dd8e-201-130-58-86.ngrok.io Open in urlscan Pro
2600:1f16:d83:1202::6e:2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dd8e-201-130-58-86.ngrok.io/
Effective URL:
http://dd8e-201-130-58-86.ngrok.io/id=1.php
Submission: On November 13 via manual (November 13th 2021, 3:05:50 am UTC) from MX — Scanned from DE

Summary HTTP 91 Redirects Behaviour Indicators

Summary

This website contacted 37 IPs in 8 countries across 32 domains to perform 91 HTTP transactions. The main IP is 2600:1f16:d83:1202::6e:2, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is dd8e-201-130-58-86.ngrok.io.

This is the only time dd8e-201-130-58-86.ngrok.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1 9	2600:1f16:d83... 2600:1f16:d83:1202::6e:2	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2 4	3.129.250.65 3.129.250.65	16509 (AMAZON-02) (AMAZON-02)
1	51.89.64.207 51.89.64.207	16276 (OVH) (OVH)
2	2606:4700:303... 2606:4700:3037::ac43:bb46	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c1b::9b	15169 (GOOGLE) (GOOGLE)
1 2	2600:9000:211... 2600:9000:211e:1200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1 1	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
1 3	167.114.209.61 167.114.209.61	16276 (OVH) (OVH)
4	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2 4	13.32.99.23 13.32.99.23	16509 (AMAZON-02) (AMAZON-02)
1	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1	67.202.114.216 67.202.114.216	32748 (STEADFAST) (STEADFAST)
2 2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
4	3.68.1.119 3.68.1.119	16509 (AMAZON-02) (AMAZON-02)
6 6	18.157.198.157 18.157.198.157	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	15169 (GOOGLE) (GOOGLE)
1 1	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	51.89.99.150 51.89.99.150	16276 (OVH) (OVH)
4	146.20.128.142 146.20.128.142	27357 (RACKSPACE) (RACKSPACE)
8 12	146.20.132.60 146.20.132.60	27357 (RACKSPACE) (RACKSPACE)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	47.252.78.131 47.252.78.131	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co.)
2 2	8.2.110.134 8.2.110.134	46636 (NATCOWEB) (NATCOWEB)
2	63.34.198.233 63.34.198.233	16509 (AMAZON-02) (AMAZON-02)
2 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 2	104.18.28.199 104.18.28.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	146.20.132.136 146.20.132.136	27357 (RACKSPACE) (RACKSPACE)
7	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
1	141.94.109.48 141.94.109.48	16276 (OVH) (OVH)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
2 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	208.100.17.181 208.100.17.181	32748 (STEADFAST) (STEADFAST)
2	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
91	37

9 2600:1f16:d83:1202::6e:2 (Columbus, United States) 1 redirects

ASN16509 (AMAZON-02, US)

dd8e-201-130-58-86.ngrok.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.129.250.65 (Columbus, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-250-65.us-east-2.compute.amazonaws.com

ads.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.64.207 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ns3168032.ip-51-89-64.eu

static.addevweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::ac43:bb46 (United States)

ASN13335 (CLOUDFLARENET, US)

hosting.miarroba.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c1b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:211e:1200:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:f916:5049:f87f:108e (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 167.114.209.61 (Montreal, Canada) 1 redirects

ASN16276 (OVH, FR)
PTR: ns515688.ip-167-114-209.net

t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

ad.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.32.99.23 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-23.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.114.216 (United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.68.1.119 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-68-1-119.eu-central-1.compute.amazonaws.com

a.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.157.198.157 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-198-157.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.99.150 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ns3163893.ip-51-89-99.eu

static.sunmedia.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.sunmedia.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.20.128.142 (United States)

ASN27357 (RACKSPACE, US)

v.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 146.20.132.60 (United States) 8 redirects

ASN27357 (RACKSPACE, US)

cs.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 47.252.78.131 (United States)

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN)

event.clientgear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.2.110.134 (United States) 2 redirects

ASN46636 (NATCOWEB, US)

cs.krushmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.34.198.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-198-233.eu-west-1.compute.amazonaws.com

c.deployads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.28.199 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 146.20.132.136 (United States)

ASN27357 (RACKSPACE, US)

t.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.94.109.48 (France)

ASN16276 (OVH, FR)
PTR: ns31438425.ip-141-94-109.eu

services.sunmedia.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pandg.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.181 (United States)

ASN32748 (STEADFAST, US)
PTR: ip181.208-100-17.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	lkqd.net 8 redirects ad.lkqd.net v.lkqd.net cs.lkqd.net t.lkqd.net	82 KB
10	tynt.com 1 redirects cdn.tynt.com ic.tynt.com de.tynt.com	9 KB
9	ngrok.io 1 redirects dd8e-201-130-58-86.ngrok.io	489 KB
8	vidoomy.com 2 redirects ads.vidoomy.com a.vidoomy.com	12 KB
8	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	182 KB
6	bidswitch.net 6 redirects x.bidswitch.net	4 KB
4	scorecardresearch.com 2 redirects sb.scorecardresearch.com	2 KB
4	google.com adservice.google.com www.google.com	2 KB
4	doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net	6 KB
3	sunmedia.tv static.sunmedia.tv services.sunmedia.tv track.sunmedia.tv	3 KB
3	dtscout.com 1 redirects t.dtscout.com	3 KB
3	google.de adservice.google.de www.google.de	907 B
3	quantserve.com 1 redirects secure.quantserve.com pixel.quantserve.com	11 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	adsrvr.org 2 redirects match.adsrvr.org	1 KB
2	tapad.com pandg.tapad.com pixel.tapad.com	1 KB
2	turn.com 2 redirects ad.turn.com	818 B
2	deployads.com c.deployads.com	569 B
2	krushmedia.com 2 redirects cs.krushmedia.com	1 KB
2	clientgear.com event.clientgear.com	266 B
2	rlcdn.com idsync.rlcdn.com	108 B
2	admedo.com 2 redirects pool.admedo.com	718 B
2	sitescout.com 2 redirects pixel-sync.sitescout.com	526 B
2	quantcount.com 1 redirects rules.quantcount.com	855 B
2	miarroba.info hosting.miarroba.info	2 KB
1	pghub.io pghub.io	4 KB
1	mathtag.com 1 redirects sync.mathtag.com	700 B
1	amung.us whos.amung.us	210 B
1	stickyadstv.com ads.stickyadstv.com	597 B
1	googleadservices.com partner.googleadservices.com	509 B
1	googletagmanager.com www.googletagmanager.com	49 KB
1	addevweb.com static.addevweb.com	98 KB
91	32

	Domain	Requested by
12	cs.lkqd.net	8 redirects ad.lkqd.net
9	dd8e-201-130-58-86.ngrok.io	1 redirects dd8e-201-130-58-86.ngrok.io
8	t.lkqd.net	ad.lkqd.net
7	ic.tynt.com	dd8e-201-130-58-86.ngrok.io
6	x.bidswitch.net	6 redirects
6	pagead2.googlesyndication.com	dd8e-201-130-58-86.ngrok.io pagead2.googlesyndication.com tpc.googlesyndication.com
4	v.lkqd.net	ad.lkqd.net
4	a.vidoomy.com	dd8e-201-130-58-86.ngrok.io
4	sb.scorecardresearch.com	2 redirects dd8e-201-130-58-86.ngrok.io
4	ad.lkqd.net	dd8e-201-130-58-86.ngrok.io ad.lkqd.net
4	ads.vidoomy.com	2 redirects dd8e-201-130-58-86.ngrok.io
3	t.dtscout.com	1 redirects dd8e-201-130-58-86.ngrok.io t.dtscout.com
3	www.google.com	dd8e-201-130-58-86.ngrok.io tpc.googlesyndication.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	match.adsrvr.org	2 redirects
2	cdn.tynt.com	1 redirects dd8e-201-130-58-86.ngrok.io
2	ad.turn.com	2 redirects
2	c.deployads.com	ad.lkqd.net
2	cs.krushmedia.com	2 redirects
2	event.clientgear.com	ad.lkqd.net
2	idsync.rlcdn.com	ad.lkqd.net
2	pool.admedo.com	2 redirects
2	pixel-sync.sitescout.com	2 redirects
2	pixel.quantserve.com	1 redirects dd8e-201-130-58-86.ngrok.io
2	www.google.de	dd8e-201-130-58-86.ngrok.io
2	rules.quantcount.com	1 redirects dd8e-201-130-58-86.ngrok.io
2	stats.g.doubleclick.net	www.google-analytics.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	hosting.miarroba.info	dd8e-201-130-58-86.ngrok.io
1	de.tynt.com	cdn.tynt.com
1	pixel.tapad.com	pandg.tapad.com
1	pandg.tapad.com	pghub.io
1	track.sunmedia.tv	dd8e-201-130-58-86.ngrok.io
1	pghub.io	dd8e-201-130-58-86.ngrok.io
1	services.sunmedia.tv	static.addevweb.com
1	static.sunmedia.tv	static.addevweb.com
1	sync.mathtag.com	1 redirects
1	whos.amung.us	dd8e-201-130-58-86.ngrok.io
1	ads.stickyadstv.com	dd8e-201-130-58-86.ngrok.io
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	secure.quantserve.com	www.googletagmanager.com
1	www.googletagmanager.com	dd8e-201-130-58-86.ngrok.io
1	static.addevweb.com	dd8e-201-130-58-86.ngrok.io
91	46

This site contains no links.

