querieswater.info Open in urlscan Pro
2606:4700:3037::ac43:d103 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://storage.googleapis.com/335642585ad344a3d58aff7fbb7486/55cb982e8efc89415c7d0d5d03a04d#cl/50562_md/1/109036/7723/2035/784839
Effective URL:
https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
Submission: On November 24 via api (November 24th 2022, 8:21:41 am UTC) from DE — Scanned from DE

Summary HTTP 52 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 9 domains to perform 52 HTTP transactions. The main IP is 2606:4700:3037::ac43:d103, located in United States and belongs to CLOUDFLARENET, US. The main domain is querieswater.info.
TLS certificate: Issued by GTS CA 1P5 on November 16th 2022. Valid for: 3 months.

This is the only time querieswater.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1	2a00:1450:400... 2a00:1450:4001:82b::2010	15169 (GOOGLE) (GOOGLE)
1 13	2a06:98c1:312... 2a06:98c1:3120::9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:6ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	141.98.5.181 141.98.5.181	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL)
1 1	2606:4700:303... 2606:4700:3031::ac43:d77a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	2606:4700:303... 2606:4700:3037::ac43:d103	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
52	10

1 2a00:1450:4001:82b::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a06:98c1:3120::9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

thanksbeet.exploratorygifts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:6ad (United States)

ASN13335 (CLOUDFLARENET, US)

code.ionicframework.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.98.5.181 (Bulgaria)

ASN8100 (ASN-QUADRANET-GLOBAL, US)

tryeleveat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:d77a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

herringfoods.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2606:4700:3037::ac43:d103 (United States)

ASN13335 (CLOUDFLARENET, US)

querieswater.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

trk-epicurei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	querieswater.info querieswater.info	8 MB
13	exploratorygifts.com 1 redirects thanksbeet.exploratorygifts.com — Cisco Umbrella Rank: 404760	151 KB
3	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 469 fonts.googleapis.com — Cisco Umbrella Rank: 52	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 67	116 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2118	348 B
1	trk-epicurei.com trk-epicurei.com — Cisco Umbrella Rank: 213971 event.trk-epicurei.com Failed	3 KB
1	herringfoods.com 1 redirects herringfoods.com	694 B
1	tryeleveat.com tryeleveat.com	386 B
1	ionicframework.com code.ionicframework.com — Cisco Umbrella Rank: 14471	9 KB
52	9

	Domain	Requested by
27	querieswater.info	tryeleveat.com querieswater.info
13	thanksbeet.exploratorygifts.com	1 redirects storage.googleapis.com thanksbeet.exploratorygifts.com
2	www.googletagmanager.com	querieswater.info www.googletagmanager.com
2	fonts.googleapis.com	thanksbeet.exploratorygifts.com querieswater.info
1	region1.google-analytics.com	www.googletagmanager.com
1	trk-epicurei.com	querieswater.info
1	herringfoods.com	1 redirects
1	tryeleveat.com	thanksbeet.exploratorygifts.com
1	code.ionicframework.com	thanksbeet.exploratorygifts.com
1	storage.googleapis.com
0	event.trk-epicurei.com Failed	trk-epicurei.com
52	11

This site contains no links.

Subject Issuer	Validity	Valid
storage.googleapis.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.exploratorygifts.com E1	`2022-10-24` - `2023-01-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
ionicframework.com Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
tryeleveat.com R3	`2022-11-09` - `2023-02-07`	3 months	crt.sh
*.querieswater.info GTS CA 1P5	`2022-11-16` - `2023-02-14`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
*.trk-epicurei.com E1	`2022-10-12` - `2023-01-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
Frame ID: 74D46F07DD9B9B8D43330D626490E192
Requests: 50 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[1] Prämie ausstehend - Lidl - Wir wollen Ihre Meinung!

Page URL History Show full URLs

https://storage.googleapis.com/335642585ad344a3d58aff7fbb7486/55cb982e8efc89415c7d0d5d03a04d Page URL
https://thanksbeet.exploratorygifts.com/ Page URL
https://thanksbeet.exploratorygifts.com/cl/50562_md/1/109036/7723/2035/784839 HTTP 302
https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md Page URL
https://herringfoods.com/?s1=350357&s2=858549796&s3=4617&s4=1&s10=1821 HTTP 302
https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

52
Requests

92 %
HTTPS

90 %
IPv6

9
Domains

11
Subdomains

10
IPs

3
Countries

8796 kB
Transfer

9812 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://storage.googleapis.com/335642585ad344a3d58aff7fbb7486/55cb982e8efc89415c7d0d5d03a04d Page URL
https://thanksbeet.exploratorygifts.com/ Page URL
https://thanksbeet.exploratorygifts.com/cl/50562_md/1/109036/7723/2035/784839 HTTP 302
https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md Page URL
https://herringfoods.com/?s1=350357&s2=858549796&s3=4617&s4=1&s10=1821 HTTP 302
https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

https://thanksbeet.exploratorygifts.com/cl/50562_md/1/109036/7723/2035/784839 HTTP 302
https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md

52 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 55cb982e8efc89415c7d0d5d03a04d
storage.googleapis.com/335642585ad344a3d58aff7fbb7486/ 120 B
699 B 121ms
38ms Document
text/html 2a00:1450:4001:82b::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/335642585ad344a3d58aff7fbb7486/55cb982e8efc89415c7d0d5d03a04d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 206
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-length: 120
content-type: text/html
date: Thu, 24 Nov 2022 08:18:05 GMT
etag: "c43223d565ae99609fc756a855cbd455"
expires: Thu, 24 Nov 2022 09:18:05 GMT
last-modified: Tue, 11 Oct 2022 15:28:21 GMT
server: UploadServer
x-goog-generation: 1665502101688546
x-goog-hash: crc32c=qd/HgQ== md5=xDIj1WWumWCfx1aoVcvUVQ==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 120
x-guploader-uploadid: ADPycdufaCTUzwQ66jPOB4_9xdlYlsSBlkmQgpL9TqBbXPg2jzZZu-smVr63mK9JkZpq4E3Q5I2WFjKvufc5vDJAABXALA

