allegro.pl Open in urlscan Pro
5.134.213.82 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://postmaster.hdforum.net/
Effective URL:
https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5
Submission: On April 07 via automatic, source certstream-suspicious (April 7th 2021, 6:05:08 pm UTC)

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 17 IPs in 4 countries across 17 domains to perform 35 HTTP transactions. The main IP is 5.134.213.82, located in Poznan, Poland and belongs to QXL-POLAND, PL. The main domain is allegro.pl.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on July 7th 2020. Valid for: a year.

This is the only time allegro.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	159.69.83.207 159.69.83.207	24940 (HETZNER-AS) (HETZNER-AS)
6	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
4	167.233.8.197 167.233.8.197	24940 (HETZNER-AS) (HETZNER-AS)
1 2	209.15.13.136 209.15.13.136	13768 (COGECO-PEER1) (COGECO-PEER1)
2	18.235.67.128 18.235.67.128	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2606:4700:303... 2606:4700:3035::6815:625	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	213.189.52.246 213.189.52.246	15694 (ATMAN-ISP...) (ATMAN-ISP-AS ATM S.A.)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1 1	212.224.118.36 212.224.118.36	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	5.134.213.82 5.134.213.82	42656 (QXL-POLAND) (QXL-POLAND)
1	143.204.209.68 143.204.209.68	16509 (AMAZON-02) (AMAZON-02)
2	18.194.14.91 18.194.14.91	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:214... 2600:9000:214f:2800:7:c516:5a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	52.222.179.8 52.222.179.8	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	99.83.174.33 99.83.174.33	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:214... 2600:9000:214f:ea00:1:149e:16c0:93a1	16509 (AMAZON-02) (AMAZON-02)
35	17

2 159.69.83.207 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.207.83.69.159.clients.your-server.de

postmaster.hdforum.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 167.233.8.197 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.197.8.233.167.clients.your-server.de

track.tkbo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.vcdc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.15.13.136 (Toronto, Canada) 1 redirects

ASN13768 (COGECO-PEER1, CA)

btpnav.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.67.128 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-67-128.compute-1.amazonaws.com

firmis-min.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:625 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

654.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.189.52.246 (Poland)

ASN15694 (ATMAN-ISP-AS ATM S.A., PL)
PTR: web37.mydevil.net

brapwear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.224.118.36 (Frankfurt am Main, Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: dsde49-3.fornex.org

ad.admitad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.134.213.82 (Poznan, Poland)

ASN42656 (QXL-POLAND, PL)

allegro.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.209.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-209-68.fra53.r.cloudfront.net

ct.captcha-delivery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.14.91 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-14-91.eu-central-1.compute.amazonaws.com

geo.captcha-delivery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-js.datadome.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:214f:2800:7:c516:5a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.captcha-delivery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.179.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-179-8.ham50.r.cloudfront.net

js.datadome.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.174.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: ab84974fe32bbfb53.awsglobalaccelerator.com

api-na.geetest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:214f:ea00:1:149e:16c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.geetest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	google-analytics.com www.google-analytics.com	58 KB
5	geetest.com api-na.geetest.com static.geetest.com	105 KB
5	captcha-delivery.com ct.captcha-delivery.com geo.captcha-delivery.com static.captcha-delivery.com	99 KB
3	googletagmanager.com www.googletagmanager.com	107 KB
3	vcdc.com track.vcdc.com	2 KB
2	datadome.co js.datadome.co api-js.datadome.co	23 KB
2	firmis-min.com firmis-min.com	3 KB
2	btpnav.com 1 redirects btpnav.com	3 KB
2	hdforum.net postmaster.hdforum.net	2 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	googleapis.com fonts.googleapis.com	1005 B
1	allegro.pl allegro.pl	1023 B
1	admitad.com 1 redirects ad.admitad.com	494 B
1	brapwear.com brapwear.com	1 KB
1	654.pl 1 redirects 654.pl	1 KB
1	tkbo.com track.tkbo.com	725 B
0	Failed function sub() { [native code] }. Failed
35	17

	Domain	Requested by
6	www.google-analytics.com	postmaster.hdforum.net www.google-analytics.com www.googletagmanager.com
3	static.geetest.com	geo.captcha-delivery.com static.geetest.com
3	static.captcha-delivery.com	geo.captcha-delivery.com
3	www.googletagmanager.com	brapwear.com www.googletagmanager.com geo.captcha-delivery.com
3	track.vcdc.com	track.tkbo.com track.vcdc.com
2	api-na.geetest.com	geo.captcha-delivery.com static.geetest.com
2	firmis-min.com	firmis-min.com
2	btpnav.com	1 redirects track.vcdc.com
2	postmaster.hdforum.net	postmaster.hdforum.net
1	api-js.datadome.co	js.datadome.co
1	fonts.gstatic.com	fonts.googleapis.com
1	js.datadome.co	geo.captcha-delivery.com
1	fonts.googleapis.com	geo.captcha-delivery.com
1	geo.captcha-delivery.com	ct.captcha-delivery.com
1	ct.captcha-delivery.com	allegro.pl
1	allegro.pl	brapwear.com
1	ad.admitad.com	1 redirects
1	brapwear.com	firmis-min.com
1	654.pl	1 redirects
1	track.tkbo.com	postmaster.hdforum.net
0	jnhgnonknehpejjnehehllkliplmbmhn Failed	js.datadome.co
35	21

This site contains no links.

Subject Issuer	Validity	Valid
postmaster.hdforum.net R3	`2021-04-07` - `2021-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
track.vcdc.com GlobeSSL DV CA	`2020-10-28` - `2021-10-28`	a year	crt.sh
brapwear.com R3	`2021-03-12` - `2021-06-10`	3 months	crt.sh
*.allegro.pl DigiCert SHA2 Secure Server CA	`2020-07-07` - `2021-09-08`	a year	crt.sh
*.captcha-delivery.com Amazon	`2020-11-25` - `2021-12-24`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.datadome.co Gandi Standard SSL CA 2	`2019-10-08` - `2021-10-21`	2 years	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.geetest.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-01-28` - `2022-01-28`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5
Frame ID: EF0AB48501DE7A52CC6D21CDA2CCB8D0
Requests: 19 HTTP requests in this frame

