28.saves.men Open in urlscan Pro
172.67.217.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://28.saves.men/
Submission: On June 07 via api (June 7th 2024, 3:37:41 pm UTC) from US — Scanned from DE

Summary HTTP 76 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 22 IPs in 6 countries across 24 domains to perform 76 HTTP transactions. The main IP is 172.67.217.217, located in United States and belongs to CLOUDFLARENET, US. The main domain is 28.saves.men.
TLS certificate: Issued by GTS CA 1P5 on April 24th 2024. Valid for: 3 months.

This is the only time 28.saves.men was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	172.67.217.217 172.67.217.217	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
9 9	89.207.16.75 89.207.16.75	41041 (VCLK-EU-SE) (VCLK-EU-SE)
5	23.61.159.142 23.61.159.142	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:350... 2a02:26f0:3500:599::9b6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	195.47.247.12 195.47.247.12	51468 (ONECOM) (ONECOM)
14	18.239.36.106 18.239.36.106	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
7	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	109.236.91.3 109.236.91.3	49981 (WORLDSTREAM) (WORLDSTREAM)
4	104.17.111.223 104.17.111.223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
2	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
1	142.250.186.132 142.250.186.132	15169 (GOOGLE) (GOOGLE)
1	104.16.160.145 104.16.160.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
76	22

13 172.67.217.217 (United States)

ASN13335 (CLOUDFLARENET, US)

28.saves.men	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 89.207.16.75 (Amsterdam, Netherlands) 9 redirects

ASN41041 (VCLK-EU-SE, US)

www.tqlkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.awltovhc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cj.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.emjcd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.ftjcfx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.61.159.142 (Curitiba, Brazil)

ASN16625 (AKAMAI-AS, US)
PTR: a23-61-159-142.deploy.static.akamaitechnologies.com

www.yceml.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:599::9b6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s7d5.scene7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.47.247.12 (None, )

ASN51468 (ONECOM, DK)
PTR: static.cdn-one.com

banners.one.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 18.239.36.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-36-106.ams58.r.cloudfront.net

www.halegroves.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.236.91.3 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: customer.worldstream.nl

extreme-ip-lookup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.17.111.223 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.160.145 (None, )

ASN13335 (CLOUDFLARENET, US)

onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	halegroves.com www.halegroves.com	2 MB
13	saves.men 28.saves.men	193 KB
9	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 tpc.googlesyndication.com — Cisco Umbrella Rank: 174	271 KB
8	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 260	219 KB
5	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 4931 onesignal.com — Cisco Umbrella Rank: 1605	83 KB
5	yceml.net www.yceml.net — Cisco Umbrella Rank: 40777	305 KB
3	gstatic.com fonts.gstatic.com	197 KB
3	awltovhc.com 3 redirects www.awltovhc.com — Cisco Umbrella Rank: 143463	1 KB
3	tqlkg.com 3 redirects www.tqlkg.com — Cisco Umbrella Rank: 181601	1 KB
2	google.de www.google.de — Cisco Umbrella Rank: 8139	126 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 130	396 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3163 www.google.com — Cisco Umbrella Rank: 5	316 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 65	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	172 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 205	91 KB
1	extreme-ip-lookup.com extreme-ip-lookup.com — Cisco Umbrella Rank: 30961	589 B
1	one.com banners.one.com	24 KB
1	ftjcfx.com 1 redirects www.ftjcfx.com — Cisco Umbrella Rank: 92425	441 B
1	scene7.com s7d5.scene7.com — Cisco Umbrella Rank: 51603	59 KB
1	emjcd.com 1 redirects www.emjcd.com — Cisco Umbrella Rank: 18855	780 B
1	dotomi.com 1 redirects cj.dotomi.com — Cisco Umbrella Rank: 19093	951 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 70	2 KB
0	jquery.com Failed code.jquery.com Failed
0	nexcesscdn.net Failed lghttp.17106.nexcesscdn.net Failed
76	24

