sessionId=6a34fcabc8634e028cd4f684a9e2c3c8

Requested by

Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

ad3c6c449204fbdacd6d07a3e0a5e01db3a90a0bfc2c7cc224e5fe848fdedb47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000;
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
content-type: application/javascript
content-length: 14220

GET
H3 200 landing001.js Show response
www.heutenochverabreden.com/landers/js/ 62 KB
16 KB 35ms
35ms Script
application/javascript 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/js/landing001.js
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 8210a72be8a6e7343e05fb4da0ef0d0e8018326b4b6c5c98b6534f9daad40701

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:10 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
x-cacheable: YES
xkey: lander
age: 0
x-cache: HIT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Thu, 29 Feb 2024 10:40:50 GMT
server: nginx/1.14.2
etag: W/"65e05f32-f7d5"
vary: Accept-Encoding
content-type: application/javascript
x-varnish: 108800178 108516334
cache-control: max-age=300
accept-ranges: bytes

GET
H3 200 media-registry.js Show response
www.heutenochverabreden.com/landers/ 119 KB
8 KB 27ms
27ms Script
application/javascript 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/media-registry.js
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 90ab5a1a7b9eb3f62cc4532913822cbe51c194161504bb0f446b4d9e9e01cbfc

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 19:58:52 GMT
content-encoding: gzip
via: 1.1 google, 1.1 google
age: 1429
x-guploader-uploadid: ABPtcPrThF4yRizRSx4A_Tqatx98FlsKGo_qlmB3dgxWWDLBtYLZpnzfqkODlbqr87BXxIR1ZQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Thu, 29 Feb 2024 10:48:53 GMT
server: nginx/1.14.2
etag: "3994472d1f6daf4bd3ea4cd8faa055e7-gzip"
vary: Accept-Encoding
x-goog-generation: 1709203732976809
x-goog-hash: crc32c=CmdBVg==, md5=OZRHLR9tr0vT6kzY+qBV5w==
access-control-allow-origin: *
content-type: application/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 121639
accept-ranges: bytes

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame A171 0
0 55ms
30ms Document
text/html 142.250.185.164

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly93d3cuaGV1dGVub2NodmVyYWJyZWRlbi5jb206NDQz&hl=de&v=moV1mTgQ6S91nuTnmll4Y9yf&size=invisible&cb=ui7etq3y2vss

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.164 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--kp5ryETHpu-KBRCc_d57A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.heutenochverabreden.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: de-DE,de;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce--kp5ryETHpu-KBRCc_d57A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 27 Mar 2024 20:22:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 de-de2.json Show response
www.heutenochverabreden.com/landers/translations/ 226 KB
226 KB 35ms
35ms XHR
application/json 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/landers/translations/de-de2.json
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landers/js/vendor.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: bf152e5d1efbc9df8f1fe306d9f1b2a7d71ae776da90a60abbc0288b4040cb72

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:20:09 GMT
via: 1.1 google, 1.1 google
age: 152
x-guploader-uploadid: ABPtcPqNzxaohDExylKCyHksAi94zpOnxwQvwm0_950CND4XsWqIxJv2I93v5YRaKiDoSNli5rE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 231311
last-modified: Wed, 27 Mar 2024 20:15:15 GMT
server: nginx/1.14.2
etag: "0753ba9aff9d41b23bb7125e98388303"
x-goog-generation: 1711554895342373
x-goog-hash: crc32c=l2u02Q==, md5=B1O6mv+dQbI7txJemDiDAw==
access-control-allow-origin: *
content-type: application/json
cache-control: public,max-age=3600
x-goog-stored-content-length: 231311
accept-ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 205 KB
73 KB 44ms
18ms Script
application/javascript 2a00:1450:4001:82a::2008

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KBRH6NB

Requested by

Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landers/js/landing001.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

70934f9249b0c9b55c6fa8486d582b6f5a17aec2a8a394ca70635a559a820446

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 74168
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 27 Mar 2024 20:22:41 GMT

GET
H3 200 serie01_01.jpg
www.heutenochverabreden.com/landers/images/landing001/mature/default/ 36 KB
36 KB 40ms
40ms Image
image/jpeg 34.102.151.155

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.heutenochverabreden.com/landers/images/landing001/mature/default/serie01_01.jpg?geo=de
Requested by: Host: www.heutenochverabreden.com
URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: c736c67632334a34011cf239c768b46992da5625422d84f6ffb68dfef0c18b50

