remexclient.tk Open in urlscan Pro
178.18.243.41  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response remexclient.tk/	12 KB 5 KB	36ms 11ms	Document text/html	178.18.243.41 CONTABO
General Check archive.org Show headers Download Go to Full URL https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.18.243.41 , Germany, ASN51167 (CONTABO, DE), Reverse DNS mail.flawcra.cc Software Apache/2.4.38 (Debian) / Resource Hash 3e733a4f574c6a345d6443fda09773fba7c498b6f3793b2e5e08c4ae1e0dfaef Request headers Host remexclient.tk Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Mon, 11 Oct 2021 07:59:41 GMT Server Apache/2.4.38 (Debian) Vary Accept-Encoding Content-Encoding gzip Content-Length 4480 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	style.css remexclient.tk/	1 KB 906 B	22ms 22ms	Stylesheet text/css	178.18.243.41 CONTABO
General Check archive.org Show headers Download Go to Full URL https://remexclient.tk/style.css Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.18.243.41 , Germany, ASN51167 (CONTABO, DE), Reverse DNS mail.flawcra.cc Software Apache/2.4.38 (Debian) / Resource Hash 3ac719a78b8829b92825d46183f261bfd2df9dada2ce6b798ce5a2adc9b1c689 Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host remexclient.tk Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept text/css,*/*;q=0.1 Cache-Control no-cache Sec-Fetch-Dest style Referer https://remexclient.tk/ Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:59:41 GMT Content-Encoding gzip Last-Modified Mon, 16 Aug 2021 19:31:14 GMT Server Apache/2.4.38 (Debian) ETag "559-5c9b23e87c480-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 571
GET H/1.1	200 OK	isolated-monochrome-white.svg remexclient.tk/logos/vector/	13 KB 13 KB	37ms 13ms	Image image/svg+xml	178.18.243.41 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://remexclient.tk/logos/vector/isolated-monochrome-white.svg Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.18.243.41 , Germany, ASN51167 (CONTABO, DE), Reverse DNS mail.flawcra.cc Software Apache/2.4.38 (Debian) / Resource Hash 18a77fbe0514fc9cc7a6b6ea61ed01b6cff2a480ad9fefbe8b66cfeabe3d4b9e Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host remexclient.tk Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Cache-Control no-cache Sec-Fetch-Dest image Referer https://remexclient.tk/ Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:59:41 GMT Last-Modified Wed, 04 Aug 2021 19:20:12 GMT Server Apache/2.4.38 (Debian) ETag "3203-5c8c0b0f9f300" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 12803
GET H2	200	js.php Show response a.exdynsrv.com/	5 KB 2 KB	244ms 216ms	Script application/javascript	93.184.220.45 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://a.exdynsrv.com/js.php?t=17&idzone=4389860 Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.45 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software nginx / Resource Hash 25ab3390b99d4e76da155a7da1eecced84c30491622691f8886a15214c9ec92a Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT cache-control max-age=10800 content-type application/javascript server nginx content-encoding gzip expires Mon, 11 Oct 2021 10:58:42 GMT
GET H2	200	ad-provider.js Show response a.exdynsrv.com/	84 KB 23 KB	35ms 8ms	Script application/javascript	93.184.220.45 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://a.exdynsrv.com/ad-provider.js Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.45 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67C1) / Resource Hash 2e68298e283c3c9a93306b565c7b0c16100c4e3faced7cd1d649e2219aa09816 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT content-encoding gzip last-modified Mon, 11 Oct 2021 05:54:51 GMT server ECS (frb/67C1) age 7431 etag W/"da94fa894df5be1ff9e1abeab97" vary Accept-Encoding x-cache HIT content-type application/javascript cache-control max-age=10800 accept-ranges bytes content-length 23711 expires Mon, 11 Oct 2021 10:58:42 GMT