Frame: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560
Frame ID: CF1E2F85D72443F615BFCA4A816C55CB
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://postmaster.hdforum.net/ Page URL
http://track.tkbo.com/?mid=135&f=135&domain=hdforum.net Page URL
https://track.vcdc.com/go.php?mid=135&f=135&domain=hdforum.net&ref= Page URL
https://track.vcdc.com/helper/forward.php?target=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s/ZGF0YT1SMUJuVXpGTW... Page URL
https://track.vcdc.com/helper/forward.php Page URL
http://btpnav.com/click?data=R1BnUzFMdmRXTFFUWUw3WVNkSmhQb1BFUTJ4SXUxaXNpXy1wZm1IRWs1WHluWno3d... Page URL
http://btpnav.com/Redirect/ HTTP 302
http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b... Page URL
http://firmis-min.com/zcredirect?visitid=bf7938c7-97cb-11eb-8045-12e6f7366881&type=js&browserWidth... Page URL
https://654.pl/B9fpyn?keyword=hdforums%2Chdforum%2Chdforum.net&cost=0.001150&external_id=zr... HTTP 302
https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94... Page URL
https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/?subid=m4vpvq606df391c73dd&subid1... HTTP 302
https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d... Page URL

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Page Statistics

35
Requests

86 %
HTTPS

39 %
IPv6

17
Domains

21
Subdomains

17
IPs

4
Countries

421 kB
Transfer

1033 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://postmaster.hdforum.net/ Page URL
http://track.tkbo.com/?mid=135&f=135&domain=hdforum.net Page URL
https://track.vcdc.com/go.php?mid=135&f=135&domain=hdforum.net&ref= Page URL
https://track.vcdc.com/helper/forward.php?target=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s/ZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY=&hash=f3a1ad8a148ec7063adcc227c8659481 Page URL
https://track.vcdc.com/helper/forward.php Page URL
http://btpnav.com/click?data=R1BnUzFMdmRXTFFUWUw3WVNkSmhQb1BFUTJ4SXUxaXNpXy1wZm1IRWs1WHluWno3dFFIM09ueHFEWHEtNFlMSWhmSXFGUlVwTGtVcF9LN3dPbUpwZDl2U1dCaE05XzBMM0hJb3dSc0xod1c0VHEyU2VXR1dDRmhXQ1pIY3RCLU9ueEtiTXY4RzJSN09wYWtER3VIWDJ3Mg2&id=96373ca3-3a56-47b6-8926-21e256381466 Page URL
http://btpnav.com/Redirect/ HTTP 302
http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422 Page URL
http://firmis-min.com/zcredirect?visitid=bf7938c7-97cb-11eb-8045-12e6f7366881&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
https://654.pl/B9fpyn?keyword=hdforums%2Chdforum%2Chdforum.net&cost=0.001150&external_id=zrbf7938c797cb11eb804512e6f736688198aa7f85c5734ed39edd432931f0ad5405493099cef1c0dcbe&creative_id=golf-rid-hXzRMopJ&ad_campaign_id=1+-+Admitad+-+Allegro+%28brapwear.com%29+-+DESK&source=gamboge-moose&sub_id_1=golf-rid-hXzRMopJ&sub_id_2=DOMAIN&sub_id_3=NON-ADULT&sub_id_4= HTTP 302
https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-moose&utm_medium=golf-rid-hXzRMopJ&utm_campaign=8 Page URL
https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/?subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do HTTP 302
https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

http://btpnav.com/Redirect/ HTTP 302
http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422

Request Chain 12

https://654.pl/B9fpyn?keyword=hdforums%2Chdforum%2Chdforum.net&cost=0.001150&external_id=zrbf7938c797cb11eb804512e6f736688198aa7f85c5734ed39edd432931f0ad5405493099cef1c0dcbe&creative_id=golf-rid-hXzRMopJ&ad_campaign_id=1+-+Admitad+-+Allegro+%28brapwear.com%29+-+DESK&source=gamboge-moose&sub_id_1=golf-rid-hXzRMopJ&sub_id_2=DOMAIN&sub_id_3=NON-ADULT&sub_id_4= HTTP 302
https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-moose&utm_medium=golf-rid-hXzRMopJ&utm_campaign=8

35 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
postmaster.hdforum.net/ 1 KB
1 KB 785ms
225ms Document
text/html 159.69.83.207
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://postmaster.hdforum.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.69.83.207 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.207.83.69.159.clients.your-server.de

Software

openresty /

Resource Hash

54ebe3e069491e054c84c4fabf726881dd89d14599e38b307415e356ccffe62e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: postmaster.hdforum.net
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: openresty
date: Wed, 07 Apr 2021 17:53:43 GMT
content-type: text/html; charset=utf8
set-cookie: ndsp=eyJkb21haW5OYW1lIjoiaGRmb3J1bS5uZXQiLCJtZW1iZXIiOiIxIiwidGVtcGxhdGUiOiJzcGxpdHRlciIsInVzZXJBZ2VudCI6Ik1vemlsbGFcLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdFwvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lXC84OS4wLjQzODkuNzIgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiYzI3NmVhNTRhZDAxNTBmZDNiMDI2ZjU3NmFmNTQ0MTEiLCJ0aW1lX2luaXQiOjE2MTc4MTgwMjN9; expires=Wed, 07-Apr-2021 21:59:59 GMT; Max-Age=14776; path=/
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2 200 banner_ads.js Show response
postmaster.hdforum.net/ 111 B
326 B 167ms
167ms Script
application/javascript 159.69.83.207
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://postmaster.hdforum.net/banner_ads.js
Requested by: Host: postmaster.hdforum.net
URL: https://postmaster.hdforum.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.69.83.207 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.207.83.69.159.clients.your-server.de
Software: openresty /
Resource Hash: 4aa355b64f75bc8293836eb2ca7ff4a0d7230f361c2e9b1b2d7394ac7c540f90

Request headers

Referer: https://postmaster.hdforum.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Wed, 07 Apr 2021 17:53:43 GMT
last-modified: Thu, 26 Sep 2019 08:13:05 GMT
server: openresty
etag: "5d8c7311-6f"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 111
expires: Fri, 07 May 2021 17:53:43 GMT

GET
H2 200 analytics.js
www.google-analytics.com/ 48 KB
19 KB 34ms
15ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: postmaster.hdforum.net
URL: https://postmaster.hdforum.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://postmaster.hdforum.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 1483
date: Wed, 07 Apr 2021 17:40:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Wed, 07 Apr 2021 19:40:07 GMT