GET
H2 200 /
thanksbeet.exploratorygifts.com/ 16 KB
3 KB 196ms
108ms Document
text/html 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thanksbeet.exploratorygifts.com/
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/335642585ad344a3d58aff7fbb7486/55cb982e8efc89415c7d0d5d03a04d
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash

Request headers

Referer: https://storage.googleapis.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76f0bb485b829a05-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 24 Nov 2022 08:21:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SyhhF0FCZ9C3%2BoWnrPXadadoRaV4DXdKyObBbWV3FwDt3et8QosSDfnYckDOm1R34Uuvf%2F%2Fm47sUEreLrs2a7PxMNncywudUVO8viOxSHV2Kv82smzkYRrMfSVtPFl86EzIEIZmxVst36ivOfLCNC%2Fg72FLH4p9qdNMBFj7D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

GET
H2 200 css
fonts.googleapis.com/ 2 KB
918 B 129ms
46ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,300,700

Requested by

Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 24 Nov 2022 08:21:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 07:59:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 24 Nov 2022 08:21:31 GMT

GET
H2 200 ionicons.min.css
code.ionicframework.com/ionicons/2.0.1/css/ 50 KB
9 KB 140ms
56ms Stylesheet
text/css 2606:4700:20::681a:6ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:6ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-fastly-request-id: c443255faafd08ef4450ea35813d39b1c71ca1e8
date: Thu, 24 Nov 2022 08:21:31 GMT
via: 1.1 varnish
content-encoding: br
expires: Thu, 10 Nov 2022 22:34:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 76290
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-hhn4025-HHN
last-modified: Fri, 28 Oct 2022 02:55:05 GMT
server: cloudflare
x-github-request-id: 823C:10031:6D4A86:7028B4:636D7A3A
x-timer: S1669201801.054739,VS0,VE1
etag: W/"635b4489-c854"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5BWJPqwI5tNVRc80mRvkLhLER9i%2B7sw%2Fd3MYmTBX7ftnszwhUGlwC0ROgaVaJP69UGYqw3atr69OlKqx37csoU58g%2BIJdzfpNVOdHqFJLgp%2BW2S%2Fan7rdzQ8O0PiLt2I%2BZtd0IRZy6TZ6mE5d5x1ElW1Ld68"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
x-origin-cache: HIT
cf-ray: 76f0bb499927bb74-FRA
x-cache-hits: 1

GET
H2 200 bootstrap.min.css
thanksbeet.exploratorygifts.com/css/ 111 KB
19 KB 60ms
58ms Stylesheet
text/css 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thanksbeet.exploratorygifts.com/css/bootstrap.min.css
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7074
etag: W/"1bd5b-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jsjz0o%2BB1y7qQfLxcHLQBHT9f7JpPHr6%2B7bXPlIVVuahm3U%2FovBKd%2Fa95o%2B95kZDhSfNBIIE3a7nzZy1bdQO%2Fr%2Fw9lXMr9g%2F9nfoC21VMP%2Fq6K2IGt9kUilIidWEmWSiPr877%2Fa5QfuzcQuxAFRTdBSqceX8U9ORwYfRlyI"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f0bb491d079a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 font-awesome.min.css
thanksbeet.exploratorygifts.com/css/ 21 KB
5 KB 58ms
56ms Stylesheet
text/css 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thanksbeet.exploratorygifts.com/css/font-awesome.min.css
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7074
etag: W/"55e0-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NzXVcfJOdwPiQBZeGZTtpP9OkwEjy6MwZDkMo8V0wtvYz5L0KRqmnwKvj2pkDQ8COqd2D1jOGqUvqQDr5a3AxDUI95OEnd92qqX%2BFTV3fmnCDKPxq2ELjPqFSI6WI%2F40xA7YtgGz6o7Q7l%2Bf%2Bq3HAFWSnN%2BPdxa9KHYY7bEp"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f0bb491d0c9a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 owl.carousel.css
thanksbeet.exploratorygifts.com/css/ 5 KB
1 KB 67ms
65ms Stylesheet
text/css 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thanksbeet.exploratorygifts.com/css/owl.carousel.css
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7074
etag: W/"1206-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zUHio4tj5XR8lbMiOSRaHwpKOZfa6KwqWvCdEcdfI4LtYWQ7hmd%2FjeUrQdYBbpUlDT4LCKFUoHi7KUGDl65w1tXmV3h9ddq40U7SIjX%2FruQgk22tt4c9583ZhvJetYid6aBY%2FC8MfRMlyp2Umg%2FuAzjMg08LMcJXRaRHKFn8"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f0bb491d119a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 animate.css
thanksbeet.exploratorygifts.com/css/ 73 KB
5 KB 50ms
48ms Stylesheet
text/css 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thanksbeet.exploratorygifts.com/css/animate.css
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7074
etag: W/"12279-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kkkZFFx1CJ1sjw3jcpRUQFGwVXVA2XDZ5hNVxsjWeA2KmStfAWzufCZBsIpmE7u57oF0k%2FPQuW4BS4A70WiR9xqAs%2BpSQCTDYsfT%2FAT916Lt1P69PzlAfFlll5sJGWQjLKXgGSL4nt58kqjL%2BEeFKF7QqRcNP6UlKRQgBXRZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f0bb491d189a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 main.css
thanksbeet.exploratorygifts.com/css/ 17 KB
4 KB 65ms
64ms Stylesheet
text/css 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thanksbeet.exploratorygifts.com/css/main.css
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7072
etag: W/"4452-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UeN%2BJmd4O3wJEgQ%2FDmzXlz3f86QuFlkZinKE2Pdy9kSvlX3gvkUMJWHxrDl5cyvgSwH0e46wiLvUhGaV7isqZqK8O1VQTnN0TQLMuNaGMiPxxgJPX%2BVNbRheTnts5web%2FbZGAsyan%2BVlCYj6HNv5QI4zzn%2FA%2FaXKY31U4jO%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f0bb491d199a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 responsive.css
thanksbeet.exploratorygifts.com/css/ 2 KB
834 B 57ms
55ms Stylesheet
text/css 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thanksbeet.exploratorygifts.com/css/responsive.css
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7074
etag: W/"80f-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XzZWZjmxXkapXJkx2W8n3tO%2FLyJcO16VeJbuFsEKTVq8gtRBBc6kJ8NQyMeszZKEv6GTQc0aB1wcCu4YpwBO31tEsEtPWAZgaUi6hYw7H4EjCWXJbVh9CiT8Pe1QKhntAcWwXAVHpDYROx6%2BzhWHk5nQcrC75urveIFeQYKA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f0bb491d1b9a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo.png
thanksbeet.exploratorygifts.com/images/ 3 KB
3 KB 48ms
48ms Image
image/png 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thanksbeet.exploratorygifts.com/images/logo.png
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 152
etag: "b67-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dpW8iFGp7GURCMON7X97vNZB4oKTSZ2xOlmaC2rdMwKX6yHdPkP4UA05hfby13BNVnIlsw6EaBrNnwwXhvCRjV3SunK0AbyuqqDQ4%2FGzsuI2rJcvmBPQn8RlhJ9V5%2Fr3feK%2Fl9gNNfQhutgpelkRpFdaGk8So5H9h5%2BEuhFa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f0bb49ec5f9945-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2919