GET H/1.1	200 OK	splash.php Show response syndication.exdynsrv.com/	5 KB 2 KB	58ms 30ms	Script text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/splash.php?idzone=4389870 Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash 488de94dc4e810387a3199c0f9f2150d1457900d1a183b56dec0a9839350bd7c Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx Connection keep-alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	fp-interstitial.js Show response a.exdynsrv.com/	27 KB 8 KB	34ms 7ms	Script application/javascript	93.184.220.45 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://a.exdynsrv.com/fp-interstitial.js Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.45 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/673A) / Resource Hash 6e07ced04ec8de04f38c8473e74d59dcfe770aa518d6ace1f5381cf4ebca096e Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT content-encoding gzip last-modified Mon, 11 Oct 2021 04:59:24 GMT server ECS (frb/673A) age 10758 etag W/"27f9a62d046b7e8a0763154377d" vary Accept-Encoding x-cache HIT content-type application/javascript access-control-allow-origin * cache-control max-age=10800 access-control-allow-credentials true accept-ranges bytes content-length 7903 expires Mon, 11 Oct 2021 10:58:42 GMT
GET H/1.1	200 OK	pn.php Show response js.wpnsrv.com/	17 KB 6 KB	580ms 6ms	Script application/javascript	205.185.216.42 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://js.wpnsrv.com/pn.php Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.42 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software nginx / Resource Hash 86f36a03a35453b19239c955a72506aeb9a8df94758a248ad7dbb567184b75bd Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx etag W/"c90a53df18c68c7ac69adeb47e8" X-HW 1633939122.dop158.fr8.t,1633939122.cds263.fr8.shn,1633939122.cds263.fr8.c Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=10800 Connection Keep-Alive Accept-Ranges bytes Content-Length 6204
GET H2	200	video-slider.js Show response a.exdynsrv.com/	35 KB 9 KB	35ms 8ms	Script application/javascript	93.184.220.45 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://a.exdynsrv.com/video-slider.js Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.45 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67DF) / Resource Hash 54027a92a68deb2438218170df0f8733ca15dc7955fe69abd7c6214dd8adfa3a Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT content-encoding gzip last-modified Mon, 11 Oct 2021 04:59:25 GMT server ECS (frb/67DF) age 10757 etag W/"03b3a6212cb4fbe535baf9e5004" vary Accept-Encoding x-cache HIT content-type application/javascript cache-control max-age=10800 accept-ranges bytes content-length 9473 expires Mon, 11 Oct 2021 10:58:42 GMT
GET H2	200	video-outstream.js Show response a.exdynsrv.com/	43 KB 12 KB	34ms 7ms	Script application/javascript	93.184.220.45 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://a.exdynsrv.com/video-outstream.js Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.45 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6739) / Resource Hash 6a77728be85739196e797bf1032e7f86408ad9199382cdc1912164084668632e Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT content-encoding gzip last-modified Mon, 11 Oct 2021 07:25:27 GMT server ECS (frb/6739) age 1995 etag W/"22a60224c9aacea6c93b6075c4c" vary Accept-Encoding x-cache HIT content-type application/javascript cache-control max-age=10800 accept-ranges bytes content-length 11848 expires Mon, 11 Oct 2021 10:58:42 GMT
GET H2	200	styles.css flawcra.cc/img/core-img/logos/font/	457 B 904 B	178ms 145ms	Stylesheet text/css	104.21.25.110 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://flawcra.cc/img/core-img/logos/font/styles.css Requested by Host: remexclient.tk URL: https://remexclient.tk/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.25.110 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 91a8c07cfc926747ba36cebedd01009edc35878a6afd173f98a59f70fd69d0fc Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 last-modified Thu, 12 Aug 2021 07:49:22 GMT server cloudflare etag W/"1c9-5c957f9182480-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=2592000; includeSubDomains; preload report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tBYCWrG%2BpmiOOVmdqNp6V3Pdas4oz69sctucNR09Z45SBbAYx2oGw3N%2BbmFQX90C3%2F87peLEigKAbbVe5IepE6VX9BY%2FPG0D%2FOErjQw05%2B5wFwbgLw03M6Bn9UXR"}],"group":"cf-nel","max_age":604800} content-type text/css vary Accept-Encoding cache-control max-age=3600 cf-ray 69c68b7a8a07061c-FRA