GET
H/1.1 200
OK /
track.tkbo.com/ 737 B
725 B 384ms
268ms Document
text/html 167.233.8.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://track.tkbo.com/?mid=135&f=135&domain=hdforum.net

Requested by

Host: postmaster.hdforum.net
URL: https://postmaster.hdforum.net/

Protocol

HTTP/1.1

Server

167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.197.8.233.167.clients.your-server.de

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: track.tkbo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Wed, 07 Apr 2021 18:04:50 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip

POST
H3-Q050 200 collect
www.google-analytics.com/j/ 2 B
130 B 46ms
12ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&aip=1&a=1787067441&t=event&ni=1&_s=1&dl=https%3A%2F%2Fpostmaster.hdforum.net%2F&ul=en-us&de=UTF-8&dt=hdforum.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blocking%20Ads&ea=No&_u=YEBAAEABAAAAAC~&jid=680492569&gjid=468382388&cid=852906769.1617818690&tid=UA-43967021-7&_gid=1082714431.1617818690&_r=1&_slc=1&cd1=splitter&cd2=1&cd3=yes&z=548678846

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://postmaster.hdforum.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 18:04:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://postmaster.hdforum.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
384 B 32ms
20ms Image
image/gif 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j89&aip=1&a=1787067441&t=pageview&_s=2&dl=https%3A%2F%2Fpostmaster.hdforum.net%2F&ul=en-us&de=UTF-8&dt=hdforum.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=&gjid=&cid=852906769.1617818690&tid=UA-43967021-7&_gid=1082714431.1617818690&cd1=splitter&cd2=1&cd3=yes&z=273499254

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://postmaster.hdforum.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 10:03:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 28873
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 go.php
track.vcdc.com/ 995 B
1 KB 936ms
601ms Document
text/html 167.233.8.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://track.vcdc.com/go.php?mid=135&f=135&domain=hdforum.net&ref=

Requested by

Host: track.tkbo.com
URL: http://track.tkbo.com/?mid=135&f=135&domain=hdforum.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.197.8.233.167.clients.your-server.de

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: track.vcdc.com
:scheme: https
:path: /go.php?mid=135&f=135&domain=hdforum.net&ref=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://track.tkbo.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://track.tkbo.com/

Response headers

server: nginx
date: Wed, 07 Apr 2021 18:04:51 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
set-cookie: XID=srh29h8mo5eceprijued93piif; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2 200 forward.php Show response
track.vcdc.com/helper/ 129 B
722 B 177ms
176ms Document
text/html 167.233.8.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://track.vcdc.com/helper/forward.php?target=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s/ZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY=&hash=f3a1ad8a148ec7063adcc227c8659481

Requested by

Host: track.vcdc.com
URL: https://track.vcdc.com/go.php?mid=135&f=135&domain=hdforum.net&ref=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.197.8.233.167.clients.your-server.de

Software

nginx /

Resource Hash

2f2792a94fdf35b39240ed6e151dd7e1ced76fdc0ae49f6957db59666fd79a66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: track.vcdc.com
:scheme: https
:path: /helper/forward.php?target=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s/ZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY=&hash=f3a1ad8a148ec7063adcc227c8659481
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://track.vcdc.com/go.php?mid=135&f=135&domain=hdforum.net&ref=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: XID=srh29h8mo5eceprijued93piif
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://track.vcdc.com/go.php?mid=135&f=135&domain=hdforum.net&ref=

Response headers

server: nginx
date: Wed, 07 Apr 2021 18:04:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: kkl6hi=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s%2FZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY%3D; expires=Wed, 07-Apr-2021 18:05:01 GMT; Max-Age=10
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H2 200 forward.php Show response
track.vcdc.com/helper/ 382 B
634 B 202ms
201ms Document
text/html 167.233.8.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://track.vcdc.com/helper/forward.php

Requested by

Host: track.vcdc.com
URL: https://track.vcdc.com/helper/forward.php?target=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s/ZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY=&hash=f3a1ad8a148ec7063adcc227c8659481

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.197.8.233.167.clients.your-server.de

Software

nginx /

Resource Hash

12eab2f5b1e1b890f8d43da2b6e40117735caabfac9d062b8e28a680e6d883ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: track.vcdc.com
:scheme: https
:path: /helper/forward.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://track.vcdc.com/helper/forward.php?target=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s/ZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY=&hash=f3a1ad8a148ec7063adcc227c8659481
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: kkl6hi=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s%2FZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY%3D; XID=srh29h8mo5eceprijued93piif
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://track.vcdc.com/helper/forward.php?target=aHR0cDovL2J0cG5hdi5jb20vY2xpY2s/ZGF0YT1SMUJuVXpGTWRtUlhURkZVV1V3M1dWTmtTbWhRYjFCRlVUSjRTWFV4YVhOcFh5MXdabTFJUldzMVdIbHVXbm8zZEZGSU0wOXVlSEZFV0hFdE5GbE1TV2htU1hGR1VsVndUR3RWY0Y5TE4zZFBiVXB3WkRsMlUxZENhRTA1WHpCTU0waEpiM2RTYzB4b2QxYzBWSEV5VTJWWFIxZERSbWhYUTFwSVkzUkNMVTl1ZUV0aVRYWTRSekpTTjA5d1lXdEVSM1ZJV0RKM01nMiZpZD05NjM3M2NhMy0zYTU2LTQ3YjYtODkyNi0yMWUyNTYzODE0NjY=&hash=f3a1ad8a148ec7063adcc227c8659481

Response headers

server: nginx
date: Wed, 07 Apr 2021 18:04:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: kkl6hi=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 tc_rvs=1; expires=Wed, 07-Apr-2021 18:04:54 GMT; Max-Age=3
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: gzip

GET
H/1.1 200
OK Cookie set click Show response
btpnav.com/ 5 KB
3 KB 444ms
318ms Document
text/html 209.15.13.136
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: http://btpnav.com/click?data=R1BnUzFMdmRXTFFUWUw3WVNkSmhQb1BFUTJ4SXUxaXNpXy1wZm1IRWs1WHluWno3dFFIM09ueHFEWHEtNFlMSWhmSXFGUlVwTGtVcF9LN3dPbUpwZDl2U1dCaE05XzBMM0hJb3dSc0xod1c0VHEyU2VXR1dDRmhXQ1pIY3RCLU9ueEtiTXY4RzJSN09wYWtER3VIWDJ3Mg2&id=96373ca3-3a56-47b6-8926-21e256381466
Requested by: Host: track.vcdc.com
URL: https://track.vcdc.com/helper/forward.php
Protocol: HTTP/1.1
Server: 209.15.13.136 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 763e9a60b92e9c21696c98aae3bfcd0ee3e526395f4f8d745f767a6363e2815f