	Domain	Requested by
14	www.halegroves.com	28.saves.men
13	28.saves.men	28.saves.men cdnjs.cloudflare.com
8	cdnjs.cloudflare.com	28.saves.men cdnjs.cloudflare.com
7	pagead2.googlesyndication.com	28.saves.men pagead2.googlesyndication.com
5	www.yceml.net	28.saves.men
3	onesignal.com	cdn.onesignal.com
3	fonts.gstatic.com	fonts.googleapis.com
3	www.awltovhc.com	3 redirects
3	www.tqlkg.com	3 redirects
2	www.google.de
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	www.googletagmanager.com	cdnjs.cloudflare.com www.googletagmanager.com
2	cdn.onesignal.com	cdnjs.cloudflare.com cdn.onesignal.com
2	connect.facebook.net	28.saves.men connect.facebook.net
1	www.google.com
1	region1.analytics.google.com	www.googletagmanager.com
1	extreme-ip-lookup.com	cdnjs.cloudflare.com
1	banners.one.com	28.saves.men
1	www.ftjcfx.com	1 redirects
1	s7d5.scene7.com	28.saves.men
1	www.emjcd.com	1 redirects
1	cj.dotomi.com	1 redirects
1	fonts.googleapis.com	28.saves.men
0	code.jquery.com Failed	cdnjs.cloudflare.com
0	lghttp.17106.nexcesscdn.net Failed	28.saves.men
76	27

This site contains links to these domains. Also see Links.

Domain
www.saves.men
www.facebook.com
twitter.com
instagram.com
www.youtube.com
ad9g.tumblr.com

Subject Issuer	Validity	Valid
saves.men GTS CA 1P5	`2024-04-24` - `2024-07-23`	3 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
www.halegroves.com DigiCert EV RSA CA G2	`2023-11-30` - `2024-12-30`	a year	crt.sh
*.gstatic.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-03-16` - `2024-06-14`	3 months	crt.sh
t1.extreme-dm.com R3	`2024-04-10` - `2024-07-09`	3 months	crt.sh
onesignal.com GTS CA 1P5	`2024-05-31` - `2024-08-29`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
tpc.googlesyndication.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.google.de WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://28.saves.men/
Frame ID: 3156A78F8B9EA7830C73AA18CBE5AB4F
Requests: 74 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240605/r20110914/zrt_lookup_fy2021.html
Frame ID: 4B5FB800BFE52B5CBDBBD6F179C6B02D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-3814950462762836&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1717774654&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2F28.saves.men%2F&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=30~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=30~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=30_23~27_8~29_18&aiixl=30_6~27_3~29_5&aslmct=0.7&asamct=0.7&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNS4wLjY0MjIuMTQxIixudWxsLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMjUuMC42NDIyLjE0MSJdLFsiQ2hyb21pdW0iLCIxMjUuMC42NDIyLjE0MSJdLFsiTm90LkEvQnJhbmQiLCIyNC4wLjAuMCJdXSwwXQ..&dt=1717774654136&bpp=7&bdt=3826&idt=298&shv=r20240605&mjsv=m202406030101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=4317900602208&frm=20&pv=2&ga_vid=366449407.1717774654&ga_sid=1717774654&ga_hid=1672571542&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31084199%2C44795922%2C95332925%2C95334509%2C95334527%2C95334571%2C95335263%2C95334053%2C95334157%2C21065724%2C31078668&oid=2&pvsid=1532846553997636&tmod=2025909054&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&nt=1&ifi=1&uci=a!1&fsb=1&dtd=369
Frame ID: CCC4D5561B6043CD7642DBD1EB1FD3E4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2AE636DEEF2159390A2FD924EBB9E262
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240605/r20110914/zrt_lookup_fy2021.html
Frame ID: BF13602FF46EBBBDD5E3F7B272EB5B91
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