GET H/1.1	200 OK	img1.jpg remexclient.tk/	163 KB 164 KB	12ms 11ms	Image image/jpeg	178.18.243.41 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://remexclient.tk/img1.jpg Requested by Host: remexclient.tk URL: https://remexclient.tk/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 178.18.243.41 , Germany, ASN51167 (CONTABO, DE), Reverse DNS mail.flawcra.cc Software Apache/2.4.38 (Debian) / Resource Hash 8d5303b0c5b3f7b4f5ecbf1ae2cc61b9d4cb90c5f2730dcd0e142c760786ad26 Request headers Pragma no-cache Sec-Fetch-Site same-origin Accept-Encoding gzip, deflate, br Host remexclient.tk Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Sec-Fetch-Mode no-cors Accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Cache-Control no-cache Sec-Fetch-Dest image Referer https://remexclient.tk/style.css Connection keep-alive Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:59:41 GMT Last-Modified Wed, 04 Aug 2021 18:49:08 GMT Server Apache/2.4.38 (Debian) ETag "28ce2-5c8c041df9100" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 167138
GET H2	200	/ cors.flawcra.cc/	11 KB 12 KB	128ms 93ms	Font font/woff2	172.67.134.16 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cors.flawcra.cc/?https%3A%2F%2Fflawcra.cc%2Fimg%2Fcore-img%2Flogos%2Ffont%2Ffarray-webfont.woff2 Requested by Host: flawcra.cc URL: https://flawcra.cc/img/core-img/logos/font/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.134.16 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5da7f52d48aedf0c79fd50bf4ac17a9173fcfbf57e449ccb0222e0b52166ce38 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://flawcra.cc/ Origin https://remexclient.tk Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cors-received-headers {"accept-ranges":"bytes","cache-control":"max-age=3600","cf-cache-status":"MISS","cf-ray":"69c68b7bc5be693d-FRA","connection":"keep-alive","content-length":"10800","content-type":"font/woff2","date":"Mon, 11 Oct 2021 07:58:42 GMT","etag":"\"2a30-5c8bd8d076700\"","expect-ct":"max-age=604800, report-uri=\"https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct\"","last-modified":"Wed, 04 Aug 2021 15:35:24 GMT","server":"cloudflare","strict-transport-security":"max-age=2592000; includeSubDomains; preload","vary":"Accept-Encoding","x-content-type-options":"nosniff"} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 10800 last-modified Wed, 04 Aug 2021 15:35:24 GMT server cloudflare etag "2a30-5c8bd8d076700" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=2592000; includeSubDomains; preload report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JI8njHa5Wz3LbAbN8O9JfrzU5lGole%2BFGsZOUY5q2FPevK8kln4J%2BON6UMLUTOqCvAbXzAwTkkthAaRit%2FVXFoDX2VOfoyKFNPWSHLlZwltn5EZBu06JAr51G0snAboK9vI%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 access-control-allow-origin https://remexclient.tk vary Accept-Encoding cache-control max-age=3600 accept-ranges bytes cf-ray 69c68b7ba85e693d-FRA access-control-expose-headers accept-ranges,cache-control,cf-cache-status,cf-ray,connection,content-length,content-type,date,etag,expect-ct,last-modified,server,strict-transport-security,vary,x-content-type-options,cors-received-headers
GET H/1.1	200 OK	Cookie set ads-iframe-display.php Show response syndication.exdynsrv.com/ Frame 3292	2 KB 2 KB	36ms 35ms	Document text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/ads-iframe-display.php?idzone=4389860&type=300x250&p=https%3A//remexclient.tk/&dt=1633939122498&sub=&tags=&screen_resolution=1600x1200&sticky=1&cookieconsent=true Requested by Host: a.exdynsrv.com URL: https://a.exdynsrv.com/js.php?t=17&idzone=4389860 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash 9d4641da4657809ce5f2b118b229482f8c6c9180cbec60318828baefb82fea98 Request headers Host syndication.exdynsrv.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://remexclient.tk/ Accept-Encoding gzip, deflate, br Cookie __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226163eeb24c8ad3.013852273281431074%22%3B%7D Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ Response headers Server nginx Date Mon, 11 Oct 2021 07:58:42 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Expires Mon, 26 Jul 1997 05:00:00 GMT Cache-Control no-cache, must-revalidate Pragma no-cache P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Set-Cookie __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226163eeb24c8ad3.013852273281431074%22%3B%7D; expires=Wed, 11 Oct 2023 07:58:42 GMT; path=; domain=.exdynsrv.com; Secure; SameSite=none impressions=x%9C%ABV216036%B7%D05%B1440450P%B2%8A6%D41436%B64%B6442%D2Q2411P%8A%AD%05%00%BFJ%08%FC; expires=Tue, 12 Oct 2021 07:58:42 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none Content-Encoding gzip