Request headers

Host: btpnav.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: yLlmNVmseWuzQAg=yLlmNVmseWuzQAg; path=/
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Wed, 07 Apr 2021 18:04:51 GMT
Content-Length: 2149

GET
H/1.1

200
OK

fa8076ca-64e7-4648-95fb-59f8b6b1f6e1 Show response
firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/
Redirect Chain

http://btpnav.com/Redirect/
http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422

998 B
2 KB

533ms
437ms

Document
text/html

18.235.67.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422

Protocol

HTTP/1.1

Server

18.235.67.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-235-67-128.compute-1.amazonaws.com

Software

ZeroPark-Traffic /

Resource Hash

0a41472111ea36c51720b6f3501f388986919018f40c2833b86f13230f775c02

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host: firmis-min.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://btpnav.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: http://btpnav.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://btpnav.com/

Response headers

Date: Wed, 07 Apr 2021 18:04:53 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: ZeroPark-Traffic

Redirect headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Wed, 07 Apr 2021 18:04:51 GMT
Content-Length: 270

GET
H/1.1 200
OK zcredirect Show response
firmis-min.com/ 900 B
2 KB 242ms
242ms Document
text/html 18.235.67.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://firmis-min.com/zcredirect?visitid=bf7938c7-97cb-11eb-8045-12e6f7366881&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Requested by

Host: firmis-min.com
URL: http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422

Protocol

HTTP/1.1

Server

18.235.67.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-235-67-128.compute-1.amazonaws.com

Software

ZeroPark-Traffic /

Resource Hash

d68aa7764577306d404166e628972c8c521b5879c255e5cfcd17b65ddf5fea46

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host: firmis-min.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://firmis-min.com/zcvisitor/bf7938c7-97cb-11eb-8045-12e6f7366881/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=41b3dc10-e4e9-11e9-ae98-12077332b422

Response headers

Date: Wed, 07 Apr 2021 18:04:53 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: ZeroPark-Traffic

GET
H2

200

pixel.php Show response
brapwear.com/
Redirect Chain

https://654.pl/B9fpyn?keyword=hdforums%2Chdforum%2Chdforum.net&cost=0.001150&external_id=zrbf7938c797cb11eb804512e6f736688198aa7f85c5734ed39edd432931f0ad5405493099cef1c0dcbe&creative_id=golf-rid-hX...
https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-m...

1 KB
1 KB

272ms
91ms

Document
text/html

213.189.52.246
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL: https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-moose&utm_medium=golf-rid-hXzRMopJ&utm_campaign=8
Requested by: Host: firmis-min.com
URL: http://firmis-min.com/zcredirect?visitid=bf7938c7-97cb-11eb-8045-12e6f7366881&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.189.52.246 , Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS: web37.mydevil.net
Software: nginx / PHP/7.3.23
Resource Hash: 0e517748df4d65271be4b6eb7605bcc058521f094309d8e2c4b46e32185660fe

Request headers

:method: GET
:authority: brapwear.com
:scheme: https
:path: /pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-moose&utm_medium=golf-rid-hXzRMopJ&utm_campaign=8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://firmis-min.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://firmis-min.com/zcredirect?visitid=bf7938c7-97cb-11eb-8045-12e6f7366881&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Response headers

server: nginx
date: Wed, 07 Apr 2021 18:04:53 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.23

Redirect headers

date: Wed, 07 Apr 2021 18:04:53 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d2bf261725fa25e4f35ea7e0d9a57d9a01617818693; expires=Fri, 07-May-21 18:04:53 GMT; path=/; domain=.654.pl; HttpOnly; SameSite=Lax _subid=m4vpvq606df391c73dd;Expires=Saturday, 08-May-2021 18:01:53 GMT;Max-Age=2678400;Path=/ _token=uuid_m4vpvq606df391c73dd_m4vpvq606df391c73dd606df391c7b538.28379052;Expires=Saturday, 08-May-2021 18:01:53 GMT;Max-Age=2678400;Path=/ ec87d=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjhcIjoxNjE3ODE4NTEzfSxcImNhbXBhaWduc1wiOntcIjhcIjoxNjE3ODE4NTEzfSxcInRpbWVcIjoxNjE3ODE4NTEzfSJ9.f5kMY6XR8ixyucLJWwlk6r23sdUAoccfqkuwqhjJL7g;Expires=Thursday, 14-Jul-2072 12:03:46 GMT;Max-Age=1617904913;Path=/
cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
expires: 0
last-modified: Wed, 07 Apr 2021 18:01:53 GMT
location: https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-moose&utm_medium=golf-rid-hXzRMopJ&utm_campaign=8
pragma: no-cache
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
cf-request-id: 094f1b47370000536477a0d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6GJ8X9L0ch%2B5xDgWzKyVxmVG3%2Blxk%2Bdkg1OZC1AcPrw1E%2BCo2G%2B0hds%2FqRoY%2BwQvWHuAHIKNrziXd98Nz%2Bf0tOwp6QptZDITeFhTXEf7x5jOW%2FI%3D"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 63c52e51fbf85364-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 js
www.googletagmanager.com/gtag/ 97 KB
39 KB 43ms
22ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-162808225-1

Requested by

Host: brapwear.com
URL: https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-moose&utm_medium=golf-rid-hXzRMopJ&utm_campaign=8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://brapwear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 18:04:53 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39183
x-xss-protection: 0
expires: Wed, 07 Apr 2021 18:04:53 GMT

GET
H2

403

Primary Request / Show response
allegro.pl/
Redirect Chain

https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/?subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do
https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5

459 B
1023 B

314ms
102ms

Document
text/html

5.134.213.82
QXL-POLAND

General

Check archive.org

Show headers Download Go to

Full URL

https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

5.134.213.82 Poznan, Poland, ASN42656 (QXL-POLAND, PL),

Reverse DNS

Software

Resource Hash

db3e90ff1f19da8138302c37bcbb22df0ca6df6bfb607969f0ef043c3da8b1a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: allegro.pl
:scheme: https
:path: /?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://brapwear.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://brapwear.com/pixel.php?url=https://ad.admitad.com/g/lhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4/&subid=m4vpvq606df391c73dd&subid1=all-bw-zp-smart-week-do&zid=gamboge-moose&utm_source=gamboge-moose&utm_medium=golf-rid-hXzRMopJ&utm_campaign=8