GET
H3 200 logo-2.png
thanksbeet.exploratorygifts.com/images/ 3 KB
4 KB 48ms
48ms Image
image/png 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thanksbeet.exploratorygifts.com/images/logo-2.png
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7071
etag: "c30-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mp6CiKnxRwv03MMJ32snqZiHtrl%2B%2FCnRIA7%2FBeUfj15nEsa%2F1ynG72VCxeRBL9hoEVvvCYZBdFKnsg4AyNUuV2%2FOjALNz82RiRMqSWTIyyWuo7UxLSD1SbS6KUCyLe%2BXGbCEOQaFKeVkNRDHwkq1dX7iwjvKv%2FgrKrU8zDjc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f0bb49fc829945-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3120

GET
H3 200 1.jpg
thanksbeet.exploratorygifts.com/images/about/ 50 KB
51 KB 48ms
47ms Image
image/jpeg 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thanksbeet.exploratorygifts.com/images/about/1.jpg
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 152
etag: "c8c7-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lpMqhg4Ljjbd5F%2B%2Fm6NOPOgjO5kHnKXxaziQnwRd00SKAmCVDW%2BFoKz6WiNO5%2BNE8S9BL0XKpE1jx%2BJwZeCGaFDJGjuqwUVYpo1HWDoY%2FjXaJE4RcJslIq9hm7DKLjbd%2BXaa2Q0roE%2BmTpUvjmeAiJW6iHc2fXJtLkHL8lsH"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f0bb4a2cea9945-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 51399

GET
H3 200 2.jpg
thanksbeet.exploratorygifts.com/images/about/ 34 KB
35 KB 113ms
112ms Image
image/jpeg 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thanksbeet.exploratorygifts.com/images/about/2.jpg
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:31 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7071
etag: "889e-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s1io41LU2Npoaxw5icnffLO96HE%2BxMCztX9yMNj%2Fn0%2F8338jNF4jvX0c0fM0dW9QlYGGMrySJMWTyf%2FKgtxFXDmYWO8%2BZNpu3UArj1cGcFg01%2BywOPAPHRHUajCjE%2FFXw1p%2BHjr2XqASjxpyGVpPbPaSNxbSUuSR181GJq90"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f0bb4a4cff9945-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34974

GET
H3 200 3.jpg
thanksbeet.exploratorygifts.com/images/about/ 19 KB
20 KB 53ms
52ms Image
image/jpeg 2a06:98c1:3120::9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thanksbeet.exploratorygifts.com/images/about/3.jpg
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://thanksbeet.exploratorygifts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:32 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2016 10:38:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 153
etag: "4c50-539c95f33e700"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GiLpYKzAyu92VZ%2BTnSjHJcQwERTHfaU6gQC3%2FKvSVWtHqjDD1r9iJ9MT0052ngCBOTpfqHI04r92yyHzV8%2BfxqYBMNLWCCDIycbrAS%2BQDWTvU0eI9PvX%2F5YUK2IQNE96ASkwS%2BsaX6pDRnVhWcUIM28p1yW1V044ii1%2B60rh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f0bb4afe519945-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 19536

GET
H/1.1

200
OK

2035_784839_109036_2815282_md
tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/
Redirect Chain

https://thanksbeet.exploratorygifts.com/cl/50562_md/1/109036/7723/2035/784839
https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md

133 B
386 B

1147ms
609ms

Document
text/html

141.98.5.181
ASN-QUADRANET-GLOBAL

General

Check archive.org

Show headers Download Go to

Full URL: https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md
Requested by: Host: thanksbeet.exploratorygifts.com
URL: https://thanksbeet.exploratorygifts.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 141.98.5.181 , Bulgaria, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://thanksbeet.exploratorygifts.com/#cl/50562_md/1/109036/7723/2035/784839
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 133
content-type: text/html; charset=UTF-8
date: Thu, 24 Nov 2022 08:21:33 GMT
server: Apache

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76f0bb492d4c9a05-FRA
content-type: text/html; charset=UTF-8
date: Thu, 24 Nov 2022 08:21:32 GMT
location: https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oUW%2BNVMFMGfMBLBmaBBGXfIye6FpGMlfsuPrnPsJ5hmA9HQCbC95ViYwqeVbPuIKq5u172ZM7upwhGJRUMtZqse3jEeqNDhGGPpzew%2BbcBq5WlSJa9cCOlH7HLTfrNGq%2FFHO%2FdyoWySqAT5ErFwwCWwTmkXwO0acI474FKzC"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.1.33

GET
H2

200

Primary Request 3ad2fd3849cccaf044afa5af0244d196 Show response
querieswater.info/
Redirect Chain

https://herringfoods.com/?s1=350357&s2=858549796&s3=4617&s4=1&s10=1821
https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