28 Dips & Spreads - Jams & Jellies Food Gift Baskets - Home & Garden Food Gift | Kitchen Tools & Utensils 28.saves.men

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

76
Requests

87 %
HTTPS

41 %
IPv6

24
Domains

27
Subdomains

22
IPs

6
Countries

3375 kB
Transfer

5693 kB
Size

12
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.saves.men/best/2sdff_g/com/page/search/index.php
Title: Search hear

Search URL Search Domain Scan URL

URL: https://www.saves.men/best/form/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.saves.men/best/form/term.php#p
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.saves.men/best/form/term.php#t
Title: T&C

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ad9gcom

Search URL Search Domain Scan URL

URL: https://twitter.com/ad9g_com

Search URL Search Domain Scan URL

URL: https://instagram.com/ad9g_

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCy6p3HzdOxRQmm73mG7KUdQ?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://ad9g.tumblr.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://www.tqlkg.com/image-7658614-13081546 HTTP 302
https://www.yceml.net/0970/13081546-1648803854060

Request Chain 6

https://www.awltovhc.com/image-7658614-12611340 HTTP 302
https://cj.dotomi.com/fn101ax03H/ry2/x0v/GHLGGIJF/MLKNLGJ/F/F/F/F/F?i=m%3c%3czBB7A%3A%2F%2FEEE.sE3B6Dzu.u64%2F04syw-PONQOJM-JKOJJLMI%3c%3cY%3czBB7A%3A%2F%2FKQ.AsDwA.4w5%2F%3c%3cJ%3cJ%3cI%3cI%3c HTTP 302
https://www.emjcd.com/rp83kptwB/jqv/ptn/89D88AB7/EDCFD8B/7/B77D7CEC8A8798BDCA:4P7.xL4tK_Rz/7/7/7?t=q%3c%3clxxtw%3A%2F%2F000.e0pxszlg.gsq%2Fmqeki-BA9CA58-56A55784%3c%3cK%3clxxtw%3A%2F%2F6C.weziw.qir%2F%3c99gD54e7-87hB-864h-D46g-eeC8e4DA6Dhj%3c5%3c5%3c4%3c4%3c HTTP 302
https://www.yceml.net/0780/12611340-1641923364246

Request Chain 7

https://www.tqlkg.com/image-7658614-12956509 HTTP 302
https://www.yceml.net/0861/12956509-1648758026919

Request Chain 8

https://www.awltovhc.com/image-7658614-12856579 HTTP 302
https://www.yceml.net/0259/12856579-1655408832705

Request Chain 9

https://www.awltovhc.com/image-7658614-12235495 HTTP 302
https://s7d5.scene7.com/is/image/TheBradfordExchangeOnline/1800856001_1?$bec-480w$

Request Chain 10

https://www.tqlkg.com/image-7658614-13086308 HTTP 302
https://www.yceml.net/0612/13086308-1538145868547

Request Chain 11

https://www.awltovhc.com/image-7658614-11485870 HTTP 302
https://lghttp.17106.nexcesscdn.net/808773/magento/media/catalog/product/cache/1/small_image/220x330/9df78eab33525d08d6e5fb8d27136e95/s/h/shoes-heels-plsr-kiss-295clearclear.jpg

Request Chain 12

https://www.ftjcfx.com/image-7658614-12161616 HTTP 302
https://banners.one.com/bannere/usa/200x200-usa.gif

76 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
28.saves.men/ 195 KB
18 KB 828ms
148ms Document
text/html 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e3db48a3eb5acc5ff387f23a99813ae6332c8c00bff027dfd208ba62519db99