Response headers

content-type: text/html text/html; charset=utf-8
content-length: 459
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
set-cookie: _cmuid=50c72fc8-65a6-4527-b447-80a17c8badb2; Expires=Fri, 07 Apr 2023 18:04:54 GMT; Path=/; Domain=.allegro.pl; Secure datadome=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC; Max-Age=31536000; Domain=.allegro.pl; Path=/; Secure; SameSite=Lax
charset: utf-8
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
pragma: no-cache
x-datadome-cid: AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A==

Redirect headers

server: nginx
date: Wed, 07 Apr 2021 18:04:54 GMT
content-type: text/html; charset=utf-8
content-length: 1089
location: https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Tue, 01 Jan 1980 1:00:00 GMT
set-cookie: UID=v=3|id=d0d37e4c910e8d882957fb950e3924b2|expr=1680890694|type=0|business_expr=1617991494; Domain=.ad.admitad.com; Expires=Fri, 07-Apr-2023 18:04:54 GMT; Path=/ UID2=v=3|id=d0d37e4c910e8d882957fb950e3924b2|expr=1680890694|type=0|business_expr=1617991494; Domain=.ad.admitad.com; Path=/
p3p: CP="NON DSP COR CURa TIA"

GET
H3-Q050 200 js
www.googletagmanager.com/gtag/ 97 KB
39 KB 48ms
35ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-162776981-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162808225-1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://brapwear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 18:04:53 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39210
x-xss-protection: 0
expires: Wed, 07 Apr 2021 18:04:53 GMT

GET
H3-Q050 200 analytics.js
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162776981-1&l=dataLayer&cx=c

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://brapwear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 1487
date: Wed, 07 Apr 2021 17:40:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Wed, 07 Apr 2021 19:40:07 GMT

POST
H3-Q050 200 collect
www.google-analytics.com/j/ 1 B
65 B 13ms
13ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&a=2024415319&t=pageview&_s=1&dl=https%3A%2F%2Fbrapwear.com%2Fpixel.php%3Furl%3Dhttps%3A%2F%2Fad.admitad.com%2Fg%2Flhiz91jzmi30ca866ee2a0ecd361a102a9b94bd4%2F%26subid%3Dm4vpvq606df391c73dd%26subid1%3Dall-bw-zp-smart-week-do%26zid%3Dgamboge-moose%26utm_source%3Dgamboge-moose%26utm_medium%3Dgolf-rid-hXzRMopJ%26utm_campaign%3D8&dr=http%3A%2F%2Ffirmis-min.com%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1054458223&gjid=1368603183&cid=576714310.1617818694&tid=UA-162776981-1&_gid=1899851382.1617818694&_r=1&gtm=2ou3v0&z=1294140225

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://brapwear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 07 Apr 2021 18:04:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://brapwear.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c.js Show response
ct.captcha-delivery.com/ 3 KB
4 KB 557ms
191ms Script
application/javascript 143.204.209.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.captcha-delivery.com/c.js
Requested by: Host: allegro.pl
URL: https://allegro.pl/?utm_source=admitad&utm_medium=afiliacja&admitad_uid=e67002823997205fedf120d86907eae5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-68.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06c92e8121246cc529a2407f6673f643eabaf64e23d09948756210e8b295f258

Request headers

Referer: https://allegro.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 17:07:37 GMT
via: 1.1 1f5757b46371746e677236d4fc67d364.cloudfront.net (CloudFront)
last-modified: Tue, 16 Feb 2021 15:13:23 GMT
server: AmazonS3
age: 3439
etag: "e5afc98db6afd77414fc3f6c98c2927c"
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 3335
x-amz-cf-id: h6kwcJNSmSdx21Nf1joo3ZRqmNMAXCuUudMj6XVYZLYwR2nk6MEXbg==

GET
H/1.1 200
OK / Show response
geo.captcha-delivery.com/captcha/ Frame CF1E 29 KB
29 KB 1031ms
424ms Document
text/html 18.194.14.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560
Requested by: Host: ct.captcha-delivery.com
URL: https://ct.captcha-delivery.com/c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.14.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-14-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 94cecebeaca13ba2be56406cf198965621e6a119d22ffffe528c3754e1ee77bc

Request headers

Host: geo.captcha-delivery.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://allegro.pl/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://allegro.pl/

Response headers

Date: Wed, 07 Apr 2021 18:04:55 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked

GET
H2 200 index.css
static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/ Frame CF1E 6 KB
7 KB 39ms
7ms Stylesheet
text/css 2600:9000:214f:2800:7:c516:5a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css
Requested by: Host: geo.captcha-delivery.com
URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:2800:7:c516:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ed243a7fa712a26559089ad5eadb7bffb314357ac21966fe20f5cef1fb6355b1

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
last-modified: Tue, 09 Jul 2019 14:35:24 GMT
server: AmazonS3
age: 52091
etag: "8ba3717dee9fac12ab09dda082b49fac"
x-cache: Hit from cloudfront
content-type: text/css
date: Wed, 07 Apr 2021 03:36:46 GMT
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 6323
x-amz-cf-id: Ny6jrt-3VbF4PZONj1K5Gxt_R67Z1p8L9P3dOKwOIY9Grf4ajPKFEQ==

GET
H2 200 css
fonts.googleapis.com/ Frame CF1E 2 KB
1005 B 33ms
13ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: geo.captcha-delivery.com
URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Apr 2021 17:30:43 GMT
server: ESF
date: Wed, 07 Apr 2021 18:04:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Apr 2021 18:04:56 GMT

GET
H2 200 logo.png
static.captcha-delivery.com/captcha/assets/set/37ca9da7a4047cf662ff2aa1f6d4f3d8b022ad6a/ Frame CF1E 16 KB
16 KB 148ms
148ms Image
image/png 2600:9000:214f:2800:7:c516:5a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.captcha-delivery.com/captcha/assets/set/37ca9da7a4047cf662ff2aa1f6d4f3d8b022ad6a/logo.png?update_cache=-3872124557856005511
Requested by: Host: geo.captcha-delivery.com
URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:2800:7:c516:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2fbcb0b79fa4952c6890e0f5138b8b0a91fa1e63e9e02a70cd37ad7ef1e1dde6