Subject Issuer	Validity	Valid
smlogin.addevweb.com R3	`2021-09-26` - `2021-12-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-15` - `2022-06-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
ad.lkqd.net R3	`2021-09-28` - `2021-12-27`	3 months	crt.sh
ads.stickyadstv.com DigiCert SHA2 Secure Server CA	`2021-09-19` - `2022-09-20`	a year	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-06` - `2022-09-05`	a year	crt.sh
*.sunmedia.tv Sectigo ECC Domain Validation Secure Server CA	`2021-01-13` - `2022-02-13`	a year	crt.sh
*.lkqd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-09` - `2022-07-14`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2021-02-09` - `2022-02-16`	a year	crt.sh
*.tapad.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-13` - `2022-10-14`	a year	crt.sh
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-28` - `2022-11-27`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh

This page contains 15 frames:

Primary Page: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Frame ID: D840D4AEC26C3DBFEBDCD950A74C70A3
Requests: 55 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211109/r20190131/zrt_lookup.html
Frame ID: 046F0AEA94A7AC76AFD19AF99CE75C7D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1636772744&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&ea=0&flash=0&pra=5&wgl=1&dt=1636772744752&bpp=3&bdt=104&idt=103&shv=r20211109&mjsv=m202111080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4297084682972&frm=20&pv=2&ga_vid=1132065179.1636772745&ga_sid=1636772745&ga_hid=821255228&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=78383451486731&pem=475&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=119
Frame ID: 087CFC9754DE7F70069661BCEB8B3053
Requests: 1 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/formats.js?pid=430&sid=642145
Frame ID: 2FBCAB444C64EAEEF2B0ACED2E5B22D3
Requests: 3 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/formats.js
Frame ID: FB3462530C7281E1DB49D7856FE47FBC
Requests: 3 HTTP requests in this frame

Frame: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Frame ID: F06E6129377A1D5B90A52AE448193073
Requests: 1 HTTP requests in this frame

Frame: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Frame ID: 18B90DBC1D7156555DF473A2BC0959EA
Requests: 1 HTTP requests in this frame

Frame: http://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php
Frame ID: 7611E7279E25ABD9150E494659B1C180
Requests: 1 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: 6BA1A99EAE6D4C52ED3669049DBD0F73
Requests: 6 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: 3F6A6456F73622A9600E661E22A6FB75
Requests: 6 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: BE26F869301A44EB172677C688A95CD5
Requests: 2 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: 9C62441515E5288D664D596F7FEB6A4C
Requests: 2 HTTP requests in this frame

Frame: https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Hobbies%20and%20Interests%22%7D
Frame ID: 661D998DE8B4040F03ABFAB2F3BDC626
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: B95AF6A0A4D405EE4C4ADC2335EFEBD5
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 61322542FBA61DDD6F62676A2338B54B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Facebook Videos

Page URL History Show full URLs

http://dd8e-201-130-58-86.ngrok.io/ HTTP 302
http://dd8e-201-130-58-86.ngrok.io/id=1.php Page URL

Page Statistics

91
Requests

60 %
HTTPS

36 %
IPv6

32
Domains

46
Subdomains

37
IPs

8
Countries

972 kB
Transfer

1791 kB
Size

39
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dd8e-201-130-58-86.ngrok.io/ HTTP 302
http://dd8e-201-130-58-86.ngrok.io/id=1.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://ads.vidoomy.com/miarrobamobile.js HTTP 301
https://ads.vidoomy.com/miarrobamobile.js

Request Chain 9

http://ads.vidoomy.com/miarrodesktop.js HTTP 301
https://ads.vidoomy.com/miarrodesktop.js

Request Chain 25

http://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js HTTP 301
https://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js

Request Chain 30

http://pixel.quantserve.com/pixel;r=634311040;source=gtm;rf=0;a=p-d5x2uDVHd7ALE;url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php;uht=2;fpan=1;fpa=P0-2012285910-1636772744942;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=dd8e-201-130-58-86.ngrok.io;je=0;sr=1600x1200x24;dst=0;et=1636772744941;tzo=0;ogl=title.BANCO%20AZTECA%20%2Curl.https%3A%2F%2Fwww%252Efacebook%252Ecom%2Fwatch%3Fv%3Da-31Ie2dFC4%2Cdescription.Grupo%20Financiero%2Cimage. HTTP 301
https://pixel.quantserve.com/pixel;r=634311040;source=gtm;rf=0;a=p-d5x2uDVHd7ALE;url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php;uht=2;fpan=1;fpa=P0-2012285910-1636772744942;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=dd8e-201-130-58-86.ngrok.io;je=0;sr=1600x1200x24;dst=0;et=1636772744941;tzo=0;ogl=title.BANCO%20AZTECA%20%2Curl.https%3A%2F%2Fwww%252Efacebook%252Ecom%2Fwatch%3Fv%3Da-31Ie2dFC4%2Cdescription.Grupo%20Financiero%2Cimage.

Request Chain 31

http://t.dtscout.com/i/?l=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&j= HTTP 301
https://t.dtscout.com/i/?l=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&j=

Request Chain 34

https://sb.scorecardresearch.com/p?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=22662&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=22662&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745

Request Chain 37

https://sb.scorecardresearch.com/p?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=829483&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=829483&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745

Request Chain 39

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

Request Chain 40

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=113642298.972361121261136667.92493585 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=113642298.972361121261136667.92493585 HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=vidoomy&bsw_custom_parameter=b93652aa-318a-40a2-b2b5-59b531634405 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=vidoomy&bsw_custom_parameter=b93652aa-318a-40a2-b2b5-59b531634405 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=64025264-d212-42ff-8730-bc199a8c2080&user_group=1&ssp=vidoomy&bsw_param=b93652aa-318a-40a2-b2b5-59b531634405 HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405

Request Chain 41

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

Request Chain 42

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=120039255.104930071646115895.835074 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=120039255.104930071646115895.835074 HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dvidoomy%26bsw_param%3Db93652aa-318a-40a2-b2b5-59b531634405&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=3fb8618f-2b89-4100-96b0-5415bbbb09b2&expires=30&ssp=vidoomy&bsw_param=b93652aa-318a-40a2-b2b5-59b531634405&gdpr=&gdpr_consent= HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405

Request Chain 49

https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if HTTP 302
https://idsync.rlcdn.com/464986.gif?partner_uid=44xULN4A4QA

Request Chain 50

https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if HTTP 302
https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=jpkllO6E4ZQ

Request Chain 51

https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if HTTP 302
https://cs.krushmedia.com/cd607442bfdf172cfcec45014a5f4ece.gif?puid=Wy99e1NK6eY&redir=https://cs.lkqd.net/cs?partnerId%3D102%26partnerUserId%3D%5BUID%5D HTTP 302
https://cs.lkqd.net/cs?partnerId=102&partnerUserId=5be39322-6798-436f-83f5-26aa374e9084

Request Chain 52

https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if HTTP 302
https://c.deployads.com/cs/NXST?b=tPoErnu5yLE

Request Chain 53

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8881593932377023337

Request Chain 54

https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if HTTP 302
https://idsync.rlcdn.com/464986.gif?partner_uid=JVK7rW7n8cI

Request Chain 55

https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if HTTP 302
https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=u-BwxigROXg

Request Chain 56

https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if HTTP 302
https://cs.krushmedia.com/cd607442bfdf172cfcec45014a5f4ece.gif?puid=JL6E0NMMhno&redir=https://cs.lkqd.net/cs?partnerId%3D102%26partnerUserId%3D%5BUID%5D HTTP 302
https://cs.lkqd.net/cs?partnerId=102&partnerUserId=1fdbf03c-53f0-4121-ba76-bbf5f9884404

Request Chain 57

https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if HTTP 302
https://c.deployads.com/cs/NXST?b=g2fjZocfMZE

Request Chain 58

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8953651526414951273

Request Chain 59

http://cdn.tynt.com/tc.js HTTP 301
https://cdn.tynt.com/tc.js

Request Chain 76

https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5&gdpr=&gdpr_consent=${gdpr_consent} HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5&gdpr=&gdpr_consent=${gdpr_consent} HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5863447a-0889-4384-9b06-bee784c17703&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5

91 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request id=1.php Show response
dd8e-201-130-58-86.ngrok.io/
Redirect Chain

http://dd8e-201-130-58-86.ngrok.io/
http://dd8e-201-130-58-86.ngrok.io/id=1.php

8 KB
9 KB

188ms
184ms

Document
text/html

2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: / PHP/8.0.6
Resource Hash: 3748470d18e0405d039993862e915493a0979b248f5520b1c7031f1f6077c8b6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Content-Type: text/html; charset=UTF-8
Date: Sat, 13 Nov 2021 03:05:42 GMT
Host: dd8e-201-130-58-86.ngrok.io
X-Powered-By: PHP/8.0.6
Transfer-Encoding: chunked

Redirect headers

Content-Type: text/html; charset=UTF-8
Date: Sat, 13 Nov 2021 03:05:41 GMT
Host: dd8e-201-130-58-86.ngrok.io
Location: id=1.php
X-Powered-By: PHP/8.0.6
Transfer-Encoding: chunked