GET H/1.1	200 OK	close-icon-circle.png s3t3d2y7.ackcdn.net/images/	405 B 765 B	48ms 6ms	Image image/png	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Show image Full URL https://s3t3d2y7.ackcdn.net/images/close-icon-circle.png Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash 94f575abdb5c45476f9c2b62bbe06fbfacce9d25e95796ffcd07680bd7c6c0bb Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Last-Modified Mon, 05 Oct 2020 11:50:24 GMT ETag "1601898624" X-HW 1633939122.dop158.fr8.t,1633939122.cds155.fr8.shn,1633939122.cds155.fr8.c Content-Type image/png Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 405
GET H2	200	popunder1000.js Show response a.exdynsrv.com/	94 KB 39 KB	8ms 8ms	Script application/javascript	93.184.220.45 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://a.exdynsrv.com/popunder1000.js Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 93.184.220.45 London, United Kingdom, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/675D) / Resource Hash 569af0d58a2df0af2da77aaebaaf00b84c15334c5e9af0b77ba4c81a62db5d40 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT content-encoding gzip last-modified Mon, 11 Oct 2021 04:58:46 GMT server ECS (frb/675D) age 10796 etag W/"f744f0d2317398d07acc666b278" vary Accept-Encoding x-cache HIT content-type application/javascript cache-control max-age=10800 accept-ranges bytes content-length 40039 expires Mon, 11 Oct 2021 10:58:42 GMT
GET H/1.1	200 OK	10012456 Show response a.adtng.com/get/ Frame 6EE5	3 KB 2 KB	56ms 20ms	Document text/html	216.18.168.166 REFLECTED
General Check archive.org Show headers Download Go to Full URL https://a.adtng.com/get/10012456?time=1614803572912&apb=oodPNXHNRNHNNTHXK7bc7qaLbrbJXU222TS0yuldRLKqeqV1U0zqp3TupldK6V0rqaq7nT3S1UUSununqqoodK6V07p3SuldM6V0rpnOdK4m_.6tfu9wGjN65zpXSulddQ6V0rpXSulcH2A- Requested by Host: syndication.exdynsrv.com URL: https://syndication.exdynsrv.com/splash.php?idzone=4389870 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 216.18.168.166 , United States, ASN29789 (REFLECTED, US), Reverse DNS Software openresty / Resource Hash 6f7ce1517c91d2ee1914ea9167095f87e231911291a7b9cb66799ac5c6eeaa83 Request headers Host a.adtng.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer https://remexclient.tk/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ Response headers server openresty date Mon, 11 Oct 2021 07:58:42 GMT content-type text/html transfer-encoding chunked access-control-allow-credentials true access-control-allow-methods GET access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With set-cookie adtool_guid=Ch5KFmFj7rJdoCc1X524Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None; RNLBSERVERID=ded7040; path=/; HttpOnly; Secure; SameSite=None content-encoding gzip
GET H/1.1	200 OK	cimp.php Show response syndication.exdynsrv.com/	0 311 B	33ms 23ms	XHR text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/cimp.php?t=imp&data=H4sIAAAAAAAAAz2NXU7DQAyEr8IFGvl3f/rcXgCUA2y2G6goBZUK8jCHZxOp2H6Yscb+hIR3TDvmJ9K9p70JhMPAygOzDYFwOI5wwXwpv/VWhlqhnIMQokWThMxZKMA05RQJzgyTHDwaLKXIZIQ+AuptHvIqBiIWRiYcx2eML4e+SkHACFCiRZy6XtFgElg3tKwP5tLUhbycrFNS0NlyqdM0USUlVaykW/toS72c2/U+3N838MZc/8vDQjK5KmHHmxHvDm+f3/fz9RU/X1f07BbslfX/7NGMwi6NZvcUJg+lZoncopw8a6s6pz/RhZZeXQEAAA==&d=inst Requested by Host: syndication.exdynsrv.com URL: https://syndication.exdynsrv.com/splash.php?idzone=4389870 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin https://remexclient.tk Access-Control-Allow-Credentials true Connection keep-alive
GET H/1.1	200 OK	splash.php Show response syndication.exdynsrv.com/	1 KB 2 KB	58ms 25ms	XHR text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/splash.php?idzone=4389874&orientation=landscape&screen_resolution=1600x1200&p=https%3A%2F%2Fremexclient.tk%2F&cookieconsent=true Requested by Host: a.exdynsrv.com URL: https://a.exdynsrv.com/fp-interstitial.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash ce75092e6797819917d9bbacf65c3b5d7001d0e974a890bdf3c084bfe0d30d76 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin https://remexclient.tk Access-Control-Allow-Credentials true Connection keep-alive