232 KB
34 KB

861ms
760ms

Document
text/html

2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Requested by

Host: tryeleveat.com
URL: https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d799465b2ff56b61cbc78cc98c211953662f6bd703a1dee93947c4bdd4119b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://tryeleveat.com/0/0/0/3b194f1e6d21a476bb22a94c87d8ad1b/1/50562_15/2035_784839_109036_2815282_md
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 76f0bb5a6c9c9a15-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 24 Nov 2022 08:21:35 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I7Unn13weqs0JBpAxmdlIvElpj3CzFwIZHLisBaOxHD84VTnnAlsnI5%2FtfY26ufIBYmHa2bdgwDqQ3GstgrIypONeKfr0TFRPLZMGUaRgdDqITg0C1KDpBnFUTn2zd%2FnxavEnpBTGUA%2BMZo3gsrwjg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 76f0bb57be329bf5-FRA
content-type: text/html; charset=UTF-8
date: Thu, 24 Nov 2022 08:21:34 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IMH%2FlO6yRPi9gloxWtDt861NPi%2FnSlyZv%2B0Uxyslai%2Fv6dufhb2kLyQbpYXXPCfRswptWx5zMPJBOBQBXYUtg%2BrVFAOKxyTppvA6tsm4yggupJZj09xZ3R3r9%2BygFvQpkr7MiTP7x12hgdv0bIZc"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: User-Agent,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 bootstrap.min.css
querieswater.info/assets/vendors/bootstrap-4.5.3/css/ 157 KB
25 KB 132ms
52ms Stylesheet
text/css 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/vendors/bootstrap-4.5.3/css/bootstrap.min.css

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 209722
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 20 Aug 2021 13:04:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UdWxf8JrhHtNbrBH%2BYMnq9tnJnX0wrzQsDVZ511toDSe%2BQMlaXBW%2BMfu827K9yhMNedaNQ4aXEyvW8AortBTUgWDiLlP75U72TDwL1Khof36C%2BrF33m5%2BHAg2uoAwleXx1SOg5XIbF5w7h4bWc072Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5fcea98fef-FRA
expires: Mon, 28 Nov 2022 22:06:13 GMT

GET
H3 200 all.css
querieswater.info/assets/vendors/fontawesome/css/ 72 KB
13 KB 172ms
89ms Stylesheet
text/css 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/vendors/fontawesome/css/all.css

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 209722
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 19 Jul 2021 19:01:59 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UdYb4qDoamJJthxiEZ71sDay6O3SSNrSFU3hWAtpDLDQh0%2B2xaIRRjRIwa25qnOJ6BHb%2BcjM0CA%2F4DsAQ3NxbTioc%2BvX1HljGkzIsib3UIBHTpEZYaVfznkAJ12h6hkq9BD19sAuFakEx37u4zuBDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5fceaf8fef-FRA
expires: Mon, 28 Nov 2022 22:06:13 GMT

GET
H3 200 common.css
querieswater.info/assets/css/dublin/ 37 KB
9 KB 503ms
420ms Stylesheet
text/css 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/css/dublin/common.css?v=6f61c4ca0f6fca482901744fad8f81c2

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28b13c440c7f30d0f83504cc0f9ed973e76160f8b65afe1b5d17a7763f172e8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 17 Nov 2022 22:46:18 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uuv9HjaIRo9d7B5mmPY1oCDRNBdihhM%2B3Mr2XFk1pMiTK%2B1m%2FJSpQKHaG7fgT%2BDwVa8ifsz0L845Yj9SF%2FG8uESjbjo70craaVw3owPs60PG262PPlTLLQASUfjXbhO%2BTYhzqCMKqPJMoXbpW4W8Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5fceb08fef-FRA
expires: Thu, 01 Dec 2022 08:21:35 GMT

GET
H3 200 msg.js Show response
querieswater.info/inc/ 942 B
987 B 131ms
48ms Script
application/javascript 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/inc/msg.js

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06c3f3452108be85c9304eb8e6fc6dc831534e12362cfd03afd47f4320f894a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 209722
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 20 Oct 2022 12:25:37 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JscwatHNd91KL4nhm2ngXPkmBQGodItIdOpdPVyba6UsUwz41P0QzNddwH6VgOH005BEBDCNN7Tung3BJP9bQGVZLF9ngh9gvC%2BDPCXaCeIxG8Ci%2FyelbTZTIBvdobdvBqjKWpXfLX%2BSLicu50KD9g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5fceb68fef-FRA
expires: Mon, 28 Nov 2022 22:06:13 GMT

GET
H3 200 jquery-3.4.1.min.js Show response
querieswater.info/assets/vendors/ 86 KB
31 KB 110ms
110ms Script
application/javascript 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/vendors/jquery-3.4.1.min.js

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 209722
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 20 Aug 2021 13:04:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMNVDk8SKSRy%2BGB43Bb49YNzAoYLcjPK6Ua3dupLt%2BzlKYBEGzwslWyip8OdeB11nFtyBFrhR4MsLDv3efPGoA%2FulnnbUhNEkVZl8yRVMJPC%2FaVUTZmMvuGy7jRBJj8KC4EFlDAHOyajAbsl217wzg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5feed48fef-FRA
expires: Mon, 28 Nov 2022 22:06:13 GMT

GET
H3 200 bootstrap.min.js Show response
querieswater.info/assets/vendors/bootstrap-4.5.3/js/ 62 KB
16 KB 146ms
146ms Script
application/javascript 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/vendors/bootstrap-4.5.3/js/bootstrap.min.js

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 209722
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 20 Aug 2021 13:04:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xjAMYT%2F6f%2B7UYqq9bFqoE6Q4Y3PwjyGbQeKrLYFM%2FMmtTXMF9ULC%2FWGYy4oDj4EzL9tYUpQvpfFwyUjQ7p3r911yMubxbeCxOwQ1%2BA5na0%2B2eO0fT9zKpZrpMN3ArTnae5YqzjxjuWfBWAr5xAEmng%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5feed88fef-FRA
expires: Mon, 28 Nov 2022 22:06:13 GMT

GET
H3 200 functions.js Show response
querieswater.info/assets/js/ 1 KB
1 KB 424ms
424ms Script
application/javascript 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/js/functions.js?v=6f61c4ca0f6fca482901744fad8f81c2