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
51 KB 33ms
30ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php

Protocol

HTTP/1.1

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac5d44cc5f0ac328923c0bf191e04322715df347578fac482ed4a292706c5183

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sat, 13 Nov 2021 03:05:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 1516322938222958266
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 51353
X-XSS-Protection: 0
Expires: Sat, 13 Nov 2021 03:05:44 GMT

GET
H/1.1 200
OK saved_resource Show response
dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/ 26 B
137 B 296ms
296ms Script
text/plain 2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/saved_resource
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 763a0e3336df5f9b277f862f2e7788af94dda642b8041b378c52e78bef8a9455

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Host: dd8e-201-130-58-86.ngrok.io
Date: Sat, 13 Nov 2021 03:05:42 GMT
Content-Length: 26

GET
H/1.1 200
OK tSOgnJdhTc3.css
dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/ 30 KB
30 KB 431ms
431ms Stylesheet
text/css 2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/tSOgnJdhTc3.css
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1be72a6fd3de0461f912fe5e59edbb445c57f182c9cdbe96052741384ccefc17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:42 GMT
Host: dd8e-201-130-58-86.ngrok.io
Content-Length: 30209
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK 9an7U6cZys0.css
dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/ 68 KB
68 KB 499ms
495ms Stylesheet
text/css 2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/9an7U6cZys0.css
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 54013fe95d54f0a9fc356042fbdb28f350cd92fa8e879f26510377d8f5f483fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:42 GMT
Host: dd8e-201-130-58-86.ngrok.io
Content-Length: 69148
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK fEZ5x2OZgwl.js.descarga Show response
dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/ 248 KB
248 KB 499ms
496ms Script
text/plain 2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/fEZ5x2OZgwl.js.descarga
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 56b3a78bf4df13e8416cb28e5f1bfa7749c6f27cf7d87cfec5a445eb8d1dbc6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:42 GMT
Host: dd8e-201-130-58-86.ngrok.io
Content-Length: 253803
Content-Type: text/plain; charset=utf-8

GET
H/1.1 200
OK style.css
dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/ 1 KB
1 KB 430ms
427ms Stylesheet
text/css 2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/style.css
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5d4826a14a28a6307d820e9040c85cf37bddd2d46ab6a8e4136aea713edb403f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:42 GMT
Host: dd8e-201-130-58-86.ngrok.io
Content-Length: 1333
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK logo.png
dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/ 127 KB
127 KB 770ms
768ms Image
image/png 2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/logo.png
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 479cb91730eef777856825b3a30f19536770ed45c7120117de44e56b7db826c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:42 GMT
Host: dd8e-201-130-58-86.ngrok.io
Content-Length: 129841
Content-Type: image/png

GET
H/1.1 200
OK small.js.descarga Show response
dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/ 7 KB
7 KB 512ms
509ms Script
text/plain 2600:1f16:d83:1202::6e:2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/small.js.descarga
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2600:1f16:d83:1202::6e:2 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 9f81a2afebdf1ec72e08319d558c018615dfbc323b4faa9b5f72e125cbbd462a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Host: dd8e-201-130-58-86.ngrok.io
Date: Sat, 13 Nov 2021 03:05:42 GMT
Content-Length: 6688

GET
H/1.1

200
OK

miarrobamobile.js Show response
ads.vidoomy.com/
Redirect Chain

http://ads.vidoomy.com/miarrobamobile.js
https://ads.vidoomy.com/miarrobamobile.js

5 KB
5 KB

320ms
114ms

Script
application/javascript

3.129.250.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.vidoomy.com/miarrobamobile.js
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 3.129.250.65 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-250-65.us-east-2.compute.amazonaws.com
Software: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33 / PHP/7.0.33
Resource Hash: 028f2864d5bf68255eb4b7d2ba2cf9f674b4bae9cce65604b28c581f32ada432

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=300
Content-Length: 4759

Redirect headers

Location: https://ads.vidoomy.com/miarrobamobile.js
Date: Sat, 13 Nov 2021 03:05:44 GMT
Server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
Connection: Keep-Alive
Keep-Alive: timeout=2, max=300
Content-Length: 249
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

miarrodesktop.js Show response
ads.vidoomy.com/
Redirect Chain

http://ads.vidoomy.com/miarrodesktop.js
https://ads.vidoomy.com/miarrodesktop.js

5 KB
5 KB

320ms
115ms

Script
application/javascript

3.129.250.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.vidoomy.com/miarrodesktop.js
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 3.129.250.65 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-250-65.us-east-2.compute.amazonaws.com
Software: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33 / PHP/7.0.33
Resource Hash: 49f96016d53006fde5cef41f510b51c441e0030244a7de93b211cf4f05420bc5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=300
Content-Length: 4725

Redirect headers

Location: https://ads.vidoomy.com/miarrodesktop.js
Date: Sat, 13 Nov 2021 03:05:44 GMT
Server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
Connection: Keep-Alive
Keep-Alive: timeout=2, max=300
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 fd629041-9e6f-47d6-8dfb-cf82237caa89.js Show response
static.addevweb.com/integrations/fd629041-9e6f-47d6-8dfb-cf82237caa89/ 301 KB
98 KB 83ms
8ms Script
application/javascript 51.89.64.207
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.addevweb.com/integrations/fd629041-9e6f-47d6-8dfb-cf82237caa89/fd629041-9e6f-47d6-8dfb-cf82237caa89.js
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.89.64.207 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns3168032.ip-51-89-64.eu
Software: nginx /
Resource Hash: 8d1f297d16bdd27e7ea7ae615dfe153dd9b0e41c82d313622be1ad1229faacd4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: gzip
tp-cache: HIT
last-modified: Thu, 11 Nov 2021 13:33:08 GMT
server: nginx
age: 101869
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
cache-control: max-age=0, s-maxage=2592001
access-control-allow-credentials: true
content-length: 100010
accept-ranges: bytes
x-device: desktop

GET
H2 200 / Show response
hosting.miarroba.info/ 1 KB
1 KB 205ms
169ms Script
application/javascript 2606:4700:3037::ac43:bb46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hosting.miarroba.info/?__muid=bcc913ad2ec479f674e0863deb99003bd05e3fb5&h=1843811&t=1544238649&k=a89c6d319d54deb0b99f8e8229b73c95
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:bb46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64013c3c9500ddb72213ace8c4fe6478736c310eefb5def88562d9a55af8d544

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: no-cache
last-modified: Sat, 13 Nov 2021 03:05:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FI5gqBVkkKGi1npSy8XitXzGY1KDRhxteyT1xalhGg8Aw%2FfKGDp0mEypp61sxaehNOo2349G7yOHYRG4TjKjClrNvWdtjFIo6Ix14TH8qzxyC%2FpD6VkIVlQS8FKClCN0Uwx4PnQOW2F20Vk2y%2BXV%2FE9ID74%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=iso-8859-1
cache-control: no-cache
cf-ray: 6ad4c7b6a8544e80-FRA
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 133 KB
49 KB 43ms
21ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59

Requested by

Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2b2a982779765782d3491b049505b2a12a913d04f2e8283143a194874493904e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: clear
content-length: 50095
x-xss-protection: 0
expires: Sat, 13 Nov 2021 03:05:44 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/ 267 KB
96 KB 50ms
28ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7294310421616689&plah=dd8e-201-130-58-86.ngrok.io

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2d3e62be49a950029e24adea571c09bb20f4e208df3ba0e6f18ee613446f466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 98309
x-xss-protection: 0
server: cafe
etag: 13474340241825499027
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 13 Nov 2021 03:05:44 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211109/r20190131/ Frame 046F 11 KB
5 KB 31ms
7ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211109/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 12 Nov 2021 08:20:20 GMT
expires: Fri, 26 Nov 2021 08:20:20 GMT
content-type: text/html; charset=UTF-8
etag: 16478831307880631077
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4883
x-xss-protection: 0
age: 67524
cache-control: public, max-age=1209600
alt-svc: clear

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3878
date: Sat, 13 Nov 2021 02:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 20006
expires: Sat, 13 Nov 2021 04:01:06 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 54ms
9ms Script
application/javascript 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: gzip
etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sat, 20 Nov 2021 03:05:44 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
215 B 14ms
14ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=821255228&t=pageview&_s=1&dl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&ul=en-us&de=UTF-8&dt=Facebook%20Videos&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABCAAAAC~&jid=802750689&gjid=1485044623&cid=1132065179.1636772745&tid=UA-597118-7&_gid=1844371552.1636772745&_r=1&gtm=2wgba1T2VG59&z=1829345270

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://dd8e-201-130-58-86.ngrok.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
67 B 14ms
14ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=821255228&t=pageview&_s=1&dl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&ul=en-us&de=UTF-8&dt=Facebook%20Videos&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAAABCAAAAC~&jid=291033467&gjid=1115019710&cid=1132065179.1636772745&tid=UA-597118-1&_gid=1844371552.1636772745&_r=1&gtm=2wgba1T2VG59&z=1955480815

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://dd8e-201-130-58-86.ngrok.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 198 B
509 B 39ms
17ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=dd8e-201-130-58-86.ngrok.io&callback=_gfp_s_&client=ca-pub-7294310421616689