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 18:04:57 GMT
via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
last-modified: Fri, 19 Feb 2021 11:23:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
etag: "9f069cf93a78bae7def97755552f0464"
x-cache: Miss from cloudfront
x-amz-version-id: null
cache-control: public
accept-ranges: bytes
content-type: image/png
content-length: 15943
x-amz-cf-id: Mm7OKu43V40zwfI9NwZD64LaA1tkqQWmuQ0LGDAQ87_-w079_oocsQ==

GET
H2 200 loading_spinner.gif
static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/ Frame CF1E 44 KB
44 KB 14ms
14ms Image
image/gif 2600:9000:214f:2800:7:c516:5a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/loading_spinner.gif
Requested by: Host: geo.captcha-delivery.com
URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:2800:7:c516:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fab79f1dfdc7b759da9e1c4d80169bc879352b47bf0cf9352e3eeaed39e55de7

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 997f66fda0069dac50a85c7a4fa51b7e.cloudfront.net (CloudFront)
last-modified: Tue, 31 Jul 2018 12:27:34 GMT
server: AmazonS3
age: 44484
etag: "18be94cf37fa0da67af3c46ddebca50a"
x-cache: Hit from cloudfront
content-type: image/gif
date: Wed, 07 Apr 2021 05:43:33 GMT
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 44663
x-amz-cf-id: TseBj7NtlLHhMnetNU7lYLMwy9S35EZhzQPvMA38h516xg_t_lGXrA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame CF1E 74 KB
29 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KTHT2G

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

95ebbb44548e5538b2d33d0cd4485c89764ce96dd263a11f6f8cd48c428707cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 18:04:56 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30093
x-xss-protection: 0
expires: Wed, 07 Apr 2021 18:04:56 GMT

GET
H2 200 tags.js Show response
js.datadome.co/ Frame CF1E 138 KB
23 KB 721ms
279ms Script
text/javascript 52.222.179.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.datadome.co/tags.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.179.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-179-8.ham50.r.cloudfront.net

Software

Apache /

Resource Hash

f0ae7eec6c7320a453f1de26fe0855ddd4cfa6a5e44b8b0c6cd99d958dfbe9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
content-encoding: gzip
etag: "227f1-5bf4d7688f02e-gzip"
age: 3581
x-cache: Hit from cloudfront
content-length: 22669
access-control-allow-origin: *
last-modified: Tue, 06 Apr 2021 13:05:05 GMT
server: Apache
date: Wed, 07 Apr 2021 17:05:15 GMT
vary: Accept-Encoding
content-type: text/javascript
via: 1.1 6c0cf54c85a45b06ce06eb9b5a31a1c6.cloudfront.net (CloudFront)
cache-control: max-age=3600, public
x-amz-cf-pop: HAM50-C1
accept-ranges: bytes
x-amz-cf-id: rjc4b-Qoq8kaug4TzHaglhjSWdwa1q2uvzFeimd_8Li3BJQQuKsZ7Q==
expires: Wed, 07 Apr 2021 18:05:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame CF1E 15 KB
16 KB 25ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://geo.captcha-delivery.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Apr 2021 21:15:20 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 161376
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Tue, 05 Apr 2022 21:15:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame CF1E 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: postmaster.hdforum.net
URL: https://postmaster.hdforum.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 1489
date: Wed, 07 Apr 2021 17:40:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Wed, 07 Apr 2021 19:40:07 GMT

GET
H/1.1 200
OK gettype.php Show response
api-na.geetest.com/ Frame CF1E 551 B
948 B 671ms
236ms Script
text/javascript 99.83.174.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-na.geetest.com/gettype.php?gt=1e505deed3832c02c96ca5abe70df9ab&callback=geetest_1617818701206
Requested by: Host: geo.captcha-delivery.com
URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.174.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ab84974fe32bbfb53.awsglobalaccelerator.com
Software: openresty /
Resource Hash: 12a77d98788ee8b83ce6ad2c8f9bfc6429497060c56b54d99623f8279db28038

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 18:04:56 GMT
Server: openresty
Etag: "da5015783d48c1e093755661ffed1c5aaf614aa4"
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 551
Expires: 0

GET icon16.png
jnhgnonknehpejjnehehllkliplmbmhn/images/ Frame CF1E 0
0

POST
H/1.1 200
OK / Show response
api-js.datadome.co/js/ Frame CF1E 219 B
474 B 811ms
211ms XHR
application/json 18.194.14.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-js.datadome.co/js/
Requested by: Host: js.datadome.co
URL: https://js.datadome.co/tags.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.14.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-14-91.eu-central-1.compute.amazonaws.com
Software: DataDome /
Resource Hash: 1671dabe40cd66fa315b81e31e9e1481e7db2c17ed4c14f60be99ec56885b3bc

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 18:04:57 GMT
Server: DataDome
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 219
Expires: 0

GET
H2 200 fullpage.9.0.3.js Show response
static.geetest.com/static/js/ Frame CF1E 312 KB
93 KB 65ms
31ms Script
application/javascript 2600:9000:214f:ea00:1:149e:16c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.geetest.com/static/js/fullpage.9.0.3.js
Requested by: Host: geo.captcha-delivery.com
URL: https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAO4NgpUVCvt4Awm5y7A%3D%3D&hash=77DC0FFBAA0B77570F6B414F8E5BDB&cid=TcDbtYBYYKxs0FBLRqB34WcJDlAWm8giJ2HNoVA1oPFyfwagKXv7IWvEmgo25IKuK4xNIo-ghI3sW5eZqktlI2Jf6WvFR0M.1C~SZXQFIC&t=fe&referer=https%3A%2F%2Fallegro.pl%2F%3Futm_source%3Dadmitad%26utm_medium%3Dafiliacja%26admitad_uid%3De67002823997205fedf120d86907eae5&s=29560
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:1:149e:16c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 42b01bce6955deea626fa097570563009a94932e0dd05a079c4fd464fe8d5eef