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5de7a79e14562963ef11f0d95f7a098e3cc018347a95290e292bef9b7d4677b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Sep 2022 14:55:28 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qn6B8x6qabjlGRsdvWSKl9F8PY5gBTVrNvdDBV5P9vV%2BMtm5bS4RCbl1Ig7EaB12MFmFiDrp4fk95mTIrzZhhCfYj9PHEBEkL48nIkjI777UjYbnx2GAZ2e87oLx1uBVamSQWn6wCj3ZTlqjYZ%2FCTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5feeda8fef-FRA
expires: Thu, 01 Dec 2022 08:21:35 GMT

GET
H3 200 intl_functions.js Show response
querieswater.info/assets/js/ 8 KB
3 KB 424ms
424ms Script
application/javascript 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/js/intl_functions.js?v=6f61c4ca0f6fca482901744fad8f81c2

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7077430b976a181d99efafc06e7e29923636aa84041bdd06c78fce5d960bb074

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 15 Sep 2022 19:29:38 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BW7fQjUaVt0fGobjKt5sTtHsALmKBWog3qcHawTtGSklh26xo0PgbI9r6IGo8W34Iqh82uxqUpnDE%2FeFz6ODE5B%2FBy1ECcfpl1ptyPdCwko9spyd26sTraR9qlnAvkk1DlQQFc7mtP%2F9KxdLucPluQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5feedb8fef-FRA
expires: Thu, 01 Dec 2022 08:21:35 GMT

GET
H3 200 common.js Show response
querieswater.info/assets/js/dublin/ 63 KB
13 KB 554ms
554ms Script
application/javascript 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/js/dublin/common.js?v=6f61c4ca0f6fca482901744fad8f81c2

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f01aed2133b6fa292f6d7b945f59eaa138ad6ce10332528930f044e7d3d8528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 17 Nov 2022 22:46:18 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GLflVFc2sV5ZrKuogHYDCNo%2BIYdiOt2VqEo9cPHvCEOnxIyQhXI%2FKzNsHCgTYLN7GICWZLelroWzzkCjy%2BTLQrAe3Sb9b%2BeM%2BD%2Fbw%2BOUbKycsec7DeaeZ7PZX4AGQJMWpw7Si18TWEZfmQVFBk98Wg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 76f0bb5feedd8fef-FRA
expires: Thu, 01 Dec 2022 08:21:35 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 106 KB
41 KB 128ms
45ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NK3N874

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

df17998986584c04fdbc429719008ace01c9bbd32230d76e8f218a3e0a6ef489

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41818
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 24 Nov 2022 08:21:35 GMT

GET
H3 200 css2
fonts.googleapis.com/ 5 KB
644 B 122ms
47ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Arimo:wght@500;700&display=swap

Requested by

Host: querieswater.info
URL: https://querieswater.info/assets/css/dublin/common.css?v=6f61c4ca0f6fca482901744fad8f81c2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f2de36054525c7a25f6b4ca1447f762169a97d0f11593cf0f8f254880f4c2bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 24 Nov 2022 08:21:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 24 Nov 2022 08:21:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 24 Nov 2022 08:21:35 GMT

GET
H2 200 v9e118mez8 Show response
trk-epicurei.com/scripts/push/ 7 KB
3 KB 359ms
276ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-epicurei.com/scripts/push/v9e118mez8

Requested by

Host: querieswater.info
URL: https://querieswater.info/inc/msg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6745ca7e5b3bbda5143038305bc1ec5648296f4dd1bbbdaa0f81b87ee35c9676

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/javascript;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afWgKzOd1mhWai2tGAQBedXIfMNJaOJPzp%2FYov24lO%2Fl7NsnJpxoglK0YBSxji%2Fm9NBRfSgToMT7zi2aoBFFK0oNTw5AWpVO3XdnZJojEOF4%2BEtOWQ1pWhfGPZWoWFUvqeQBhJLn9tjo1gLh8psj"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, max-age=0, must-revalidate
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-ray: 76f0bb63bc35912b-FRA
expires: 0

GET
H3 200 b00a83c235948ab6b1628fa5abca7e98.png
querieswater.info/fim/1821-DE/ 18 KB
18 KB 178ms
178ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/b00a83c235948ab6b1628fa5abca7e98.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97d5d0e728d2beecaf4bd8ec300fa6a5c67f63e907c3a09cffa4b7b77ac6238e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3954
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18249
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SDAVU2fEhmI0XdSspjFDmeIGtNxJXKY6Tgpq0uOcJXVToS6T7ipChNapCYAB9U6CjIQbwcO4RDGLST5GKmcZqpg1CikBssSUmwNaYEP7DKoQsIwbw5W3VgtXN2t6d%2B%2FcBX25pMRM%2Bb7JylOBXzFUjw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63deb38fef-FRA
expires: Thu, 01 Dec 2022 07:15:41 GMT

GET
H3 200 13df2765016ba3e6338d46bb25fb6652.png
querieswater.info/fim/1821-DE/ 8 KB
8 KB 181ms
177ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/13df2765016ba3e6338d46bb25fb6652.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

329f79c0441a8516e75e17ea8a736903a739d32f97b35af8b5f6ed72a76173d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3954
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7881
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C44K%2BGjw%2FTwohuGMwY2bnKrWOKnQr0jH9lTT27%2Bnz3ZbzQ4Gq4kuSRut4BWiKbMFFIWWbvSYXhrKME4l%2BJ%2F5tMed2Xx0h9L0FpYf5TbHnQFT6%2FJ%2BYU1l6vOG8RhGGL2ExrBtQN7cAgH9De9GHx%2ByVg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eec38fef-FRA
expires: Thu, 01 Dec 2022 07:15:41 GMT

GET
H3 200 d50f501717eae92c3f7bfc7c437a8fe4.png
querieswater.info/fim/1821-DE/ 194 KB
194 KB 182ms
178ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/d50f501717eae92c3f7bfc7c437a8fe4.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6da36fb6fc49bb32429a2335166e6e687fabe5eb9875fd2f588e4e21c73b6542