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-7294310421616689&plah=dd8e-201-130-58-86.ngrok.io

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

f6c8bc10697488ead553b5bfa811a3a75d01acf3b3c52e0659449bf11aeb9feb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: clear
content-length: 189
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
424 B 39ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=dd8e-201-130-58-86.ngrok.io

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
424 B 38ms
16ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=dd8e-201-130-58-86.ngrok.io

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Nov 2021 03:05:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 087C 603 B
221 B 27ms
27ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1636772744&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&ea=0&flash=0&pra=5&wgl=1&dt=1636772744752&bpp=3&bdt=104&idt=103&shv=r20211109&mjsv=m202111080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4297084682972&frm=20&pv=2&ga_vid=1132065179.1636772745&ga_sid=1636772745&ga_hid=821255228&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=78383451486731&pem=475&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=119

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 13 Nov 2021 03:05:44 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: clear

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
325 B 53ms
17ms XHR
text/plain 2a00:1450:400c:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-597118-7&cid=1132065179.1636772745&jid=802750689&gjid=1485044623&_gid=1844371552.1636772745&_u=YEBAAAAACAAAAC~&z=539033775

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://dd8e-201-130-58-86.ngrok.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 13 Nov 2021 03:05:44 GMT
content-type: text/plain
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 52ms
17ms XHR
text/plain 2a00:1450:400c:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-597118-1&cid=1132065179.1636772745&jid=291033467&gjid=1115019710&_gid=1844371552.1636772745&_u=YEDAAAABCAAAAC~&z=1753222007

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://dd8e-201-130-58-86.ngrok.io/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 13 Nov 2021 03:05:44 GMT
content-type: text/plain
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rules-p-d5x2uDVHd7ALE.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js
https://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js

3 B
428 B

29ms
8ms

Script
application/javascript

2600:9000:211e:1200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Server: 2600:9000:211e:1200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 05:15:51 GMT
via: 1.1 3acba66e95e31977aee0842f44a6f08e.cloudfront.net (CloudFront)
age: 78709
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:57:48 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
x-amz-cf-id: d_e-eGurvF8Yb0xspphU-UmWvqbePbuO_nnPNkVM7paoA_cAMG2RHg==

Redirect headers

Date: Sat, 13 Nov 2021 03:05:44 GMT
Via: 1.1 fd3cce3e0bafd8b312277d0ad9f4762f.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA56-C2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: ypzOY9mabPbAHv-93ofrS4gqILk-WvapL-KuqR0GPKZEjPXqVvepng==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 43ms
19ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-597118-7&cid=1132065179.1636772745&jid=802750689&_u=YEBAAAAACAAAAC~&z=203403753

Requested by

Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 45ms
22ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-597118-7&cid=1132065179.1636772745&jid=802750689&_u=YEBAAAAACAAAAC~&z=203403753

Requested by

Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
376 B 40ms
17ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-597118-1&cid=1132065179.1636772745&jid=291033467&_u=YEDAAAABCAAAAC~&z=688230664

Requested by

Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
376 B 43ms
20ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-597118-1&cid=1132065179.1636772745&jid=291033467&_u=YEDAAAABCAAAAC~&z=688230664

Requested by

Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel;r=634311040;source=gtm;rf=0;a=p-d5x2uDVHd7ALE;url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php;uht=2;fpan=1;fpa=P0-2012285910-1636772744942;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-202111102...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=634311040;source=gtm;rf=0;a=p-d5x2uDVHd7ALE;url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php;uht=2;fpan=1;fpa=P0-2012285910-1636772744942;pbc=;ns=0;ce=1...
https://pixel.quantserve.com/pixel;r=634311040;source=gtm;rf=0;a=p-d5x2uDVHd7ALE;url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php;uht=2;fpan=1;fpa=P0-2012285910-1636772744942;pbc=;ns=0;ce=...

35 B
371 B

12ms
11ms

Image
image/gif

2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=634311040;source=gtm;rf=0;a=p-d5x2uDVHd7ALE;url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php;uht=2;fpan=1;fpa=P0-2012285910-1636772744942;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=dd8e-201-130-58-86.ngrok.io;je=0;sr=1600x1200x24;dst=0;et=1636772744941;tzo=0;ogl=title.BANCO%20AZTECA%20%2Curl.https%3A%2F%2Fwww%252Efacebook%252Ecom%2Fwatch%3Fv%3Da-31Ie2dFC4%2Cdescription.Grupo%20Financiero%2Cimage.

Requested by

Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php

Protocol

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:45 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=634311040;source=gtm;rf=0;a=p-d5x2uDVHd7ALE;url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php;uht=2;fpan=1;fpa=P0-2012285910-1636772744942;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=dd8e-201-130-58-86.ngrok.io;je=0;sr=1600x1200x24;dst=0;et=1636772744941;tzo=0;ogl=title.BANCO%20AZTECA%20%2Curl.https%3A%2F%2Fwww%252Efacebook%252Ecom%2Fwatch%3Fv%3Da-31Ie2dFC4%2Cdescription.Grupo%20Financiero%2Cimage.
Date: Sat, 13 Nov 2021 03:05:44 GMT
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 0
Expires: Sun, 14 Nov 2021 03:05:44 GMT

GET
H/1.1

200
OK

/ Show response
t.dtscout.com/i/
Redirect Chain

http://t.dtscout.com/i/?l=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&j=
https://t.dtscout.com/i/?l=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&j=

2 KB
3 KB

293ms
100ms

Script
application/javascript

167.114.209.61
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/i/?l=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&j=
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns515688.ip-167-114-209.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:46 GMT
X-T: 0.673
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Connection: close
X-S: mtl1
Expires: Sat, 13 Nov 2021 03:05:45 GMT

Redirect headers

Location: https://t.dtscout.com/i/?l=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&j=
Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Content-Length: 194
Content-Type: text/html

GET
DATA 200
OK truncated
/ 439 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 formats.js Show response
ad.lkqd.net/vpaid/ Frame 2FBC 118 KB
35 KB 43ms
11ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/formats.js?pid=430&sid=642145
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: gzip
last-modified: Fri, 11 Dec 2020 00:09:23 GMT
etag: "286704660baa2c113268f28385080796"
x-hw: 1636772745.cds109.fr8.hn,1636772745.cds289.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 35765

GET
H2

200

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=22662&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&...
https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=22662&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va...

64 B
330 B

11ms
10ms

Image
image/gif

13.32.99.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=22662&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Server: 13.32.99.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-23.fra60.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: iLC2W_cJHtujw617mx3Y4zSQ9wh7vokMfICWcxYydxrYP-2WYvJPKw==

Redirect headers

date: Sat, 13 Nov 2021 03:05:45 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=22662&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745
content-length: 280
x-amz-cf-id: D-LRYg27TU29YVfItmsUCVlMN-ySyeZ4euKhvpz_pW6AUdETzHzUZg==

GET
H/1.1 200
OK auto-user-sync
ads.stickyadstv.com/ 43 B
597 B 95ms
36ms Image
image/gif 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/auto-user-sync
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1636772745384038-597
Expires: Sat, 13 Nov 2021 03:05:45 GMT

GET
H2 200 formats.js Show response
ad.lkqd.net/vpaid/ Frame FB34 118 KB
35 KB 33ms
16ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/formats.js
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: gzip
last-modified: Fri, 11 Dec 2020 00:09:23 GMT
etag: "286704660baa2c113268f28385080796"
x-hw: 1636772745.cds109.fr8.hn,1636772745.cds289.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 35765

GET
H2

200

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=829483&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va...
https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=829483&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=v...

64 B
330 B

10ms
10ms

Image
image/gif

13.32.99.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=829483&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Server: 13.32.99.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-23.fra60.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: INKBPJsyJIVdsUpbZnsKfxamab-zSMz1-FM8ej9b0a1zPS2Myk5iLQ==

Redirect headers

date: Sat, 13 Nov 2021 03:05:45 GMT
via: 1.1 0c792defeeaa18965559ad74895ea56b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=829483&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1636772745
content-length: 281
x-amz-cf-id: iQ7AW0Cdj0dN1CFoZvJB2O_XP1AdK8275eJtC9eWszb4nkUywEAXvg==

GET
H/1.1 200
OK / Show response
whos.amung.us/pingjs/ 26 B
210 B 210ms
198ms Script
text/javascript 67.202.114.216
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: http://whos.amung.us/pingjs/?k=elfinai&t=Facebook%20Videos&c=s&y=&a=-1&d=1.59&v=22&r=4826
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/Facebook%20Videos_files/small.js.descarga
Protocol: HTTP/1.1
Server: 67.202.114.216 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: amung.us
Software: /
Resource Hash: 3a83eb40bc1313a75576e92f83d8ff183345246cbcaaee2417c39eaa19f74455

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: gzip
transfer-encoding: chunked
content-type: text/javascript;charset=UTF-8

GET
H2

200

cookie Show response
a.vidoomy.com/api/rtbserver/ Frame F06E
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

43 B
289 B

63ms
8ms

Document
image/gif

3.68.1.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.68.1.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-68-1-119.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-type: image/gif
content-length: 43
content-encoding: none
vary: Origin