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:14:23 GMT
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
last-modified: Thu, 29 Feb 2024 10:40:37 GMT
server: nginx/1.14.2
xkey: lander
x-cacheable: YES
age: 0
etag: "65e05f25-90ff"
x-cache: HIT
content-type: image/jpeg
x-varnish: 164702530 164960639
cache-control: max-age=300
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37119

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 268 KB
93 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:82a::2008

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QXFHHE16V3&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KBRH6NB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5b68e5ab6d72078ff216ea436a7a3591d028f7a631800cab2b56f35ac8a1f2cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94768
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 27 Mar 2024 20:22:42 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
263 B 46ms
15ms Ping
text/plain 2001:4860:4802:34::36

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QXFHHE16V3&gtm=45je43p0v9106874940z89103010110za200&_p=1711570961916&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=549563880.1711570962&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1711570962&sct=1&seg=0&dl=https%3A%2F%2Fwww.heutenochverabreden.com%2Flanding1%3Fcat%3Dmature%26pi%3D10444%26pt1%3D112729470%26pe%3Dda266128_2%26email_encoded%3D%26pt2%3D&dr=https%3A%2F%2Fab.pdtrcksus.com%2F&dt=Heutenochverabreden.com&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2469
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QXFHHE16V3&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 27 Mar 2024 20:22:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.heutenochverabreden.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 collector
api.sammledenkonsens.com/consent/ Frame 0
0 98ms
37ms Preflight
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/collector

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heutenochverabreden.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.heutenochverabreden.com
content-length: 0
content-type: application/vnd.api+json
date: Wed, 27 Mar 2024 20:22:42 GMT
server: nginx/1.10.3 (Ubuntu)
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff

GET
H2 200 cc.css
sammledenkonsens.com/ 24 KB
4 KB 20ms
20ms Stylesheet
text/css 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://sammledenkonsens.com/cc.css

Requested by

Host: sammledenkonsens.com
URL: https://sammledenkonsens.com/cc.js?wId=4tsZscPN1uhuThHXBbv19&domain=heutenochverabreden.com&languageCode=de&languageTerritory=DE&sessionId=6a34fcabc8634e028cd4f684a9e2c3c8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

9ec88cf72960048a40791a943e5dee85f910c00e9a3732339888b075de11bc34

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000;
last-modified: Thu, 15 Oct 2020 08:07:25 GMT
server: nginx/1.10.3 (Ubuntu)
etag: "6073-5b1b123761e40-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3892

POST
H2 200 collector Show response
api.sammledenkonsens.com/consent/ 4 KB
4 KB 51ms
51ms XHR
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/collector

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

a5284199c5ce3483f943e3191a2735101b580b57c112d69c3daf93b99506fbdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Mar 2024 20:22:42 GMT
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
server: nginx/1.10.3 (Ubuntu)
content-type: application/vnd.api+json
access-control-allow-origin: https://www.heutenochverabreden.com
access-control-allow-credentials: true
content-length: 4373

GET
H3 404 favicon.ico
www.heutenochverabreden.com/favicon/ 289 B
303 B 13ms
13ms Other
text/html 34.102.151.155

General

Check archive.org

Show headers Download Go to

Full URL: https://www.heutenochverabreden.com/favicon/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.102.151.155 -, , ASN (),
Reverse DNS
Software: Apache/2.4.58 (Ubuntu) /
Resource Hash: 5d4112c4825092a3aa25786e5875214b52db4e72fee0b4a52c9068651fb56116

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2=
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 27 Mar 2024 20:22:42 GMT
via: 1.1 google
server: Apache/2.4.58 (Ubuntu)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 289
content-type: text/html; charset=iso-8859-1

POST
H2 200 loadSegment Show response
api.sammledenkonsens.com/consent/ 575 B
795 B 26ms
26ms XHR
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/loadSegment

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

def3382e3785c3f1447035a9ec735d1b2bf8972ce02501d0bc1248d2d8cb404b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Mar 2024 20:22:42 GMT
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
server: nginx/1.10.3 (Ubuntu)
content-type: application/vnd.api+json
access-control-allow-origin: https://www.heutenochverabreden.com
access-control-allow-credentials: true
content-length: 575

OPTIONS
H2 200 loadSegment
api.sammledenkonsens.com/consent/ Frame 0
0 22ms
22ms Preflight
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/loadSegment