POST H/1.1	200 OK	api.php Show response syndication.exdynsrv.com/v1/	1 KB 1 KB	77ms 49ms	XHR application/json	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/v1/api.php Requested by Host: a.exdynsrv.com URL: https://a.exdynsrv.com/ad-provider.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash 3e1978d4fccbfc85e2ff0b35dc7e406d6c70330f7cda7b77bf068033b787b206 Request headers Referer https://remexclient.tk/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Access-Control-Request-Method POST Server nginx Transfer-Encoding chunked Content-Type application/json Access-Control-Allow-Origin https://remexclient.tk Access-Control-Allow-Credentials true Connection keep-alive Content-Encoding gzip Access-Control-Allow-Headers Authorization, Content-Type
GET H/1.1	200 OK	79ee15ed7a39269a2b11f09df9eb20cd4f9c199c.jpg s3t3d2y7.ackcdn.net/library/581670/	183 KB 184 KB	10ms 9ms	Image image/jpeg	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Show image Full URL https://s3t3d2y7.ackcdn.net/library/581670/79ee15ed7a39269a2b11f09df9eb20cd4f9c199c.jpg Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash 302eb91e122e32f468c2d5aea00ee9f7b8267cec768bae2045781a56bd4a63bf Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Last-Modified Wed, 13 Jan 2021 10:54:51 GMT ETag "1610535291" X-HW 1633939122.dop158.fr8.t,1633939122.cds155.fr8.shn,1633939122.dop158.fr8.t,1633939122.cds109.fr8.c Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 187556
GET H/1.1	200 OK	28f31ac140eb48e949c6dcc4820ea81a75d991f9.jpg s3t3d2y7.ackcdn.net/library/622879/ Frame 3292	19 KB 19 KB	20ms 7ms	Image image/jpeg	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Show image Full URL https://s3t3d2y7.ackcdn.net/library/622879/28f31ac140eb48e949c6dcc4820ea81a75d991f9.jpg Requested by Host: syndication.exdynsrv.com URL: https://syndication.exdynsrv.com/ads-iframe-display.php?idzone=4389860&type=300x250&p=https%3A//remexclient.tk/&dt=1633939122498&sub=&tags=&screen_resolution=1600x1200&sticky=1&cookieconsent=true Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash a8c64123baefaca90f20eb2941c5a5fe1e781a022cdc67413df34c60fe1074d4 Request headers Accept-Language de-DE,de;q=0.9 Referer https://syndication.exdynsrv.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Last-Modified Mon, 08 Mar 2021 13:47:22 GMT ETag "1615211242" X-HW 1633939122.dop158.fr8.shc,1633939122.dop158.fr8.t,1633939122.cds125.fr8.c Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 19157
GET H/1.1	200 OK	cimp.php Show response syndication.exdynsrv.com/	0 250 B	39ms 14ms	XHR text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz2PXU7DMBCEr8IFEs3+2LH73F4AlAPYTgIVJUUlgjzs4bEjhPfBM+vZ/WQGU0foiJ4gJxdOysbkexLqibT3sPNlNCVbbumnPFJfinnmMEQbdFAOFikyvKmEGLw3B64aXoZgGgmkQ32EsaGWOh+b6AGyCLuMzza+nGsjeDaqKQF2dqi6gY3aumqwt/ElzeIYLk2qXHGyaEwl54wCgYg1zmP+mPdyu87r1m/vB/YgivMH4a9hHOFEYB0dhl119nb/2q7rq31/rlazR7CeKP9jrchItV0+0jIgJyTSKU8F0KKzc6xT/XpefgFxy+gdYAEAAA== Requested by Host: a.exdynsrv.com URL: https://a.exdynsrv.com/ad-provider.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx Connection keep-alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	1772d29f081ac57eab94f33a1e9eeb71c83cfa47.jpg s3t3d2y7.ackcdn.net/library/622879/	14 KB 15 KB	19ms 7ms	Image image/jpeg	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Show image Full URL https://s3t3d2y7.ackcdn.net/library/622879/1772d29f081ac57eab94f33a1e9eeb71c83cfa47.jpg Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash c90cf5edbf4d206a83a83f111451173e42e6c8d22b60244b15119529f398d7ba Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Last-Modified Mon, 08 Mar 2021 13:47:21 GMT ETag "1615211241" X-HW 1633939122.dop158.fr8.shc,1633939122.dop158.fr8.t,1633939122.cds216.fr8.c Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 14685
GET H2	200	vortex-simple-1.0.0.js Show response ht-cdn2.adtng.com/delivery/vortex/ Frame 6EE5	5 KB 5 KB	1033ms 6ms	Script application/javascript	66.254.122.23 REFLECTED