Redirect headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
content-length: 0
date: Sat, 13 Nov 2021 03:05:45 GMT
server: AC1.1

GET
H2

200

cookie
a.vidoomy.com/api/rtbserver/
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=113642298.972361121261136667.92493585
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=113642298.972361121261136667.92493585
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=vidoomy&bsw_custom_parameter=b93652aa-318a-40a2-b2b5-59b531634405
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=vidoomy&bsw_custom_parameter=b93652aa-318a-40a2-b2b5-59b531634405
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=64025264-d212-42ff-8730-bc199a8c2080&user_group=1&ssp=vidoomy&bsw_param=b93652aa-318a-40a2-b2b5-59b531634405
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405

43 B
369 B

8ms
7ms

Image
image/gif

3.68.1.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Server: 3.68.1.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-68-1-119.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
content-encoding: none
content-length: 43
vary: Origin
content-type: image/gif

Redirect headers

Location: //a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405
Date: Sat, 13 Nov 2021 03:05:46 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

cookie Show response
a.vidoomy.com/api/rtbserver/ Frame 18B9
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

43 B
290 B

63ms
7ms

Document
image/gif

3.68.1.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.68.1.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-68-1-119.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-type: image/gif
content-length: 43
content-encoding: none
vary: Origin

Redirect headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
content-length: 0
date: Sat, 13 Nov 2021 03:05:45 GMT
server: AC1.1

GET
H2

200

cookie
a.vidoomy.com/api/rtbserver/
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=120039255.104930071646115895.835074
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=120039255.104930071646115895.835074
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dvidoomy%26bsw_param%3Db93652aa-318a-40a2-b2b5-59b53163440...
https://x.bidswitch.net/sync?dsp_id=80&user_id=3fb8618f-2b89-4100-96b0-5415bbbb09b2&expires=30&ssp=vidoomy&bsw_param=b93652aa-318a-40a2-b2b5-59b531634405&gdpr=&gdpr_consent=
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405

43 B
369 B

13ms
13ms

Image
image/gif

3.68.1.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Server: 3.68.1.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-68-1-119.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: none
content-length: 43
vary: Origin
content-type: image/gif

Redirect headers

Location: //a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=b93652aa-318a-40a2-b2b5-59b531634405
Date: Sat, 13 Nov 2021 03:05:45 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 adblockDetector.min.js Show response
static.sunmedia.tv/AdBlockDetection/ 3 KB
2 KB 56ms
11ms Script
application/javascript 51.89.99.150
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.sunmedia.tv/AdBlockDetection/adblockDetector.min.js?abf=_smartads_%7C-ad-plugin-%7C-google-ads-%7C-google2-ad-&ref=http%253A%252F%252Fdd8e-201-130-58-86.ngrok.io%252Fid%253D1.php
Requested by: Host: static.addevweb.com
URL: https://static.addevweb.com/integrations/fd629041-9e6f-47d6-8dfb-cf82237caa89/fd629041-9e6f-47d6-8dfb-cf82237caa89.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.89.99.150 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns3163893.ip-51-89-99.eu
Software: nginx /
Resource Hash: 051a4df5ca07ec7979f14e486352a62c72733c9aabb6528adaddc9a911fbfca3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: gzip
tp-cache: HIT
last-modified: Mon, 21 Dec 2020 17:00:21 GMT
server: nginx
age: 1399353
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, s-maxage=2592000
x-device: mobile
accept-ranges: bytes
content-length: 1634

POST
H/1.1 200
OK 607f6b0b381bbc1f64fa027d62891072_cookie.php Show response
hosting.miarroba.info/ Frame 7611 46 B
932 B 99ms
95ms Document
text/html 2606:4700:3037::ac43:bb46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: HTTP/1.1
Server: 2606:4700:3037::ac43:bb46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19603242f3bfa5b6cf922d65bc2353813d1b4c3a4b970638f3fa1c5b6dd39a88

Request headers

Upgrade-Insecure-Requests: 1
Origin: http://dd8e-201-130-58-86.ngrok.io
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

Date: Sat, 13 Nov 2021 03:05:45 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KgrYzKXksKgcFCzUqjL9WUYJFnTrVf92cj23VJ6aDGtVo%2BpDHYCNRBT2kBJIMXyrNsQm7XE1oe6JHuRPouPYnij2H%2FNByOCtLvbSE1JnCtCU15b8EirB2JJd0Tr7AlfIUba3lXDBdPToM5T3ATyhYiS8Ays%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6ad4c7bcc9185c50-FRA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame 6BA1 5 KB
2 KB 11ms
11ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1636772745.cds109.fr8.hn,1636772745.cds288.fr8.c
access-control-allow-origin: *

GET
H/1.1 400
Bad Request ad Show response
v.lkqd.net/ Frame FB34 33 B
349 B 193ms
177ms XHR
text/plain 146.20.128.142
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: http://v.lkqd.net/ad?pid=430&sid=642602&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=29165426&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: HTTP/1.1
Server: 146.20.128.142 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e30374bd2baf76a35b11c9df3497b4a3d076be51c723ab31de11ebb8aef29789

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: nginx
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: http://dd8e-201-130-58-86.ngrok.io
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 33

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame 3F6A 5 KB
2 KB 11ms
11ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js?pid=430&sid=642145
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1636772745.cds109.fr8.hn,1636772745.cds288.fr8.c
access-control-allow-origin: *

GET
H/1.1 400
Bad Request ad Show response
v.lkqd.net/ Frame 2FBC 33 B
349 B 179ms
176ms XHR
text/plain 146.20.128.142
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: http://v.lkqd.net/ad?pid=430&sid=642594&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=78929476&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js?pid=430&sid=642145
Protocol: HTTP/1.1
Server: 146.20.128.142 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e30374bd2baf76a35b11c9df3497b4a3d076be51c723ab31de11ebb8aef29789

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: nginx
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: http://dd8e-201-130-58-86.ngrok.io
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 33

GET
H2

451

464986.gif
idsync.rlcdn.com/ Frame 6BA1
Redirect Chain

https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if
https://idsync.rlcdn.com/464986.gif?partner_uid=44xULN4A4QA

0
66 B

42ms
17ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/464986.gif?partner_uid=44xULN4A4QA
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
location: https://idsync.rlcdn.com/464986.gif?partner_uid=44xULN4A4QA
access-control-max-age: 0
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

lkqd
event.clientgear.com/cookie/ Frame 6BA1
Redirect Chain

https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if
https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=jpkllO6E4ZQ

0
133 B

327ms
96ms

Image
text/plain

47.252.78.131
CNNIC-ALIBABA-US-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=jpkllO6E4ZQ
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 47.252.78.131 , United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
content-length: 0

Redirect headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
location: https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=jpkllO6E4ZQ
access-control-max-age: 0
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

cs
cs.lkqd.net/ Frame 6BA1
Redirect Chain

https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252...
https://cs.krushmedia.com/cd607442bfdf172cfcec45014a5f4ece.gif?puid=Wy99e1NK6eY&redir=https://cs.lkqd.net/cs?partnerId%3D102%26partnerUserId%3D%5BUID%5D
https://cs.lkqd.net/cs?partnerId=102&partnerUserId=5be39322-6798-436f-83f5-26aa374e9084

43 B
403 B

94ms
93ms

Image
image/gif

146.20.132.60
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=102&partnerUserId=5be39322-6798-436f-83f5-26aa374e9084
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 146.20.132.60 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

Pragma: no-cache
Date: Sat, 13 Nov 2021 03:05:46 GMT
Server: nginx
Transfer-Encoding: chunked
Location: https://cs.lkqd.net/cs?partnerId=102&partnerUserId=5be39322-6798-436f-83f5-26aa374e9084
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

200

NXST
c.deployads.com/cs/ Frame 6BA1
Redirect Chain

https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if
https://c.deployads.com/cs/NXST?b=tPoErnu5yLE

43 B
285 B

101ms
30ms

Image
image/gif

63.34.198.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.deployads.com/cs/NXST?b=tPoErnu5yLE
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 63.34.198.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-198-233.eu-west-1.compute.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: no-cache
server: SortableCactus/1.0
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
location: https://c.deployads.com/cs/NXST?b=tPoErnu5yLE
access-control-max-age: 0
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

cs
cs.lkqd.net/ Frame 6BA1
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8881593932377023337

43 B
527 B

210ms
97ms

Image
image/gif

146.20.132.60
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8881593932377023337
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 146.20.132.60 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

location: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8881593932377023337
pragma: no-cache
date: Sat, 13 Nov 2021 03:05:45 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

451

464986.gif
idsync.rlcdn.com/ Frame 3F6A
Redirect Chain

https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if
https://idsync.rlcdn.com/464986.gif?partner_uid=JVK7rW7n8cI

0
42 B

40ms
18ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/464986.gif?partner_uid=JVK7rW7n8cI
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
location: https://idsync.rlcdn.com/464986.gif?partner_uid=JVK7rW7n8cI
access-control-max-age: 0
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

lkqd
event.clientgear.com/cookie/ Frame 3F6A
Redirect Chain

https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if
https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=u-BwxigROXg

0
133 B

323ms
98ms

Image
text/plain

47.252.78.131
CNNIC-ALIBABA-US-...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=u-BwxigROXg
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 47.252.78.131 , United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
content-length: 0