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 19:27:09 GMT
content-encoding: gzip
x-oss-request-id: 606CB60DAB529B3137F9C108
content-md5: asKUcJ4yWZEsD1qDU/Zl1Q==
age: 81468
x-cache: Hit from cloudfront
x-oss-object-type: Normal
last-modified: Wed, 27 Jan 2021 04:33:26 GMT
server: AliyunOSS
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-oss-storage-class: Standard
x-amz-cf-pop: FRA53-C1
x-oss-hash-crc64ecma: 17762644525429387201
x-amz-cf-id: PN5hMQkwx5S6fLygse9xRKB8K4vhtaYQOavlUJOIRP1OKHc1bXQj2g==
x-oss-server-time: 1
expires: Sat, 23 Jan 2021 03:54:42 GMT

GET
H/1.1 200
OK get.php Show response
api-na.geetest.com/ Frame CF1E 854 B
1 KB 612ms
217ms Script
text/javascript 99.83.174.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api-na.geetest.com/get.php?gt=1e505deed3832c02c96ca5abe70df9ab&challenge=baee303e485fd0df2a2bd466c48d4658&lang=en-us&pt=0&client_type=web&w=YEIdw33juqshN(5ULiacpa)((49QfX1Z6Wi0v1fus)7qqG2IjGbEbQKdw71PBCHcCi7Mn)wHLYNEdg6kaumBpHzXoX(aQUUmsx79nFS50RnIaODImBhH)lo6nkrh(RztaTvV49qBENPVmYJj9TbtAD39HyLVS2Hjae3kC(PnIKtk)BxES40t(WQVK3YWDBqYa41LM1h2tLFqC8dH8yBC2OFUbEYDlcxwsYVxS)LrQ23cbF343S7T)rHN2Ez)X3waGlkIlV3OhMftcRMAasbOFkp)R2AXbu8bM28QRfXxhnaxe3AAn3wUtxsT6fIzq4giBI5YeOyRd2BaIRIovsmcodAFjhhzZOfCNHEqBCLEe805ABjr4tMZML5dZdzglkH6OWB())qZ4jZuQaXuubYvCeDTtIMfebaJgqsDribZ2VswQoO9EylxWO0EhQbepOQmgzvEvl3HBYSptU)MGwk6mmjrt4UwQIsLJC0QnQZ0Z8mUzxuGeiETISJTu0IlVdsg)18x4aewv9TzIobTbxjc4RTAR)oD0fbXB1TvcSlsNI2DaSbWrDQaMfqliHFnPKYuy(DegyXCLgWGUbqtH0K7y)46jvVOlNGmKI3iTtnJh5eHZFSr8D1VvQXdqRBthhQGIrabtv45cbGgYh)WPCRVe5wJM76n45dRK4y7q()DQxgrhb4SRjBiYMZIiIue1JOtc0(NzHvSRIvpPMQzgmuitxtdVSbLdzT2McFKXpGTfF8jCQKlD)Y8tqCyFjZNm9bURcIQQx6mAFog5P1a(GkuOcoNowL7L7lPYISquwU3p(uHphM()QJK3U0A6E3L7VlQL26B3FUeZcyZKrV0Tj37nToX4m9bULe3g(Q4eXVh5CV(Ul60wVwHvfe5p2t(0Qqj3vJzSwCoKmTV9pZaMLCGWgF7WuDktbI4MQen0ztZzBX5ejgEgwGwDTx4lfQ9w68SzROq3a4JtXk3RyXv1ryPqB9lmsuNGo64yeqytWjttRnYLPSl1)Von8eMzc3bLUIjgrGKlNOOh)zcxxhA(rEjykxrBEcQgpLbjyizDjcMKkDrx5ShnqEt3ZyMBxujG)s5O6pP1QHbCUUu25uR9TfkQI1y2P5WWFJaF)IHWbG8bk4RXwYu5GF7DR8xxA6p3viPEe3bmrlE(mAgezNrwn56sLNy))POgqLGWbX2)Do7XrrOOS8e9o9kR(oFbwde2XXxGgm5zXVfCyybEthC6ugiCwDWA9IUqylJaEKVUimcOufJER7Uxm1yWQB)msmRBNoaQsCexgh)AGqwwOkIT07rHkerd86MrGpIwBdVDXc4fjZTTdNUd1F2Zcmbo1ThOPPCBWSuYjUai6V6mUsJWxvTdwem5NwiuQL98cJc00X2Zj6J4QpNDdUQgo4f0cTnfdkK4h(7qUrZYgCPoefqL2stDMbkiUGcJfRPHVofTHb1JDvAex6RP(UXZcZBxYw9(HruGjJbv47y6sU2g4jWnbc)NM3PbePWKAkWVjzF1JZj3(cqVaPmUVr4cGc9HhuqJXe212BVm3fr1rdmrU9YB6(yXvlrKtS07Tss(I)cia4kiyCRefH0FSpjA5zdh7CYR9xh2cAVkgbo6umV6DFzCXhpc)mCYZleyHSx(FudbcBJ(nBr2QiDyoQ2j)vnyKG4UZVz0fqnFDJrkESU8FBjFW2ePRkZzygmvPv(gSrUjDy9pB0nrDQqhmFNCp4B0iWE26lYTg8vTQ2pu4M)su4cugoBATDbf2n6FwFK3cZWpKB4RJPh6zQQjqipANZO6MngA15F0f728491a3c45d3def600dccbb9d20d00902c0b2a01e4e0d0f638454159860ebcfb697008d760e96000291c50264e1adb596162d77e1f3aea823b5b746af89ce7e74a0ce748ac39921bbc8553c693b7d4f224bb5c619da65686115a0e086410da6dfa601c597f4add5922b2bedf7d0bf6ce33cb5fa49056c44070f7b4a64a8f2&callback=geetest_1617818700444
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/static/js/fullpage.9.0.3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.174.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ab84974fe32bbfb53.awsglobalaccelerator.com
Software: openresty /
Resource Hash: 854342f86d12773b8bec1f1e43a21a145e620e418642ee7a57972e78c95cc6a1

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 07 Apr 2021 18:04:58 GMT
Server: openresty
Etag: "01d019a43a6e4670781040a0c6a80ece6f9385a2"
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 854
Expires: 0

GET
H2 200 style_https.1.5.8.css
static.geetest.com/static/wind/ Frame CF1E 40 KB
5 KB 13ms
12ms Stylesheet
text/css 2600:9000:214f:ea00:1:149e:16c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.geetest.com/static/wind/style_https.1.5.8.css
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/static/js/fullpage.9.0.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:1:149e:16c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e