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8901b94b6e312c5b-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 07 Jun 2024 15:37:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sgFgSQ9tDF6xxnI0qhW6DC0xEIt3er2ey6LJk01kJuslsEGAmaXAd8E4njIx%2F6MFOlc5I0d29XGV%2F6EL9aN%2F5t%2FikSurUu4dlxc8UfRVC9thb%2B9XnlG0NcZFeRiojR4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 aVnC_agW_zFkmRhpvQkZJJXM4aQ.js Show response
28.saves.men/cdn-cgi/apps/head/ 5 KB
2 KB 488ms
467ms Script
application/javascript 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/cdn-cgi/apps/head/aVnC_agW_zFkmRhpvQkZJJXM4aQ.js

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6626875a972500b17084cd02ab4172256a9e30b6b4c7f3b4745d098c9dae44e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-version-id: LL9ERgYPK7MuHg8FJCj9Hf99S635nkKO
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
x-amz-request-id: MMBM2J814J147JJZ
strict-transport-security: max-age=2592000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
content-length: 1564
x-amz-id-2: y0b/l10FWrbAOcteKP6Wejj7bWf3/nyyOhYFQxNMdgztRqu8a4643+4su+c68dscMLlpeKZOZSY=
last-modified: Wed, 17 Jan 2018 16:58:04 GMT
server: cloudflare
etag: "b645eaf105eca6101d7d048cc42cbc38"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hfTeGh3XSIb2V5%2FvlAoQ0TMMtJ0PQTOrjsEBzhJk5IdUsn9uv20y8HaeMdljwswGObrzGJNeWoKplvtl%2BeQIBG8zVW8RyiKSPoyclmiyhtTzrk8yHWveX%2FgQGSGBh4U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8901b94cbfbb2c5b-FRA

GET
H3 200 mdb.min.css
cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/css/ 209 KB
18 KB 133ms
57ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/css/mdb.min.css

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8ec5a8f44b10bfbdc8a90e59bd13790f7f115a1023a2434c276efe2a238ee0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 7419492
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 17874
last-modified: Mon, 04 May 2020 16:13:19 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f1f-3455c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uYikr63nz2R2T5rnJGeqOZCzzj8xzblfbEmXIorokfWLfVNPyZsp2lTpKP8K3810%2FhJZI2XVdO20VZudERMU1ZAzvB5VgjCStEgFV%2FcjdEj%2FCiSTmsXSt518wABw8CY8oLA%2BUi6d"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8901b94d1fb191ff-FRA
expires: Wed, 28 May 2025 15:37:30 GMT

GET
H2 200 min.css
28.saves.men/best/2sdff_g/vcc/ 180 KB
37 KB 105ms
89ms Stylesheet
text/css 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/best/2sdff_g/vcc/min.css

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebc27b89de27a7b1b9abcf5d369cdb222d99fdb6f4c4b981484488e3e2cfdf25

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:30 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-polished: origSize=184899
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 21 Jun 2021 05:27:48 GMT
server: cloudflare
etag: W/"2d243-5c53fef107d00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onNe41POkxzuyTcre80JcsM9d5dgmXBKstrH%2BnqRNq27wHPM6uoK%2BsLxNREnwxjB3M3LYcadsySYoVN7U2aMjA5xT6kfaKh%2FqI06uaKDgAXMSy%2Fxr1f1fnh6%2BSTxG8I%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=3600
cf-ray: 8901b94cbfb92c5b-FRA

GET
H2 200 rocket-loader.min.js Show response
28.saves.men/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 66ms
51ms Script
application/javascript 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:30 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Tue, 04 Jun 2024 12:27:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
etag: W/"665f0832-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qnmhuJddAFAFGVTfcvFpiMMPUbycXc9r8DrAoVzJ36%2FSnRB2uUxeSHsAhAWCfoUP8SHzIa7%2FMEWIQDrAcTGN%2BCfGxUaKgMspYJzXWyqg%2FQ96kWxHh12m%2BqeEUK5sMzo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 8901b94cbfbf2c5b-FRA
expires: Sun, 09 Jun 2024 15:37:30 GMT