Redirect headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
location: https://event.clientgear.com/cookie/lkqd?partner=lkqd&cookieid=u-BwxigROXg
access-control-max-age: 0
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

cs
cs.lkqd.net/ Frame 3F6A
Redirect Chain

https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252...
https://cs.krushmedia.com/cd607442bfdf172cfcec45014a5f4ece.gif?puid=JL6E0NMMhno&redir=https://cs.lkqd.net/cs?partnerId%3D102%26partnerUserId%3D%5BUID%5D
https://cs.lkqd.net/cs?partnerId=102&partnerUserId=1fdbf03c-53f0-4121-ba76-bbf5f9884404

43 B
403 B

91ms
90ms

Image
image/gif

146.20.132.60
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=102&partnerUserId=1fdbf03c-53f0-4121-ba76-bbf5f9884404
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 146.20.132.60 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

Pragma: no-cache
Date: Sat, 13 Nov 2021 03:05:46 GMT
Server: nginx
Transfer-Encoding: chunked
Location: https://cs.lkqd.net/cs?partnerId=102&partnerUserId=1fdbf03c-53f0-4121-ba76-bbf5f9884404
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

200

NXST
c.deployads.com/cs/ Frame 3F6A
Redirect Chain

https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if
https://c.deployads.com/cs/NXST?b=g2fjZocfMZE

43 B
284 B

96ms
31ms

Image
image/gif

63.34.198.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.deployads.com/cs/NXST?b=g2fjZocfMZE
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 63.34.198.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-198-233.eu-west-1.compute.amazonaws.com
Software: SortableCactus/1.0 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: no-cache
server: SortableCactus/1.0
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
location: https://c.deployads.com/cs/NXST?b=g2fjZocfMZE
access-control-max-age: 0
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 0

GET
H2

200

cs
cs.lkqd.net/ Frame 3F6A
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8953651526414951273

43 B
526 B

209ms
96ms

Image
image/gif

146.20.132.60
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8953651526414951273
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 146.20.132.60 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

location: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=8953651526414951273
pragma: no-cache
date: Sat, 13 Nov 2021 03:05:45 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

tc.js Show response
cdn.tynt.com/
Redirect Chain

http://cdn.tynt.com/tc.js
https://cdn.tynt.com/tc.js

17 KB
7 KB

38ms
13ms

Script
application/javascript

104.18.28.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tynt.com/tc.js
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Server: 104.18.28.199 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:45 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 27 Aug 2021 20:58:51 GMT
server: cloudflare
age: 6336
etag: W/"6129520b-431d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6ad4c7be4de74ec2-FRA
expires: Tue, 16 Nov 2021 03:05:45 GMT

Redirect headers

Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: cloudflare
Vary: Accept-Encoding
Location: https://cdn.tynt.com/tc.js
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6ad4c7be0b6b2b1a-FRA
Expires: Sat, 13 Nov 2021 04:05:45 GMT

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 283ms
89ms Preflight
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: http://dd8e-201-130-58-86.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Sat, 13 Nov 2021 03:05:46 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io

POST
H2 200 t Show response
t.lkqd.net/ Frame BE26 0
173 B 281ms
90ms XHR
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H/1.1 400
Bad Request ad Show response
v.lkqd.net/ Frame FB34 33 B
349 B 154ms
154ms XHR
text/plain 146.20.128.142
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: http://v.lkqd.net/ad?pid=430&sid=642602&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=26357729&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: HTTP/1.1
Server: 146.20.128.142 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e30374bd2baf76a35b11c9df3497b4a3d076be51c723ab31de11ebb8aef29789

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:46 GMT
Server: nginx
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: http://dd8e-201-130-58-86.ngrok.io
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 33

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 279ms
92ms Preflight
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: http://dd8e-201-130-58-86.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Sat, 13 Nov 2021 03:05:46 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io

POST
H2 200 t Show response
t.lkqd.net/ Frame 9C62 0
172 B 281ms
94ms XHR
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js?pid=430&sid=642145
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H/1.1 400
Bad Request ad Show response
v.lkqd.net/ Frame 2FBC 33 B
349 B 92ms
91ms XHR
text/plain 146.20.128.142
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: http://v.lkqd.net/ad?pid=430&sid=642594&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=22688090&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js?pid=430&sid=642145
Protocol: HTTP/1.1
Server: 146.20.128.142 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e30374bd2baf76a35b11c9df3497b4a3d076be51c723ab31de11ebb8aef29789

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:45 GMT
Server: nginx
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: http://dd8e-201-130-58-86.ngrok.io
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 33

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 313ms
100ms Image
text/plain 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!elfinai&lm=0&ts=1636772745979&dn=TC&iso=0&ct=BANCO%20AZTECA%20&t=Facebook%20Videos&cu=https%3A%2F%2Fwww.facebook.com%2Fwatch%3Fv%3Da-31Ie2dFC4
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 geocity.php Show response
services.sunmedia.tv/geotarget/ 473 B
723 B 74ms
16ms XHR
application/json 141.94.109.48
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://services.sunmedia.tv/geotarget/geocity.php
Requested by: Host: static.addevweb.com
URL: https://static.addevweb.com/integrations/fd629041-9e6f-47d6-8dfb-cf82237caa89/fd629041-9e6f-47d6-8dfb-cf82237caa89.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 141.94.109.48 , France, ASN16276 (OVH, FR),
Reverse DNS: ns31438425.ip-141-94-109.eu
Software: nginx /
Resource Hash: e660ae0de93a7e71bc62051de063e88991e765f0c7bb8d5c5abbb45210edaa56

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
tp-cache: HIT
server: nginx
age: 206
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
cache-control: max-age=0, s-maxage=2592000
access-control-allow-credentials: true
x-device: tablet
accept-ranges: bytes
content-length: 473

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 180ms
91ms Preflight
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: http://dd8e-201-130-58-86.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Sat, 13 Nov 2021 03:05:46 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io

POST
H2 200 t Show response
t.lkqd.net/ Frame 9C62 0
172 B 281ms
92ms XHR
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js?pid=430&sid=642145
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ 14 KB
4 KB 32ms
7ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 38743be62c3c6384da933b785f689933c1bc3b0fe33af64d40027ca84d44a834

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 02:51:31 GMT
content-encoding: gzip
age: 855
x-guploader-uploadid: ADPycduwCt33uZBRCIYrTyvjWH2S4RJbPsGVBCsC88HfbJD8igXrEShGaCKTujsyfXqexAq_ZOBk-91CFnr-BXeGZQ0
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3607
last-modified: Wed, 03 Nov 2021 14:17:41 GMT
server: UploadServer
etag: "a3cfc290a2a59172994eca570704d2ea"
vary: Accept-Encoding
x-goog-hash: crc32c=Nfk9rw==, md5=o8/CkKKlkXKZTspXBwTS6g==
x-goog-generation: 1635949061609314
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 3607
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 /
track.sunmedia.tv/ 42 B
279 B 22ms
13ms Image
image/gif 51.89.99.150
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.sunmedia.tv/?ap=smptf&it=fd629041-9e6f-47d6-8dfb-cf82237caa89&tp=op&pb=1&pos=0&loop=1
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.89.99.150 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns3163893.ip-51-89-99.eu
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
tp-cache: HIT
last-modified: Thu, 15 Nov 2018 09:59:07 GMT
server: nginx
age: 1399353
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, s-maxage=31536000
access-control-allow-credentials: true
x-device: mobile
accept-ranges: bytes
content-length: 42

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 115ms
91ms Preflight
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: http://dd8e-201-130-58-86.ngrok.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Sat, 13 Nov 2021 03:05:46 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io

POST
H2 200 t Show response
t.lkqd.net/ Frame BE26 0
172 B 281ms
93ms XHR
text/plain 146.20.132.136
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.136 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: http://dd8e-201-130-58-86.ngrok.io
date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H2 200 tag Show response
pandg.tapad.com/ Frame 661D 188 B
694 B 53ms
17ms Document
text/html 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Hobbies%20and%20Interests%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

753b2dbeca9f01e6f5244b00ffc079450303b6ed3c266cf3c71538ea500045bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
strict-transport-security: max-age=31536000
content-security-policy: default-src 'none';img-src https://*.tapad.com https://match.adsrvr.org
access-control-max-age: 300
access-control-allow-origin: *
content-type: text/html;charset=utf-8
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 188
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK / Show response
t.dtscout.com/pv/ 50 B
318 B 280ms
94ms Script
application/javascript 167.114.209.61
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/pv/?_a=v&_h=dd8e-201-130-58-86.ngrok.io&_ss=4rixdenkvs&_pv=1&_ls=0&_u1=1&_u3=1&_cc=de&_pl=d&_cbid=4tq6&_cb=_dtspv.c
Requested by: Host: t.dtscout.com
URL: http://t.dtscout.com/i/?l=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&j=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns515688.ip-167-114-209.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 6c940e3683a0bd719c06b3acc4ca1c027b0ebcd9a7043e48a60b31e0fe7d67f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Sat, 13 Nov 2021 03:05:46 GMT
X-T: 0.185
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
X-C: 0
Content-Type: application/javascript
Cache-Control: no-cache
Connection: close
Expires: Sat, 13 Nov 2021 03:05:45 GMT