Request headers

Referer: https://geo.captcha-delivery.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 07 Apr 2021 17:06:06 GMT
content-encoding: gzip
x-oss-request-id: 606B42D2F1151C31399EB181
content-md5: P7aqz9WuLTiU8vALDV8yNg==
age: 3704
x-cache: Hit from cloudfront
x-oss-object-type: Normal
last-modified: Tue, 24 Mar 2020 07:16:39 GMT
server: AliyunOSS
vary: Accept-Encoding
content-type: text/css
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
cache-control: max-age=86400
x-oss-storage-class: Standard
x-amz-cf-pop: FRA53-C1
x-oss-hash-crc64ecma: 8727683345402674844
x-amz-cf-id: ir7y9jam59Wu4yGgrhH-R96XLgcPQGtqka0_5Ww6kStJktyJzZfLkA==
x-oss-server-time: 19
expires: Wed, 25 Mar 2020 07:16:37 GMT

GET
H2 200 sprite.1.5.8.png
static.geetest.com/static/wind/ Frame CF1E 3 KB
4 KB 54ms
54ms Image
image/png 2600:9000:214f:ea00:1:149e:16c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.geetest.com/static/wind/sprite.1.5.8.png
Requested by: Host: static.geetest.com
URL: https://static.geetest.com/static/wind/style_https.1.5.8.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:ea00:1:149e:16c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AliyunOSS /
Resource Hash: 0e743066373cce49251230c376f985e34018fabb8f30d8c643a3933c0143dd93

Request headers

Referer: https://static.geetest.com/static/wind/style_https.1.5.8.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Apr 2021 23:43:36 GMT
via: 1.1 f8895de4463e8d120a0f4b4a1f7703e4.cloudfront.net (CloudFront)
x-oss-request-id: 606501423A7EA733373078F4
content-md5: uDxOrr+kOl0ccdj6TMxlOQ==
age: 66086
x-cache: Hit from cloudfront
content-length: 3429
x-oss-object-type: Normal
last-modified: Tue, 24 Mar 2020 07:45:06 GMT
server: AliyunOSS
etag: "B83C4EAEBFA43A5D1C71D8FA4CCC6539"
content-type: image/png
cache-control: max-age=86400
x-oss-storage-class: Standard
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
x-oss-hash-crc64ecma: 18443336215562156834
x-amz-cf-id: oYhBhUaLzD66WI2pX6C_mvKFEMTmcT99oEbYVgdPC618ua-1KCRf0w==
x-oss-server-time: 35
expires: Wed, 25 Mar 2020 07:16:41 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: jnhgnonknehpejjnehehllkliplmbmhn
URL: chrome-extension://jnhgnonknehpejjnehehllkliplmbmhn/images/icon16.png

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

654.pl
ad.admitad.com
allegro.pl
api-js.datadome.co
api-na.geetest.com
brapwear.com
btpnav.com
ct.captcha-delivery.com
firmis-min.com
fonts.googleapis.com
fonts.gstatic.com
geo.captcha-delivery.com
jnhgnonknehpejjnehehllkliplmbmhn
js.datadome.co
postmaster.hdforum.net
static.captcha-delivery.com
static.geetest.com
track.tkbo.com
track.vcdc.com
www.google-analytics.com
www.googletagmanager.com
jnhgnonknehpejjnehehllkliplmbmhn
143.204.209.68
159.69.83.207
167.233.8.197
18.194.14.91
18.235.67.128
209.15.13.136
212.224.118.36
213.189.52.246
2600:9000:214f:2800:7:c516:5a80:93a1
2600:9000:214f:ea00:1:149e:16c0:93a1
2606:4700:3035::6815:625
2a00:1450:4001:800::200e
2a00:1450:4001:809::2008
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2003
5.134.213.82
52.222.179.8
99.83.174.33
06c92e8121246cc529a2407f6673f643eabaf64e23d09948756210e8b295f258
0a41472111ea36c51720b6f3501f388986919018f40c2833b86f13230f775c02
0e517748df4d65271be4b6eb7605bcc058521f094309d8e2c4b46e32185660fe
0e743066373cce49251230c376f985e34018fabb8f30d8c643a3933c0143dd93
12a77d98788ee8b83ce6ad2c8f9bfc6429497060c56b54d99623f8279db28038
12eab2f5b1e1b890f8d43da2b6e40117735caabfac9d062b8e28a680e6d883ad
1671dabe40cd66fa315b81e31e9e1481e7db2c17ed4c14f60be99ec56885b3bc
2f2792a94fdf35b39240ed6e151dd7e1ced76fdc0ae49f6957db59666fd79a66
2fbcb0b79fa4952c6890e0f5138b8b0a91fa1e63e9e02a70cd37ad7ef1e1dde6
42b01bce6955deea626fa097570563009a94932e0dd05a079c4fd464fe8d5eef
4aa355b64f75bc8293836eb2ca7ff4a0d7230f361c2e9b1b2d7394ac7c540f90
54ebe3e069491e054c84c4fabf726881dd89d14599e38b307415e356ccffe62e
763e9a60b92e9c21696c98aae3bfcd0ee3e526395f4f8d745f767a6363e2815f
854342f86d12773b8bec1f1e43a21a145e620e418642ee7a57972e78c95cc6a1
8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e
94cecebeaca13ba2be56406cf198965621e6a119d22ffffe528c3754e1ee77bc
95ebbb44548e5538b2d33d0cd4485c89764ce96dd263a11f6f8cd48c428707cf
99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d68aa7764577306d404166e628972c8c521b5879c255e5cfcd17b65ddf5fea46
db3e90ff1f19da8138302c37bcbb22df0ca6df6bfb607969f0ef043c3da8b1a2
ed243a7fa712a26559089ad5eadb7bffb314357ac21966fe20f5cef1fb6355b1
f0ae7eec6c7320a453f1de26fe0855ddd4cfa6a5e44b8b0c6cd99d958dfbe9fa
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
fab79f1dfdc7b759da9e1c4d80169bc879352b47bf0cf9352e3eeaed39e55de7

allegro.pl Open in urlscan Pro 5.134.213.82 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

35 Requests

86 %HTTPS

39 %IPv6

17 Domains

21 Subdomains

17 IPs

4 Countries

421 kBTransfer

1033 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

allegro.pl Open in urlscan Pro
5.134.213.82 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

86 %
HTTPS

39 %
IPv6

17
Domains

21
Subdomains

17
IPs

4
Countries

421 kB
Transfer

1033 kB
Size

0
Cookies

35 HTTP transactions
0 data transactions