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3954
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 198582
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pbuu5sS5Tj97a1LYyd%2FivCMrAJLi1VQqzKh71bNvGp%2BUy9OTcC7ajjMLE9Ji5M05JwBV20O2JNKxuJdMiQTnIzNyY1pTuotwrXXs7r%2Bf1ZHQS1xDROIBJ49VvCHBtIBV2cRuWk2gHiywccKnaMNUZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eec68fef-FRA
expires: Thu, 01 Dec 2022 07:15:41 GMT

GET
H3 200 37cf4ced64d4949feb04799c579dbb9e.png
querieswater.info/fim/1821-DE/ 1 KB
2 KB 473ms
469ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/37cf4ced64d4949feb04799c579dbb9e.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a15c7fd6cff51cb3a08a1b705e578578f16f316835547063e9298a27257936b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1399
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:17:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7P5BRLpwe4wixYgKMrJG754gxbok2p%2BQVS80UXRh2smhd1gjD%2F%2FRAp0Gqqzjo2rwhIlrKCk1KKbwlNaEYI90%2BWd8Cq9ttHz0MNJPYcqqPsZz2T%2BnC82JPRq7RI8moQ8bUlYBWa7g%2FY1WZVxh%2Fyxzyg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eec78fef-FRA
expires: Thu, 01 Dec 2022 08:21:36 GMT

GET
H3 200 2927e1db9243205a75a4d2d89d936acc.jpg
querieswater.info/fim/1821-DE/ 113 KB
114 KB 55ms
52ms Image
image/jpeg 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/2927e1db9243205a75a4d2d89d936acc.jpg

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7bef5c75851bdd3741a2e2e486dc5e5060c0dc325348dd09108f7c90d499ea74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3954
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 115685
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0mKAQMJqU8VE2bjWuhSzUcPlYz3lsv4s020waWsarQvSB2O6jmTZ3PZJ6%2BX4AbcNNgtbjve8zfbLBf1HrI0F6XTfKGUQ8I9B9tbFQetBRV%2BUf43temeWJsSUXVj0S4sc9Og71xS1pFl%2BIlXtjbXP%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eeca8fef-FRA
expires: Thu, 01 Dec 2022 07:15:41 GMT

GET
H3 200 cb9d41ce8ffb886071516bafc1931da5.png
querieswater.info/fim/1821-DE/ 2 MB
2 MB 231ms
228ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/cb9d41ce8ffb886071516bafc1931da5.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74f321011aa03e4baee8be824cf5556cf7c9831fb66f1e8a08e5d76cfae74ba6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3447
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1770569
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kq9ECpvhtEJ6hUl7QZweTMFzTBqjNhDD4he0lChSRdY1kbo1wQnDQ8gw8Qau0Ke68dJTlCwhdYLPRL8r7ZwQk1cMDfzSLglvTEIPRlDU4g%2B2fUolGMVXn5eljpatP4PGgPG%2BYSu0OSWwST9W6%2Bn8PA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eecb8fef-FRA
expires: Thu, 01 Dec 2022 07:24:08 GMT

GET
H3 200 e344b588d0556764cdd725b060efacbc.png
querieswater.info/fim/1821-DE/ 65 KB
66 KB 675ms
671ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/e344b588d0556764cdd725b060efacbc.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

478e5c20c11f79bba6cbc45ff59f2d7fc83572bee66e38fc65de1b84a7a21911

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 66949
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7q9h9hO3r6SznRF1ZbOgMHAp3kFd8cEGujAtmqRCowWVlA78Nj1Pv1Zo5%2BlZk0aag1W%2FIaIcn5eOhBb4aJuv0l9ECCD9gfZUuIlsJ9fNyR25ba3xCcu7wsuXKvJNyAxykN%2Bvmfd6mEGgESf%2BDmk7fg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eece8fef-FRA
expires: Thu, 01 Dec 2022 08:21:36 GMT

GET
H3 200 a02e519083fccfe1dad8cc80210acdf6.jpg
querieswater.info/fim/1821-DE/ 1 MB
1 MB 93ms
90ms Image
image/jpeg 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/a02e519083fccfe1dad8cc80210acdf6.jpg

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd96d55b991c34184dcb3ab9644e9827ef8b0efc355da9a71258dd139c3129d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3954
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1118294
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJu7bejp6cJ9xxg9zgDIPFuZn8VPaV1dCqb0xrd%2FvKebVnQKkngPSPn9sCL8YY5VtyvwKirp0BvlATBfgQhikId6y58S%2B5bpjVUzGGwLCzfUByF2g181jws6%2FCqYtEnKPiRa%2FB97qhI0MKldI%2FB3sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eecf8fef-FRA
expires: Thu, 01 Dec 2022 07:15:41 GMT

GET
H3 200 d06824f3da7b2e7a4a62e043b9558019.png
querieswater.info/fim/1821-DE/ 570 KB
571 KB 428ms
425ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/d06824f3da7b2e7a4a62e043b9558019.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef26fea921f67ba55ac0fcdec63b9a85d0d52aa8d527709dc47945b27d98303c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 583693
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:27:18 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DdDhs93eThI8158f12Hfh3l21pWPbwDqPbB21epJ8QX5iLlJoBDANp7W2Kdk2GTfr5oDCoPjcJdN9SJCf28n9%2FTCvwMkJDE%2BcGXHgSPSYm6ZMtmdSq6PnHSUOIdCvBv7QvLxKSzI1Q27J4P1%2B7%2B8Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eed08fef-FRA
expires: Thu, 01 Dec 2022 08:21:36 GMT

GET
H3 200 71c34aa92be1c384e90fdea877a5918e.png
querieswater.info/fim/1821-DE/ 404 KB
405 KB 655ms
652ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/71c34aa92be1c384e90fdea877a5918e.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba98eecff8a45afcc8b229c02fa6eefff2f42f467c65298a1816a0e16318c2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 414206
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:17:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBnqTmhuMsONTbb4JYonfxz%2BnxzVuU%2B247M%2F1jagV9PWN%2FL1C0aZ7k5J%2BM9tqZkz%2FhB%2BOTGs6twf91Ywe8FtCD4vJqMiGHYbtW%2FRwgUO5GbfE7GEgs43kjNSck7s2%2FYleFU%2Fl8Qx4lvYgalTC7BGHg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eed28fef-FRA
expires: Thu, 01 Dec 2022 08:21:36 GMT