GET
H2

200

receive
pixel.tapad.com/idsync/ex/ Frame 661D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5&gdpr=&gdpr_consent=${gdpr_consent}
https://match.adsrvr.org/track/cmb/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5&gdpr=&gdpr_consent=${gdpr_consent}
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5863447a-0889-4384-9b06-bee784c17703&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5

95 B
430 B

18ms
16ms

Image
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5863447a-0889-4384-9b06-bee784c17703&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5

Requested by

Host: pandg.tapad.com
URL: https://pandg.tapad.com/tag?gdpr=%24%7Bgdpr%7D&gdpr_consent=%24%7Bgdpr_consent%7D&referrer_url=&page_url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&owner=P%26G&bp_id=sunmedia&data=%7B%22category%22%3A%22Hobbies%20and%20Interests%22%7D

Protocol

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pandg.tapad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:46 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=5863447a-0889-4384-9b06-bee784c17703&ttd_puid=f69d5473-d512-4925-8dab-2037c5abb1f5
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 347

GET
H2 200 v2 Show response
de.tynt.com/deb/ 4 B
202 B 321ms
100ms Script
application/javascript 208.100.17.181
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?id=w!elfinai&dn=TC&cc=1&r=
Requested by: Host: cdn.tynt.com
URL: http://cdn.tynt.com/tc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.181 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip181.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: max-age=86400
content-type: application/javascript
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length: 4
expires: Sun, 14 Nov 2021 03:05:46 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 100ms
100ms Image
text/plain 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!elfinai&lm=0&ts=1636772745979&dn=TC&iso=0&ct=BANCO%20AZTECA%20&t=Facebook%20Videos&cu=https%3A%2F%2Fwww.facebook.com%2Fwatch%3Fv%3Da-31Ie2dFC4
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 101ms
100ms Image
text/plain 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!elfinai&lm=0&ts=1636772745979&dn=TC&iso=0&ct=BANCO%20AZTECA%20&t=Facebook%20Videos
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 103ms
101ms Image
text/plain 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!elfinai&lm=0&ts=1636772745979&dn=TC&iso=0&ct=BANCO%20AZTECA%20
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 103ms
100ms Image
text/plain 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!elfinai&lm=0&ts=1636772745979&dn=TC&iso=0&ct=BANCO%20AZTECA%20
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 100ms
99ms Image
text/plain 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!elfinai&lm=0&ts=1636772745979&dn=TC&iso=0
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 100ms
99ms Image
text/plain 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!elfinai&lm=0&ts=1636772745979&dn=TC&iso=0
Requested by: Host: dd8e-201-130-58-86.ngrok.io
URL: http://dd8e-201-130-58-86.ngrok.io/id=1.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/id=1.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:46 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 40ms
19ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25a1714851f9454e5f0aa68caf94fbeb3de45199edb5ccdaf893c83b18ceb406

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Nov 2021 03:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: clear
content-length: 9229
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 61ms
38ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sat, 13 Nov 2021 03:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: clear
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 13 Nov 2021 03:05:47 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame B95A 12 KB
5 KB 15ms
14ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Fri, 12 Nov 2021 18:50:52 GMT
expires: Sat, 12 Nov 2022 18:50:52 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 29695
alt-svc: clear

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6132 783 B
972 B 24ms
19ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

18801bce95ba6b7f3d1370a0294ea002b8bb8a192787f7984044ac991abf92e2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-+XjNz3ZFiE/LnVbzxS6RgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 13 Nov 2021 03:05:47 GMT
date: Sat, 13 Nov 2021 03:05:47 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-+XjNz3ZFiE/LnVbzxS6RgQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: clear

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6132 0
0 19ms
18ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211109&jk=78383451486731&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js Show response
pagead2.googlesyndication.com/bg/ Frame B95A 35 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Ydwwnsiz0RrvfpNl89rQqoBRiFg6eVxNIdbgsmjvwYM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 11:26:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56366
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 13476
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 12 Nov 2022 11:26:21 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
119 B 43ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211109&jk=78383451486731&bg=!CQqlCk7NAAZQLpa_UC47ACkAdvg8WsHHLWMHuyKdoAZGs_DQJ_O29eK3A8smp1TbKTBQ-XVc6ygKKAIAAACCUgAAAAxoAQcKAAe0mjk1MJc-mQLJ-fEHqzywdQ1lsiu_pEtJHIRnTunKxnziSiePo5uXydiKwDLI7cehia7-cCo98bl8NU5HEAd0WxSZ1RimjzREFYQnin-dix3-5B1OM_-ld2hGXv8gGfuSAZkkCtHhuexzpad51FF-owZcTsRVG_s9vSOAUlk7pa_pL4W7KVP9qTz7G7ppMZ7tu3_-otgyk6DcMrg-o_Lsm7kHlxK-cOFLKwQaJP8zIHONkFHIaB_-CQ9fihRVp17HqU_z6ckEcEaJ_NUrSj-xVe9qQr-CQc1is-4Jd8GrlHjn-yhMaDHQ2ZvXXy9yufzAbFWRxjMmY7dUC07MtR3RhXQD_-HKjSVXP_KrCI-mL2p4nCSF8vI7TNUap-BD_i2Kiiy1SjMv0eDolZxrah_tRerUvG5VixgNN-pV4fR2isE1z2rnlm8-8oniWvYUbrB0a929FlyHK9iT-ngBeceIPwJ8fpjX_HIasyz3zeY_6hlgtiYjLxzCCHOL9_-tOiU-QtduaA6g1YID9txCjZVheO9akjl1SQnmjz3L1QYpLWnyzNiZDYd0hQqQL6UXaU8mSxYosNQVeMVa9no_QFEXwulQW910E-1UsnUtIwvm-3IRFzhZFvxzLBbZxl3KUJI6KLF5_xdieOxmqepElKl2dh3bxCfkcBP_aH_HK3ANO6w0Ws491rJQXtYQTVClZH52LkFhAmptkISSoJKuXf54VKF8pB4nY8HW9KS1y2vio9FOS2BKQ6v7tC_l6mMBmTc9jou6t7BkVEQjWTwo9H-zEQ2VK--_45Wd7RFgae-tvXrvXv7doj9JLRcP0cxTOgpz5xQ6Dr5tAKnZB1ioESKDUdMK3oYp_1OgS8tsmpOo153PkQDFRZT-W9YLI-NJfu6O8Tk-kGeO-0ift8jmychyzLNjQI76tEIhpsBzLFmxbfxztIjzBgCLiSEI8sV4-z4EaLw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dd8e-201-130-58-86.ngrok.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Nov 2021 03:05:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

39 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dd8e-201-130-58-86.ngrok.io/	1970-01-20 16:10:44	Name: _ga Value: GA1.3.1132065179.1636772745
.dd8e-201-130-58-86.ngrok.io/	1970-01-19 22:40:59	Name: _gid Value: GA1.3.1844371552.1636772745
.dd8e-201-130-58-86.ngrok.io/	1970-01-19 22:39:32	Name: _gat_UA-597118-7 Value: 1
.dd8e-201-130-58-86.ngrok.io/	1970-01-19 22:39:32	Name: _gat_UA-597118-1 Value: 1
.doubleclick.net/	1970-01-19 22:39:33	Name: test_cookie Value: CheckForPermission
.quantserve.com/	1970-01-20 08:09:47	Name: mc Value: 618f2b89-00644-e41a5-8f332
.dd8e-201-130-58-86.ngrok.io/	1970-01-20 08:04:01	Name: __qca Value: P0-2012285910-1636772744942
.scorecardresearch.com/	1970-01-20 15:56:20	Name: UID Value: 1IQ7AW0CDJ0DN1CFOZVJB2g1636772746
ads.stickyadstv.com/	1970-01-19 23:22:44	Name: UID Value: 29d9cb7b6d9a8808fa5cc6494474c2b
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 04ea0631f15ed99ad8b532c1b3422
.bidswitch.net/	1970-01-20 07:25:08	Name: c Value: 1636772745
.bidswitch.net/	1970-01-20 07:25:08	Name: tuuid_lu Value: 1636772745
.bidswitch.net/	1970-01-20 07:25:08	Name: tuuid Value: b93652aa-318a-40a2-b2b5-59b531634405
.turn.com/	1970-01-20 02:58:44	Name: uid Value: 8953651526414951273
.mathtag.com/	1970-01-20 08:05:27	Name: uuid Value: 3fb8618f-2b89-4100-96b0-5415bbbb09b2
.lkqd.net/	1970-01-20 07:25:08	Name: sr55 Value: 1\|\|1636772746
.lkqd.net/	1970-01-20 07:25:08	Name: lkqdidts Value: 1636772746
.lkqd.net/	1970-01-20 07:25:08	Name: sr103 Value: 1\|\|1636772746
.lkqd.net/	1970-01-20 07:25:08	Name: sr99 Value: 1\|\|1636772746
.lkqd.net/	1970-01-20 07:25:08	Name: sr94 Value: 1\|8881593932377023337\|1636772746
.lkqd.net/	1970-01-20 07:25:08	Name: lkqdid Value: YO5nQOTYvc4
pool.admedo.com/	1970-01-20 07:25:08	Name: tuuid Value: 64025264-d212-42ff-8730-bc199a8c2080
pool.admedo.com/	1970-01-20 07:25:08	Name: c Value: 1636772746
pool.admedo.com/	1970-01-20 07:25:08	Name: tuuid_lu Value: 1636772746
.dtscout.com/	1970-01-19 22:39:37	Name: m Value: 1
.dtscout.com/	1970-01-19 22:39:50	Name: b Value: 1
.dtscout.com/	1970-01-19 22:39:47	Name: oa Value: 1
.dtscout.com/	1970-01-20 01:03:32	Name: df Value: 1636772746
.vidoomy.com/	1970-01-20 07:25:08	Name: vidoomy-uids Value: eyJ1aWRzIjp7IkJTIjp7InVpZCI6ImI5MzY1MmFhLTMxOGEtNDBhMi1iMmI1LTU5YjUzMTYzNDQwNSIsImV4cGlyZXMiOjE2MzkzNjQ3NDZ9LCJDRU4iOnsidWlkIjoibm8tY29uc2VudCIsImV4cGlyZXMiOjE2MzkzNjQ3NDV9fX0=
c.deployads.com/	1970-01-20 07:25:30	Name: d7s_dc Value: 44NXSTCg2fjZocfMZEY
.tapad.com/	1970-01-20 00:05:56	Name: TapAd_TS Value: 1636772746173
.tapad.com/	1970-01-20 00:05:56	Name: TapAd_DID Value: f69d5473-d512-4925-8dab-2037c5abb1f5
.adsrvr.org/	1970-01-20 07:25:08	Name: TDID Value: 5863447a-0889-4384-9b06-bee784c17703
.adsrvr.org/	1970-01-20 07:25:08	Name: TDCPM Value: CAESFAoFdGFwYWQSCwjGkdTTkJeTOhAFGAUgASgCMgsIluqjgKeXkzoQBTgB
.tapad.com/	1970-01-20 00:05:56	Name: TapAd_3WAY_SYNCS Value: 1!7611
event.clientgear.com/	1970-01-20 02:58:44	Name: mkuuid Value: mkfdd3c74c-acf0-4cf4-921f-58d89d35add3
.krushmedia.com/	1970-01-19 23:22:44	Name: krm_r Value: 57
.krushmedia.com/	1970-01-19 23:22:44	Name: krm_usr Value: 5be39322-6798-436f-83f5-26aa374e9084
.lkqd.net/	1970-01-20 07:25:08	Name: sr102 Value: 1\|5be39322-6798-436f-83f5-26aa374e9084\|1636772746