General Check archive.org Show headers Download Go to Full URL https://ht-cdn2.adtng.com/delivery/vortex/vortex-simple-1.0.0.js Requested by Host: a.adtng.com URL: https://a.adtng.com/get/10012456?time=1614803572912&apb=oodPNXHNRNHNNTHXK7bc7qaLbrbJXU222TS0yuldRLKqeqV1U0zqp3TupldK6V0rqaq7nT3S1UUSununqqoodK6V07p3SuldM6V0rpnOdK4m_.6tfu9wGjN65zpXSulddQ6V0rpXSulcH2A- Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 66.254.122.23 , United States, ASN29789 (REFLECTED, US), Reverse DNS Software / Resource Hash 6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c Request headers Accept-Language de-DE,de;q=0.9 Referer https://a.adtng.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:43 GMT last-modified Fri, 02 Nov 2018 14:17:11 GMT etag "246e3e2f0-13a3-579af30f2a7c0" vary Accept-Encoding content-type application/javascript cache-control max-age=10368815 x-cdn-diag fra1-11014-2-10011-h-0-0---;11037-6-55602----0-0-1 accept-ranges bytes content-length 5027 expires Wed, 26 May 2021 18:41:41 GMT
GET H2	200	945688_banner.png vz-cdn2.adtng.com/a7/creatives/39/1393/805208/945688/ Frame 6EE5	72 KB 72 KB	33ms 9ms	Image image/png	152.199.21.187 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://vz-cdn2.adtng.com/a7/creatives/39/1393/805208/945688/945688_banner.png Requested by Host: a.adtng.com URL: https://a.adtng.com/get/10012456?time=1614803572912&apb=oodPNXHNRNHNNTHXK7bc7qaLbrbJXU222TS0yuldRLKqeqV1U0zqp3TupldK6V0rqaq7nT3S1UUSununqqoodK6V07p3SuldM6V0rpnOdK4m_.6tfu9wGjN65zpXSulddQ6V0rpXSulcH2A- Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.21.187 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (frc/8E9F) / Resource Hash 5cfd0889bddf20b0426add84fb0e0f596ef7dd653d3d22c8f5b63238a80a2088 Request headers Accept-Language de-DE,de;q=0.9 Referer https://a.adtng.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Mon, 11 Oct 2021 07:58:42 GMT last-modified Tue, 26 May 2020 10:07:31 GMT server ECAcc (frc/8E9F) age 8651849 etag "296c3adc7-11fc9-5a68a43751ec0" x-cache HIT content-type image/png cache-control max-age=10398699 accept-ranges bytes content-length 73673 expires Tue, 08 Feb 2022 16:30:21 GMT
GET H/1.1	200 OK	splash.php Show response syndication.exdynsrv.com/	5 KB 4 KB	32ms 32ms	XHR text/xml	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/splash.php?idzone=4389878&cookieconsent=true Requested by Host: a.exdynsrv.com URL: https://a.exdynsrv.com/video-slider.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash 110532919a434bb3d9d28cf65439956ef70cca3b1c2be85c0cbdd89f7c9e3c89 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin https://remexclient.tk Cache-Control no-store Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/xml;charset=UTF-8
GET H/1.1	200 OK	splash.php Show response syndication.exdynsrv.com/	5 KB 4 KB	31ms 31ms	XHR text/xml	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://syndication.exdynsrv.com/splash.php?idzone=4389880&cookieconsent=true&tags=null Requested by Host: a.exdynsrv.com URL: https://a.exdynsrv.com/video-outstream.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash f23f88eaa9bc87c460d9a5be74380255c73e01e573fb9707cd4deff301a1db1e Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin https://remexclient.tk Cache-Control no-store Access-Control-Allow-Credentials true Connection keep-alive Content-Type text/xml;charset=UTF-8
GET H/1.1	206 Partial Content	f8b95b404941dc65271221bdc1a716b55f84a940.mp4 s3t3d2y7.ackcdn.net/library/581670/	5 MB 5 MB	8ms 8ms	Media video/mp4	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://s3t3d2y7.ackcdn.net/library/581670/f8b95b404941dc65271221bdc1a716b55f84a940.mp4 Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash ddae796ff0cc745bd5d99910020e03b99d19ad619787d711533701d06f93f8da Request headers Referer https://remexclient.tk/ Accept-Encoding identity;q=1, *;q=0 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Range bytes=0- Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Last-Modified Mon, 14 Dec 2020 12:50:21 GMT Access-Control-Allow-Origin * ETag "1607950221" X-HW 1633939122.dop158.fr8.shc,1633939122.dop158.fr8.t,1633939122.cds222.fr8.c Content-Type video/mp4 Content-Range bytes 0-5470250/5470251 Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 5470251
GET H/1.1	206 Partial Content	81e30ebaa8e1443a9384e39ee9f6c51004273c1f.mp4 s3t3d2y7.ackcdn.net/library/581670/	4 MB 4 MB	11ms 11ms	Media video/mp4	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://s3t3d2y7.ackcdn.net/library/581670/81e30ebaa8e1443a9384e39ee9f6c51004273c1f.mp4 Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash ca048d85e35c8b8ef2d68e2cecb1e765630e3a81fae0bf0ef2c2ddf2e9dcc027 Request headers Referer https://remexclient.tk/ Accept-Encoding identity;q=1, *;q=0 Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Range bytes=0- Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Last-Modified Mon, 14 Dec 2020 12:50:44 GMT Access-Control-Allow-Origin * ETag "1607950244" X-HW 1633939122.dop158.fr8.shc,1633939122.dop158.fr8.t,1633939122.cds207.fr8.c Content-Type video/mp4 Content-Range bytes 0-4550817/4550818 Cache-Control max-age=31536000 Connection Keep-Alive Accept-Ranges bytes Content-Length 4550818