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heutenochverabreden.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.heutenochverabreden.com
content-length: 0
content-type: application/vnd.api+json
date: Wed, 27 Mar 2024 20:22:42 GMT
server: nginx/1.10.3 (Ubuntu)
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff

OPTIONS
H2 200 loadSegment
api.sammledenkonsens.com/consent/ Frame 0
0 22ms
22ms Preflight
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/loadSegment

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heutenochverabreden.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.heutenochverabreden.com
content-length: 0
content-type: application/vnd.api+json
date: Wed, 27 Mar 2024 20:22:42 GMT
server: nginx/1.10.3 (Ubuntu)
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff

POST
H2 200 loadSegment Show response
api.sammledenkonsens.com/consent/ 385 B
605 B 27ms
27ms XHR
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/loadSegment

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

43ed309d146962a784443579b91eb7c878b4c0f213e299cc7f081f46d74dba53

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Mar 2024 20:22:42 GMT
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
server: nginx/1.10.3 (Ubuntu)
content-type: application/vnd.api+json
access-control-allow-origin: https://www.heutenochverabreden.com
access-control-allow-credentials: true
content-length: 385

OPTIONS
H2 200 confirmExplicit
api.sammledenkonsens.com/consent/ Frame 0
0 25ms
25ms Preflight
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/confirmExplicit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.heutenochverabreden.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://www.heutenochverabreden.com
content-length: 0
content-type: application/vnd.api+json
date: Wed, 27 Mar 2024 20:22:42 GMT
server: nginx/1.10.3 (Ubuntu)
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff

POST
H2 200 confirmExplicit Show response
api.sammledenkonsens.com/consent/ 0
218 B 39ms
39ms XHR
application/vnd.api+json 35.195.163.35

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sammledenkonsens.com/consent/confirmExplicit

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.195.163.35 -, , ASN (),

Reverse DNS

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.heutenochverabreden.com/
accept-language: de-DE,de;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Mar 2024 20:22:42 GMT
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
server: nginx/1.10.3 (Ubuntu)
content-type: application/vnd.api+json
access-control-allow-origin: https://www.heutenochverabreden.com
access-control-allow-credentials: true
content-length: 0

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ab.pdtrcksus.com/v1/redirect	1970-01-20 19:26:11	Name: _cid Value: 849c4293e48e6ce63c2080a83732350c
.metatrckpixel.com/	1970-01-21 05:02:10	Name: trbarid Value: 34103012704419854
www2-eu.clicktocouple.online/	1970-01-21 05:02:10	Name: trbarid Value: 15aa3fe9c9c89edf76ca350e0f19a14c7520ab2272d9049e0cbf8e8ba491fe1fa%3A2%3A%7Bi%3A0%3Bs%3A7%3A%22trbarid%22%3Bi%3A1%3Bs%3A17%3A%2234103012704419854%22%3B%7D
.clicktocouple.online/	1970-01-21 05:02:10	Name: tbar_uc1 Value: d02fea0643c6daa14939f0474375997b3590243acaf22618451f32b91b05a1baa%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22tbar_uc1%22%3Bi%3A1%3Bs%3A36%3A%22dmFuLmFzc2NoZS5kYXZ5QGhvdG1haWwuY29t%22%3B%7D
ab.pdtrcksus.com/	1970-01-20 19:26:14	Name: __cflb Value: 0pg1SGYzgvsSw31gZuT2Aq75DhwzdQJGdfW36oYP