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1636772744&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&ea=0&flash=0&pra=5&wgl=1&dt=1636772744752&bpp=3&bdt=104&idt=103&shv=r20211109&mjsv=m202111080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4297084682972&frm=20&pv=2&ga_vid=1132065179.1636772745&ga_sid=1636772745&ga_hid=821255228&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=78383451486731&pem=475&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=119 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: http://v.lkqd.net/ad?pid=430&sid=642602&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=29165426&m= Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: http://v.lkqd.net/ad?pid=430&sid=642594&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=78929476&m= Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: http://v.lkqd.net/ad?pid=430&sid=642594&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=22688090&m= Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: http://v.lkqd.net/ad?pid=430&sid=642602&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=&gdprcs=&pageurl=http%3A%2F%2Fdd8e-201-130-58-86.ngrok.io%2Fid%3D1.php&dnt=0&c1=&c2=&c3=&rnd=26357729&m= Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://idsync.rlcdn.com/464986.gif?partner_uid=44xULN4A4QA Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://idsync.rlcdn.com/464986.gif?partner_uid=JVK7rW7n8cI Message: Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.vidoomy.com
ad.lkqd.net
ad.turn.com
ads.stickyadstv.com
ads.vidoomy.com
adservice.google.com
adservice.google.de
c.deployads.com
cdn.tynt.com
cs.krushmedia.com
cs.lkqd.net
dd8e-201-130-58-86.ngrok.io
de.tynt.com
event.clientgear.com
googleads.g.doubleclick.net
hosting.miarroba.info
ic.tynt.com
idsync.rlcdn.com
match.adsrvr.org
pagead2.googlesyndication.com
pandg.tapad.com
partner.googleadservices.com
pghub.io
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.tapad.com
pool.admedo.com
rules.quantcount.com
sb.scorecardresearch.com
secure.quantserve.com
services.sunmedia.tv
static.addevweb.com
static.sunmedia.tv
stats.g.doubleclick.net
sync.mathtag.com
t.dtscout.com
t.lkqd.net
tpc.googlesyndication.com
track.sunmedia.tv
v.lkqd.net
whos.amung.us
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
x.bidswitch.net
104.18.28.199
13.32.99.23
141.94.109.48
142.250.186.34
146.20.128.142
146.20.132.136
146.20.132.60
15.197.193.217
151.139.128.11
167.114.209.61
18.157.198.157
185.29.134.248
2.18.234.233
2001:678:cb4:bbbb::11
208.100.17.181
2600:1f16:d83:1202::6e:2
2600:9000:211e:1200:6:44e3:f8c0:93a1
2606:4700:3037::ac43:bb46
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:116:800d:21:f916:5049:f87f:108e
2a00:1450:4001:803::2004
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:813::2003
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200e
2a00:1450:400c:c1b::9b
3.129.250.65
3.68.1.119
35.210.53.219
35.227.248.159
35.241.45.217
35.244.174.68
47.252.78.131
51.89.64.207
51.89.99.150
63.34.198.233
66.155.71.149
67.202.105.32
67.202.114.216
8.2.110.134
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
028f2864d5bf68255eb4b7d2ba2cf9f674b4bae9cce65604b28c581f32ada432
051a4df5ca07ec7979f14e486352a62c72733c9aabb6528adaddc9a911fbfca3
18801bce95ba6b7f3d1370a0294ea002b8bb8a192787f7984044ac991abf92e2
19603242f3bfa5b6cf922d65bc2353813d1b4c3a4b970638f3fa1c5b6dd39a88
1be72a6fd3de0461f912fe5e59edbb445c57f182c9cdbe96052741384ccefc17
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62
25a1714851f9454e5f0aa68caf94fbeb3de45199edb5ccdaf893c83b18ceb406
2b2a982779765782d3491b049505b2a12a913d04f2e8283143a194874493904e
3748470d18e0405d039993862e915493a0979b248f5520b1c7031f1f6077c8b6
38743be62c3c6384da933b785f689933c1bc3b0fe33af64d40027ca84d44a834
3a83eb40bc1313a75576e92f83d8ff183345246cbcaaee2417c39eaa19f74455
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
479cb91730eef777856825b3a30f19536770ed45c7120117de44e56b7db826c6
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
49f96016d53006fde5cef41f510b51c441e0030244a7de93b211cf4f05420bc5
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
54013fe95d54f0a9fc356042fbdb28f350cd92fa8e879f26510377d8f5f483fc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56b3a78bf4df13e8416cb28e5f1bfa7749c6f27cf7d87cfec5a445eb8d1dbc6d
5cedd5abd94d64b07e3779451d057665572b89caa8b445a5e9efa42bad9c4274
5d4826a14a28a6307d820e9040c85cf37bddd2d46ab6a8e4136aea713edb403f
61dc309ec8b3d11aef7e9365f3dad0aa805188583a795c4d21d6e0b268efc183
64013c3c9500ddb72213ace8c4fe6478736c310eefb5def88562d9a55af8d544
6c940e3683a0bd719c06b3acc4ca1c027b0ebcd9a7043e48a60b31e0fe7d67f6
753b2dbeca9f01e6f5244b00ffc079450303b6ed3c266cf3c71538ea500045bc
763a0e3336df5f9b277f862f2e7788af94dda642b8041b378c52e78bef8a9455
7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
8d1f297d16bdd27e7ea7ae615dfe153dd9b0e41c82d313622be1ad1229faacd4
9f81a2afebdf1ec72e08319d558c018615dfbc323b4faa9b5f72e125cbbd462a
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac5d44cc5f0ac328923c0bf191e04322715df347578fac482ed4a292706c5183
b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d2d3e62be49a950029e24adea571c09bb20f4e208df3ba0e6f18ee613446f466
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e30374bd2baf76a35b11c9df3497b4a3d076be51c723ab31de11ebb8aef29789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e660ae0de93a7e71bc62051de063e88991e765f0c7bb8d5c5abbb45210edaa56
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6c8bc10697488ead553b5bfa811a3a75d01acf3b3c52e0659449bf11aeb9feb
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac

dd8e-201-130-58-86.ngrok.io Open in urlscan Pro 2600:1f16:d83:1202::6e:2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

91 Requests

60 %HTTPS

36 %IPv6

32 Domains

46 Subdomains

37 IPs

8 Countries

972 kBTransfer

1791 kBSize

39 Cookies

0 Outgoing links

Page URL History

Redirected requests

91 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

dd8e-201-130-58-86.ngrok.io Open in urlscan Pro
2600:1f16:d83:1202::6e:2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

91
Requests

60 %
HTTPS

36 %
IPv6

32
Domains

46
Subdomains

37
IPs

8
Countries

972 kB
Transfer

1791 kB
Size

39
Cookies

91 HTTP transactions
1 data transactions