GET H/1.1	200 OK	vregister.php syndication.exdynsrv.com/	0 289 B	24ms 23ms	Image text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Show image Full URL https://syndication.exdynsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=4389878&62bc642231b6987c75aec6f1f46b9275=tsVuZ8uHLjt48NvHjq4c_XXx66ctdlTlK8E.fLj23cefHdx49N3bhramslrpwzABR1wNxsSvWMPOZ9eWuqCtxd.aquViRzN2Ni5qljc01rgbYbtcprgqcpz6.OPbvw1wNz2MxwVPuU59.nfpy8a4G6oK3M_PHzy4dtcDeM0rmfTn48.O_jXA20xW49NThn148dcDbTEk7ED0ufTj448eXLXA3axTAxXBNLn07c.fjn04a4G5qs.nDXA2zTNdU5Tny1wNtuWwNOZ8NcDbTFNMDlOfDXA3BVPn069vOuqxnPhrtYjscz5buAO3rrnsZjgqfcpXpYrcz88Nc9jMcFT7lK7VlNLkrWGYKJ2tpiSdiB6VdqymlyVrDNE8DW5e0.xK84vXMvPYzHBU.5Tnw3eO3LW5e0.xK84vXMvK5XdNTFnx1sNr14TuZ8.Ot2amRivPXA3K5XdNTFnx1tTWS104LzUwPQSsR5gAo636651713ZqbmKW3G13Zqc9cDc9MzdjVa7TFbj01OGfHhy1z0wNQSvLyTNuR59Nb9dc9WfHXU1S45KvS5VNHZXBNLnrsqcpXgbz7ce3Nxxnl0a8MN893Djz8deXLvz5eOPTnx4d.muymNd9ip_N1hzn15cOrDfTpy8.O3N3p5YaZZZ4NcOfDnz1wST0uVVQTSr1VsV2VZ8NcEk9LlVUE0q8EtrEcDa9LjFU0ufLXS465S5SvVBW4u_NVXKxI5nS5I5e1HA5LXuri1sNsxzNRZ8NcDczrrlOfXlz6.NcDcbErcEry87DzmfHhy6.eGty9xqyuCaVeuCRzPhu4ctcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58vPDrz58Nc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.Xnl168.euVythqyCvBeema_BevCdzN.aquCV7XK5Ww1ZBXgvPTNfgu25U1TBPXBNLnbPLrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8tdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz889dtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw12VOUrtMTzwSvZ8NdlTlK7TE88Ery7tLlFjkrWGfDW5IxBGvBVPnw122WQN58e3Pn55.ePLlx68efPt16ce_bj25uOM8m.rbvLXXBI5VWxJPnx7c.fnn548uWtqaaKBxqaWpyWvPjA- Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:42 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin Access-Control-Allow-Credentials true Connection keep-alive
GET H/1.1	200 OK	vregister.php syndication.exdynsrv.com/	0 289 B	18ms 17ms	Image text/html	95.211.229.246 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Show image Full URL https://syndication.exdynsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=4389880&fda9221c65e6a0e4112c2193ecc2baeb=tsVuZ8uHLjt48NvHjq4c_XXx66ctdlTlK8E.fLj23cefHdx49N3bhramslrpwzABR1wNxsSvWMPOZ9eWuqCtxd.aquViRzN2Ni5qljc01rgbYbtcprgqcpz6.OPbvw1wNz2MxwVPuU59.nfpy8a4G6oK3M_PHzy4dtcDeM0rmfTn48.PHDXA20xW49NThn148dcDbTEk7ED0ufTj448eXLXA3axTAxXBNLn07c.fjn08a4G5qs.nDXA2zTNdU5Tny1wNtuWwNOZ8NcDbTFNMDlOfDXA3BVPn069vOuqxnPhrtYjscz5buAO3rrnsZjgqfcpXpYrcz88Nc9jMcFT7lK7VlNLkrWGYKJ2tpiSdiB6VdqymlyVrDNE8DW5e0.xK84vXMvPYzHBU.5Tnw3eO3LW5e0.xK84vXMvK5XdNTFnx1sNr14TuZ8..t2amRivPXA3K5XdNTFnx1tTWS104LzUwPQSsR5gAo636651713ZqbmKW3G13Zqc9cDc9MzdjVa7TFbj01OGfHhy1z0wNQSvLyTNuR59Nb9dc9WfHXU1S45KvS5VNHZXBNLnrsqcpXgbz7ce3Nxxnl0a8MN893Djz8deXLvz5eOPTnx4d.muymNd9ip_N1hzn15cOrDfTpy8.O3N3p5YaZZZ4NcOfDnz1wST0uVVQTSr1VsV2VZ8NcEk9LlVUE0q8EtrEcDa9LjFU0ufLXS465S5SvVBW4u_NVXKxI5nS5I5e1HA5LXuri1sNsxzNRZ8NcDczrrlOfXlz6.NcDcbErcEry87DzmfHhy6.eGty9xqyuCaVeuCRzPhu4ctcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58vPDrz58Nc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.Xnl168.euVythqyCvBeema_BevCdzN.aquCV7XK5Ww1ZBXgvPTNfgu25U1TBPXBNLnbPLrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8tdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz889dtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw12VOUrtMTzwSvZ8NdlTlK7TE88Ery7tLlFjkrWGfDW5IxBGvBVPnw122WQN58e3Pn55.ePLlx6.O_Hpy8.fPbj25uOM8m.zPfprrgkcqrYknz49ufPzz88eXLW1NNFA41NLU5LXnxg- Requested by Host: remexclient.tk URL: https://remexclient.tk/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://remexclient.tk/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Mon, 11 Oct 2021 07:58:43 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin Access-Control-Allow-Credentials true Connection keep-alive