GET
H3 200 5a683a97859fcb12b04356b4c20d2871.png
querieswater.info/fim/1821-DE/ 838 KB
839 KB 396ms
393ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/5a683a97859fcb12b04356b4c20d2871.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b81b0cae76e02e47a8b289ab7872381601919ba728e6a655482a4d304b08192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3428
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 857921
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:17:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9YviflarnUWFpfHR7ONE%2B5tHQYTFHbh2BSQtf8Enzv%2B2Wsji5JIXARc6%2FLBDUxlVVGDUeT%2BCNbxkaEvpbLmZzJsdmPU5MJhZeX5OofeY2HwwpzLtTRaJlV3biSY9JthKblJNs3WXHDzr19mxqYpZ5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eef28fef-FRA
expires: Thu, 01 Dec 2022 07:24:28 GMT

GET
H3 200 854dc99b5caa5bfa817b5898aff4350c.jpg
querieswater.info/fim/1821-DE/ 90 KB
90 KB 529ms
525ms Image
image/jpeg 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/854dc99b5caa5bfa817b5898aff4350c.jpg

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27dacfb9f89d2897d8e76e207dd4c25a0e0566d430779c5306328d30fd752df2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3955
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 91896
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qVLlCiBFCDkAfv1CGlL9Z4WmjJCpwcQqisV6UghfDYEeFj57t8JVpzEgVu1%2BpF%2FJUp53WKcTElfYHxH0nhZcxqKGsu%2Fc40mPptkoKAyLUABHbz15gLZGKjvMbb3i0RUjEx8spy54oD06wRzrEMoNeg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eef68fef-FRA
expires: Thu, 01 Dec 2022 07:15:41 GMT

GET
H3 200 aa0b25552629f7b6f2842b0375948080.png
querieswater.info/fim/1821-DE/ 2 MB
2 MB 668ms
665ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/aa0b25552629f7b6f2842b0375948080.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d335d35caade2430e451afbf33599d0c3f434f6f69966f469ef609493341f0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1715826
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnFwXJu4WnKxcKFLmPwRTJ4H7VQJ5hq0MtWFfjKscB4L%2BzEfjSLbUIrOMJiSPHTqwQDpkbWdcBcNqX%2BSISGsru%2FyWMxCOj3csMsEF3u11lvpP25WyuuR3K%2BQSSAx5XPz5SQW0dyI4OetLtbLAKJnmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63eef88fef-FRA
expires: Thu, 01 Dec 2022 08:21:36 GMT

GET
H3 200 c5f72a1ed0478a9f9bb0d45ef9f894be.png
querieswater.info/fim/1821-DE/ 1 MB
1 MB 572ms
569ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/c5f72a1ed0478a9f9bb0d45ef9f894be.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f8b783dff876cf18dd4fd1e98e24eb1dd224a6c7399a7a0245cf497f6315a27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3428
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1446754
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:41 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfgrPZBdgjaNrptAYgQnhWb%2Bb%2Fm4nTAoqavvFBikAMv8PyRboCUyu6zo4zLcUFHwATmybQfxhM1tZSGrVt8AydlIj4uvkU8fUErK0h22xq0zs5OUc8am8Pb2SJh5jqqMLvtC0umw%2BwBfoTQcMmJIJA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63ef038fef-FRA
expires: Thu, 01 Dec 2022 07:24:28 GMT

GET
H3 200 1f536c37c2cdcbd667d1564df8843ec3.png
querieswater.info/fim/1821-DE/ 5 KB
6 KB 710ms
707ms Image
image/png 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/fim/1821-DE/1f536c37c2cdcbd667d1564df8843ec3.png

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3955
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5389
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Nov 2022 07:15:39 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqoGdOjH8vXi3gBR2TG%2FVWMMTmQEXFpi9ZwwIyvmEpdWNYMz9Hy6MHa%2BVR8q2BOzwDLJZFphraWuj1dpAOCAFqhhJhW8B%2BTpEtM7%2Bo4b8ER7wINbuIPOqBA3Kil%2BW5Ln%2B5elwYj0DAFnQu8JC2zfPg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63ef068fef-FRA
expires: Thu, 01 Dec 2022 07:15:41 GMT

GET
H3 200 3ad2fd3849cccaf044afa5af0244d196
querieswater.info/ 64 KB
64 KB 1008ms
1007ms Image
text/html 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Requested by

Host: querieswater.info
URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bmf4mE7cU1rnTKoFKYvAhBGdpkWNAHJRJu62NugvemIYj%2Bz%2BTBtyXGl0V6l5hFRzWiXHiYQQCPfvOaHPm04S84dfy01xQ8k1l4UBtvnyJIVEC55UaCgE86AsEfcYMSJSyfp7wXmPtJLPDkuQhRXWCw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 76f0bb63ef088fef-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 fa-solid-900.woff2
querieswater.info/assets/vendors/fontawesome/webfonts/ 78 KB
79 KB 694ms
694ms Font
font/woff2 2606:4700:3037::ac43:d103
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://querieswater.info/assets/vendors/fontawesome/webfonts/fa-solid-900.woff2

Requested by

Host: querieswater.info
URL: https://querieswater.info/assets/vendors/fontawesome/css/all.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:d103 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://querieswater.info/assets/vendors/fontawesome/css/all.css
Origin: https://querieswater.info
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 209113
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 80252
x-xss-protection: 1; mode=block
last-modified: Mon, 19 Jul 2021 19:01:59 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: font/woff2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vfQ9url5nIFr%2FQAmtCLQb4J0qjFXgCSmq0SDQ4AjLGFY%2FiGQOTWHsv0vXUhejaP1mDIyc4ruY%2B3C7bPVvHbBjFQCv%2FfraIxeXB76KbwqhWvhDnNzjukl1QxwXnX7hps3Z9pQsyHp9PiISHvgS%2B%2B1kA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 76f0bb63ff0a8fef-FRA
expires: Mon, 28 Nov 2022 22:16:23 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 212 KB
74 KB 122ms
47ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JMJ044GLKX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NK3N874