GET
H2 200 css
fonts.googleapis.com/ 19 KB
2 KB 219ms
56ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3701f1301f8bc58fc4ce23a83a4f7059bde4d13709565498613fcf0386816e1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Fri, 07 Jun 2024 15:37:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 07 Jun 2024 15:37:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 Jun 2024 15:37:30 GMT

GET
H/1.1

200
OK

13081546-1648803854060
www.yceml.net/0970/
Redirect Chain

https://www.tqlkg.com/image-7658614-13081546
https://www.yceml.net/0970/13081546-1648803854060

75 KB
75 KB

2089ms
1215ms

Image
image/gif

23.61.159.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yceml.net/0970/13081546-1648803854060
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: HTTP/1.1
Server: 23.61.159.142 Curitiba, Brazil, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-61-159-142.deploy.static.akamaitechnologies.com
Software: Resin/4.0.66 /
Resource Hash: 2d4bc9c3ff3f6be84acbd230bb1897e1e4b862a3e81ecee0bf7967ce93d57f1c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date: Fri, 07 Jun 2024 15:37:32 GMT
Cache-Control: max-age=604791
Server: Resin/4.0.66
Connection: keep-alive, Transfer-Encoding
Transfer-Encoding: chunked
Expires: Fri, 14 Jun 2024 15:37:23 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Jun 2024 15:37:30 GMT
Server: Resin/4.0.66
Content-Type: text/html; charset=utf-8
Location: https://www.yceml.net/0970/13081546-1648803854060
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-VC-HTTPS: On
Content-Length: 87
Expires: Fri, 07 Jun 2024 15:37:30 GMT

GET
H/1.1

200
OK

12611340-1641923364246
www.yceml.net/0780/
Redirect Chain

https://www.awltovhc.com/image-7658614-12611340
https://cj.dotomi.com/fn101ax03H/ry2/x0v/GHLGGIJF/MLKNLGJ/F/F/F/F/F?i=m%3c%3czBB7A%3A%2F%2FEEE.sE3B6Dzu.u64%2F04syw-PONQOJM-JKOJJLMI%3c%3cY%3czBB7A%3A%2F%2FKQ.AsDwA.4w5%2F%3c%3cJ%3cJ%3cI%3cI%3c
https://www.emjcd.com/rp83kptwB/jqv/ptn/89D88AB7/EDCFD8B/7/B77D7CEC8A8798BDCA:4P7.xL4tK_Rz/7/7/7?t=q%3c%3clxxtw%3A%2F%2F000.e0pxszlg.gsq%2Fmqeki-BA9CA58-56A55784%3c%3cK%3clxxtw%3A%2F%2F6C.weziw.qir...
https://www.yceml.net/0780/12611340-1641923364246

13 KB
13 KB

1048ms
1048ms

Image
image/jpeg

23.61.159.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yceml.net/0780/12611340-1641923364246
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: HTTP/1.1
Server: 23.61.159.142 Curitiba, Brazil, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-61-159-142.deploy.static.akamaitechnologies.com
Software: Resin/4.0.66 /
Resource Hash: cde2998b17899094c08cb62f2345da9cbdfb339da6fc256a28525a91ff476800

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date: Fri, 07 Jun 2024 15:37:33 GMT
Cache-Control: max-age=604799
Server: Resin/4.0.66
Connection: keep-alive
Content-Length: 13514
Expires: Fri, 14 Jun 2024 15:37:32 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Jun 2024 15:37:32 GMT
Server: Resin/4.0.66
Content-Type: text/html; charset=utf-8
Location: https://www.yceml.net/0780/12611340-1641923364246
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-VC-HTTPS: On
Content-Length: 87
Expires: Fri, 07 Jun 2024 15:37:32 GMT

GET
H/1.1

200
OK

12956509-1648758026919
www.yceml.net/0861/
Redirect Chain

https://www.tqlkg.com/image-7658614-12956509
https://www.yceml.net/0861/12956509-1648758026919