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://bi2.clicktocouple.online/AgAA?prid=tc4273868628_823226764&usid=3503&email=van.assche.davy@hotmail.com&sub5=clicktocouple&uum=A1E75977-1711570957.5876 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
recommendation	verbose	URL: https://www.heutenochverabreden.com/landing1?cat=mature&pi=10444&pt1=112729470&pe=da266128_2&email_encoded=&pt2= Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://www.heutenochverabreden.com/favicon/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ab.pdtrcksus.com
ajax.googleapis.com
api.sammledenkonsens.com
bi2.clicktocouple.online
browser.sentry-cdn.com
dev.visualwebsiteoptimizer.com
js.sentry-cdn.com
metatrckpixel.com
padsthai.com
phardingsboodules.com
region1.google-analytics.com
reurab.click
sammledenkonsens.com
t0327.redirectsecure.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.heutenochverabreden.com
www2-eu.clicktocouple.online
www2.datedive.online
142.250.185.164
172.67.198.96
18.196.86.59
188.114.96.3
188.114.97.3
2001:4860:4802:34::36
2606:4700:3036::ac43:c660
2a00:1450:4001:802::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::200a
2a04:4e42:200::729
34.102.151.155
34.96.102.137
35.195.163.35
46.150.16.70
63.32.179.238
06f91f1bc360e7c486515b416a564445652e40585f94f2d089239b981d6421f6
0cf576a5dab9315daac7ffe29d29ed585e0ff9850e59408d0f25f38dc1da037b
2633c072d006a9989c82d9be67bbad57250f832792c2777f7b777db471740397
36fe98741a6dd789d4605c81b6eb69d459110444dd2ed2e3139a4cdf99429343
38b34bce7e5ad8268f51a16a6633c17923130b2fac9eeb6ceaca6beb50990681
3bb46c7a65a64f2a70357e6bf105658631b9ab2fd4b4a9f402791e93eebb3a2b
43ed309d146962a784443579b91eb7c878b4c0f213e299cc7f081f46d74dba53
53c2b2fca2b91b196f92afcfa5e08d31b26923f75927ebd94050deea6261df10
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56f971147c45eee57e6c99f09f4cd65f7a1a47a87b9be4814708de41decb0cd5
5986f251d278ae72106ef1d7302798a2e14f69a4d35b80087b9e61905a15e75e
5b68e5ab6d72078ff216ea436a7a3591d028f7a631800cab2b56f35ac8a1f2cc
5d4112c4825092a3aa25786e5875214b52db4e72fee0b4a52c9068651fb56116
5d99c8a533c03a57b7dc050ca30d10a2e2f6109b08c571441ae79a6c7ef6610b
667fb3374e9c1c677dd86bfee7541d0c7bf588ad9a482ee5974cf91e55b76d65
70934f9249b0c9b55c6fa8486d582b6f5a17aec2a8a394ca70635a559a820446
70c625efd4be3f6f73901bb902563c709ef67aa4b57aebe308637f6a942daa34
72a2331e34b160c0b94624043ec36aad887c2ac4e31a62d096ae19207a899ad5
8210a72be8a6e7343e05fb4da0ef0d0e8018326b4b6c5c98b6534f9daad40701
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8effef18a817c22d929eb3955cd32d2ffb4859b8d7035c8e2f4ade2bb41e77f6
90ab5a1a7b9eb3f62cc4532913822cbe51c194161504bb0f446b4d9e9e01cbfc
918d4d0a5f5b7ffa92c314d003aaacdb7163d35c696093f201c5e2246585de9f
99db5b3e44b37fec92a9a13dfd3107490af00d001a9509ba60347db318c936c3
9ec88cf72960048a40791a943e5dee85f910c00e9a3732339888b075de11bc34
a5284199c5ce3483f943e3191a2735101b580b57c112d69c3daf93b99506fbdb
aa4ddb0e0c3bda5d6e61d56a544a7ff9ea3691eaa5126187daa6ed1875ba93e7
ac38b85fc07d640017b9e82d569b7602ef678ca625e6f7e6b43b78a0e7ac729a
ad3c6c449204fbdacd6d07a3e0a5e01db3a90a0bfc2c7cc224e5fe848fdedb47
b28737160c8a71677acfdc37262393dea522b89307c52f83aa69a7a972265b32
bf152e5d1efbc9df8f1fe306d9f1b2a7d71ae776da90a60abbc0288b4040cb72
c2d6f363809b0b7f0a67ecf523387d5ff1f09d1d565e86e225c67125a66417bd
c736c67632334a34011cf239c768b46992da5625422d84f6ffb68dfef0c18b50
d3a1eefb9b9b935776f509eefb32295daeb3b76364e907f7fae7c68060e25cdb
def3382e3785c3f1447035a9ec735d1b2bf8972ce02501d0bc1248d2d8cb404b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

www.heutenochverabreden.com Open in urlscan Pro 34.102.151.155 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

45 Requests

100 %HTTPS

38 %IPv6

17 Domains

20 Subdomains

13 IPs

4 Countries

910 kBTransfer

2116 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.heutenochverabreden.com Open in urlscan Pro
34.102.151.155 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

100 %
HTTPS

38 %
IPv6

17
Domains

20
Subdomains

13
IPs

4
Countries

910 kB
Transfer

2116 kB
Size

5
Cookies

45 HTTP transactions
0 data transactions