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster number| ad_idzone string| ad_width string| ad_height string| v_pos string| h_pos undefined| eventMethod function| eventer string| messageEvent object| AdProvider string| ua number| pn_idzone number| pn_sleep_seconds number| pn_is_self_hosted number| pn_soft_ask string| pn_filename object| ExoLoader function| instantiateViewability function| ExoAdsRefresh function| f488 function| Q888 function| n800 function| s488 function| F7ss function| x233 function| M5GG function| C7ss string| e94dfadd0 function| t0xx object| exoJsPop101 number| ad_frequency_period number| ad_frequency_count number| ad_trigger_method boolean| ad_popup_force boolean| ad_popup_fallback boolean| ad_chrome_enabled boolean| ad_new_tab boolean| ad_t_venor boolean| ad_cookieconsent string| ad_sub string| ad_sub2 string| ad_sub3 string| ad_cat string| ad_trigger_class string| ad_tags string| ad_el boolean| pn_run_immediate function| ExoOutstreamSliderCommon function| ExoSlider object| ExoVideoSlider object| adConfig function| ExoOutstream

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.exdynsrv.com/	1970-01-20 15:23:31	Name: __uvt Value: a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226163eeb24c8ad3.013852273281431074%22%3B%7D
			.exdynsrv.com/	1970-01-19 21:53:45	Name: impressions Value: x%9C%ABV216036%B7%D05%B1440450P%B2%8A6%D41436%B64%B6442%D2Q2411P%8A%AD%05%00%BFJ%08%FC
			a.adtng.com/	1970-01-25 20:05:16	Name: adtool_guid Value: Ch5KFmFj7rJdoCc1X524Ag==
			a.adtng.com/	1969-12-31 23:59:59	Name: RNLBSERVERID Value: ded7040
			remexclient.tk/	1970-01-19 22:57:07	Name: pn-zone-4389876 Value: 1637827122832
			.exdynsrv.com/	1970-01-19 21:53:45	Name: c-tag Value: %7B%22tag-iframe-link%22%3A%22v3%7C%7CDEU%7C4389874%7C46846978%7C102590%7C1600x900%7C511%7C52%7C2%7C40%7C0%7C0%7C0%7C4569%7C2905330%7C2925533%7C0%7C0%7C2%7C2%7C0%7C0%7C1%7C0%7C0%7C1%7C6163eeb24c8ad3.013852273281431074%7Cfae35205ad4429863f49acbbb0c03033%7C0%7Cremexclient.tk%7C1600x1200%7C%7C0%7C0%7C0%7C93%7C0%7C0%7C0%7C0%7C0%7Cok%22%2C%22tag-video%22%3A%22v3%7C%7CDEU%7C4389880%7C46338348%7C102590%7C%7C511%7C52%7C2%7C40%7C0%7C0%7C0%7C4569%7C2905330%7C2925533%7C0%7C0%7C2%7C2%7C0%7C0%7C1%7C0%7C0%7C1%7C6163eeb24c8ad3.013852273281431074%7C%7C0%7Cremexclient.tk%7C%7C%7C0%7C0%7C0%7C93%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://remexclient.tk/ Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.adtng.com
a.exdynsrv.com
cors.flawcra.cc
flawcra.cc
ht-cdn2.adtng.com
js.wpnsrv.com
remexclient.tk
s3t3d2y7.ackcdn.net
syndication.exdynsrv.com
vz-cdn2.adtng.com
104.21.25.110
152.199.21.187
172.67.134.16
178.18.243.41
205.185.216.10
205.185.216.42
216.18.168.166
66.254.122.23
93.184.220.45
95.211.229.246
110532919a434bb3d9d28cf65439956ef70cca3b1c2be85c0cbdd89f7c9e3c89
18a77fbe0514fc9cc7a6b6ea61ed01b6cff2a480ad9fefbe8b66cfeabe3d4b9e
25ab3390b99d4e76da155a7da1eecced84c30491622691f8886a15214c9ec92a
2e68298e283c3c9a93306b565c7b0c16100c4e3faced7cd1d649e2219aa09816
302eb91e122e32f468c2d5aea00ee9f7b8267cec768bae2045781a56bd4a63bf
3ac719a78b8829b92825d46183f261bfd2df9dada2ce6b798ce5a2adc9b1c689
3e1978d4fccbfc85e2ff0b35dc7e406d6c70330f7cda7b77bf068033b787b206
3e733a4f574c6a345d6443fda09773fba7c498b6f3793b2e5e08c4ae1e0dfaef
488de94dc4e810387a3199c0f9f2150d1457900d1a183b56dec0a9839350bd7c
54027a92a68deb2438218170df0f8733ca15dc7955fe69abd7c6214dd8adfa3a
569af0d58a2df0af2da77aaebaaf00b84c15334c5e9af0b77ba4c81a62db5d40
5cfd0889bddf20b0426add84fb0e0f596ef7dd653d3d22c8f5b63238a80a2088
5da7f52d48aedf0c79fd50bf4ac17a9173fcfbf57e449ccb0222e0b52166ce38
6a77728be85739196e797bf1032e7f86408ad9199382cdc1912164084668632e
6e07ced04ec8de04f38c8473e74d59dcfe770aa518d6ace1f5381cf4ebca096e
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
6f7ce1517c91d2ee1914ea9167095f87e231911291a7b9cb66799ac5c6eeaa83
86f36a03a35453b19239c955a72506aeb9a8df94758a248ad7dbb567184b75bd
8d5303b0c5b3f7b4f5ecbf1ae2cc61b9d4cb90c5f2730dcd0e142c760786ad26
91a8c07cfc926747ba36cebedd01009edc35878a6afd173f98a59f70fd69d0fc
94f575abdb5c45476f9c2b62bbe06fbfacce9d25e95796ffcd07680bd7c6c0bb
9d4641da4657809ce5f2b118b229482f8c6c9180cbec60318828baefb82fea98
a8c64123baefaca90f20eb2941c5a5fe1e781a022cdc67413df34c60fe1074d4
c90cf5edbf4d206a83a83f111451173e42e6c8d22b60244b15119529f398d7ba
ca048d85e35c8b8ef2d68e2cecb1e765630e3a81fae0bf0ef2c2ddf2e9dcc027
ce75092e6797819917d9bbacf65c3b5d7001d0e974a890bdf3c084bfe0d30d76
ddae796ff0cc745bd5d99910020e03b99d19ad619787d711533701d06f93f8da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f23f88eaa9bc87c460d9a5be74380255c73e01e573fb9707cd4deff301a1db1e