18 KB
18 KB

1937ms
1152ms

Image
image/jpeg

23.61.159.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yceml.net/0861/12956509-1648758026919
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: HTTP/1.1
Server: 23.61.159.142 Curitiba, Brazil, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-61-159-142.deploy.static.akamaitechnologies.com
Software: Resin/4.0.66 /
Resource Hash: e78d9ade7b3bfcbcd2afa052e09b16d59c0505adb5715f3e6ed3180f33fbe16b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date: Fri, 07 Jun 2024 15:37:32 GMT
Cache-Control: max-age=604754
Server: Resin/4.0.66
Connection: keep-alive
Content-Length: 18634
Expires: Fri, 14 Jun 2024 15:36:46 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Jun 2024 15:37:30 GMT
Server: Resin/4.0.66
Content-Type: text/html; charset=utf-8
Location: https://www.yceml.net/0861/12956509-1648758026919
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-VC-HTTPS: On
Content-Length: 87
Expires: Fri, 07 Jun 2024 15:37:30 GMT

GET
H/1.1

200
OK

12856579-1655408832705
www.yceml.net/0259/
Redirect Chain

https://www.awltovhc.com/image-7658614-12856579
https://www.yceml.net/0259/12856579-1655408832705

93 KB
93 KB

2127ms
1311ms

Image
image/jpeg

23.61.159.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yceml.net/0259/12856579-1655408832705
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: HTTP/1.1
Server: 23.61.159.142 Curitiba, Brazil, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-61-159-142.deploy.static.akamaitechnologies.com
Software: Resin/4.0.66 /
Resource Hash: 794c75cb3af217cdad26419bdc1a20c3057161ed6913ae5dd59784110c62283d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date: Fri, 07 Jun 2024 15:37:32 GMT
Cache-Control: max-age=604800
Server: Resin/4.0.66
Connection: keep-alive, Transfer-Encoding
Transfer-Encoding: chunked
Expires: Fri, 14 Jun 2024 15:37:32 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Jun 2024 15:37:30 GMT
Server: Resin/4.0.66
Content-Type: text/html; charset=utf-8
Location: https://www.yceml.net/0259/12856579-1655408832705
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-VC-HTTPS: On
Content-Length: 87
Expires: Fri, 07 Jun 2024 15:37:30 GMT

GET
H2

200

1800856001_1
s7d5.scene7.com/is/image/TheBradfordExchangeOnline/
Redirect Chain

https://www.awltovhc.com/image-7658614-12235495
https://s7d5.scene7.com/is/image/TheBradfordExchangeOnline/1800856001_1?$bec-480w$

58 KB
59 KB

240ms
107ms

Image
image/jpeg

2a02:26f0:3500:599::9b6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s7d5.scene7.com/is/image/TheBradfordExchangeOnline/1800856001_1?$bec-480w$

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Server

2a02:26f0:3500:599::9b6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Unknown /

Resource Hash

2bcae4bab5b4d9b0a1c3eb554bfdb28c74e8af691b63cc2130f0b5a42efb70ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 07 Jun 2024 15:37:31 GMT
last-modified: Sat, 08 Oct 2022 01:48:05 GMT
server: Unknown
akamai-grn: 0.92a02417.1717774651.113fbb78
x-adobe-modifierlist: QlpoOTFBWSZTWT/mMkMAAAADgAAKv2f+hCAASKekEwyamT1PQpoaGg0aaGCLDOkwqSOfm48VyDzbFPgWUtvULyiY/JrsHDC/xIhAw46jC7kinChIH/MZIYA=
etag: "07aabbad91bb79a65583c0f123a853c6"
content-type: image/jpeg
access-control-allow-origin: *
x-adobe-assetlist: QlpoOTFBWSZTWW8jmQ8AAAgfgAAA40ASAIQKr+WQQCAAIqZknpMIwmPSFAAAGTIq/s2HRxIhJVtPXsH6uuD1Es5BCGxtV4LuSKcKEg3kcyHg
x-akamai-cache: Hit
content-length: 59604
expires: Fri, 07 Jun 2024 23:51:38 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Jun 2024 15:37:30 GMT
Server: Resin/4.0.66
Content-Type: text/html; charset=utf-8
Location: http://s7d5.scene7.com/is/image/TheBradfordExchangeOnline/1800856001_1?$bec-480w$
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-VC-HTTPS: On
Content-Length: 119
Expires: Fri, 07 Jun 2024 15:37:30 GMT