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c5a6506ec9d86333e4481eaaff3e57df39f18dacb52545008a0a3d038620e802

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 24 Nov 2022 08:21:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75961
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 24 Nov 2022 08:21:36 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
348 B 163ms
53ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-JMJ044GLKX&gtm=2oeb90&_p=1563527190&cid=1400582338.1669278096&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1669278096&sct=1&seg=0&dl=https%3A%2F%2Fquerieswater.info%2F3ad2fd3849cccaf044afa5af0244d196&dr=https%3A%2F%2Ftryeleveat.com%2F&dt=%5B1%5D%20Pr%C3%A4mie%20ausstehend%20-%20Lidl%20-%20Wir%20wollen%20Ihre%20Meinung!&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JMJ044GLKX&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://querieswater.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Nov 2022 08:21:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://querieswater.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST v9e118mez8
event.trk-epicurei.com/register/event_log/ 0
0

OPTIONS v9e118mez8
event.trk-epicurei.com/register/event_log/ 0
0

POST v9e118mez8
event.trk-epicurei.com/register/event_log/ 0
0

OPTIONS v9e118mez8
event.trk-epicurei.com/register/event_log/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: event.trk-epicurei.com
URL: https://event.trk-epicurei.com/register/event_log/v9e118mez8

Domain: event.trk-epicurei.com
URL: https://event.trk-epicurei.com/register/event_log/v9e118mez8

Domain: event.trk-epicurei.com
URL: https://event.trk-epicurei.com/register/event_log/v9e118mez8

Domain: event.trk-epicurei.com
URL: https://event.trk-epicurei.com/register/event_log/v9e118mez8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
tryeleveat.com/	1969-12-31 23:59:59	Name: uid4617 Value: 858549796-20221124032133-a693941a261a7c9372a821a6d9b2df64-
herringfoods.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 7c05171bb33b8f023a38389ea3d7d8a1
querieswater.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1a62adc0819f92f791b140e7a73d8673
.querieswater.info/	1970-01-20 17:17:18	Name: _ga_JMJ044GLKX Value: GS1.1.1669278096.1.0.1669278096.0.0.0
.querieswater.info/	1970-01-20 17:17:18	Name: _ga Value: GA1.1.1400582338.1669278096

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://querieswater.info/3ad2fd3849cccaf044afa5af0244d196 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.ionicframework.com
event.trk-epicurei.com
fonts.googleapis.com
herringfoods.com
querieswater.info
region1.google-analytics.com
storage.googleapis.com
thanksbeet.exploratorygifts.com
trk-epicurei.com
tryeleveat.com
www.googletagmanager.com
event.trk-epicurei.com
141.98.5.181
2001:4860:4802:32::36
2606:4700:20::681a:6ad
2606:4700:3031::ac43:d77a
2606:4700:3037::ac43:d103
2a00:1450:4001:80f::2008
2a00:1450:4001:829::200a
2a00:1450:4001:82b::2010
2a06:98c1:3120::9
2a06:98c1:3121::3
06c3f3452108be85c9304eb8e6fc6dc831534e12362cfd03afd47f4320f894a3
27dacfb9f89d2897d8e76e207dd4c25a0e0566d430779c5306328d30fd752df2
28b13c440c7f30d0f83504cc0f9ed973e76160f8b65afe1b5d17a7763f172e8d
329f79c0441a8516e75e17ea8a736903a739d32f97b35af8b5f6ed72a76173d4
3b81b0cae76e02e47a8b289ab7872381601919ba728e6a655482a4d304b08192
3d335d35caade2430e451afbf33599d0c3f434f6f69966f469ef609493341f0a
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
478e5c20c11f79bba6cbc45ff59f2d7fc83572bee66e38fc65de1b84a7a21911
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
4f8b783dff876cf18dd4fd1e98e24eb1dd224a6c7399a7a0245cf497f6315a27
5de7a79e14562963ef11f0d95f7a098e3cc018347a95290e292bef9b7d4677b5
6745ca7e5b3bbda5143038305bc1ec5648296f4dd1bbbdaa0f81b87ee35c9676
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6da36fb6fc49bb32429a2335166e6e687fabe5eb9875fd2f588e4e21c73b6542
6f01aed2133b6fa292f6d7b945f59eaa138ad6ce10332528930f044e7d3d8528
6f2de36054525c7a25f6b4ca1447f762169a97d0f11593cf0f8f254880f4c2bc
7077430b976a181d99efafc06e7e29923636aa84041bdd06c78fce5d960bb074
74f321011aa03e4baee8be824cf5556cf7c9831fb66f1e8a08e5d76cfae74ba6
7a15c7fd6cff51cb3a08a1b705e578578f16f316835547063e9298a27257936b
7bef5c75851bdd3741a2e2e486dc5e5060c0dc325348dd09108f7c90d499ea74
97d5d0e728d2beecaf4bd8ec300fa6a5c67f63e907c3a09cffa4b7b77ac6238e
ba98eecff8a45afcc8b229c02fa6eefff2f42f467c65298a1816a0e16318c2f7
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
bd96d55b991c34184dcb3ab9644e9827ef8b0efc355da9a71258dd139c3129d7
c5a6506ec9d86333e4481eaaff3e57df39f18dacb52545008a0a3d038620e802
d799465b2ff56b61cbc78cc98c211953662f6bd703a1dee93947c4bdd4119b8a
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
df17998986584c04fdbc429719008ace01c9bbd32230d76e8f218a3e0a6ef489
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef26fea921f67ba55ac0fcdec63b9a85d0d52aa8d527709dc47945b27d98303c
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

querieswater.info Open in urlscan Pro 2606:4700:3037::ac43:d103 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

92 %HTTPS

90 %IPv6

9 Domains

11 Subdomains

10 IPs

3 Countries

8796 kBTransfer

9812 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

querieswater.info Open in urlscan Pro
2606:4700:3037::ac43:d103 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

92 %
HTTPS

90 %
IPv6

9
Domains

11
Subdomains

10
IPs

3
Countries

8796 kB
Transfer

9812 kB
Size

5
Cookies

52 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!