GET
H/1.1

200
OK

13086308-1538145868547
www.yceml.net/0612/
Redirect Chain

https://www.tqlkg.com/image-7658614-13086308
https://www.yceml.net/0612/13086308-1538145868547

104 KB
105 KB

1866ms
1142ms

Image
image/jpeg

23.61.159.142
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yceml.net/0612/13086308-1538145868547
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: HTTP/1.1
Server: 23.61.159.142 Curitiba, Brazil, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-61-159-142.deploy.static.akamaitechnologies.com
Software: Resin/4.0.66 /
Resource Hash: 8bacab6e8220be1b3ce1eb317526903a7a2d88eaa51f58dcdec86ff4daec8c65

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date: Fri, 07 Jun 2024 15:37:32 GMT
Cache-Control: max-age=604800
Server: Resin/4.0.66
Connection: keep-alive, Transfer-Encoding
Transfer-Encoding: chunked
Expires: Fri, 14 Jun 2024 15:37:32 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 07 Jun 2024 15:37:30 GMT
Server: Resin/4.0.66
Content-Type: text/html; charset=utf-8
Location: https://www.yceml.net/0612/13086308-1538145868547
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-VC-HTTPS: On
Content-Length: 87
Expires: Fri, 07 Jun 2024 15:37:30 GMT

GET

shoes-heels-plsr-kiss-295clearclear.jpg
lghttp.17106.nexcesscdn.net/808773/magento/media/catalog/product/cache/1/small_image/220x330/9df78eab33525d08d6e5fb8d27136e95/s/h/
Redirect Chain

https://www.awltovhc.com/image-7658614-11485870
https://lghttp.17106.nexcesscdn.net/808773/magento/media/catalog/product/cache/1/small_image/220x330/9df78eab33525d08d6e5fb8d27136e95/s/h/shoes-heels-plsr-kiss-295clearclear.jpg

0
0

GET
H2

200

200x200-usa.gif
banners.one.com/bannere/usa/
Redirect Chain

https://www.ftjcfx.com/image-7658614-12161616
https://banners.one.com/bannere/usa/200x200-usa.gif

24 KB
24 KB

444ms
84ms

Image
image/gif

195.47.247.12
ONECOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banners.one.com/bannere/usa/200x200-usa.gif

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Server

195.47.247.12 -, , ASN51468 (ONECOM, DK),

Reverse DNS

static.cdn-one.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a1416bd76d8ae022c1b2aac177c67bd8d82a571fa7ea71ed8df1dea96cbb7eb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15778800

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Fri, 07 Jun 2024 15:37:31 GMT
via: 1.1 webcache1-fra1 (Varnish/trunk)
strict-transport-security: max-age=15778800
last-modified: Wed, 18 Jul 2018 09:17:50 GMT
server: nginx/1.18.0 (Ubuntu)
age: 0
etag: "5b4f05be-5ea4"
content-type: image/gif
access-control-allow-origin: *
x-varnish: 12586124153
cache-control: private, max-age=60
accept-ranges: bytes
content-length: 24228
x-node: webproxy2.cst.cdnpod2-cph3.one.com

Redirect headers

Pragma: no-cache
Date: Fri, 07 Jun 2024 15:37:31 GMT
Server: Resin/4.0.66
Content-Type: text/html; charset=utf-8
Location: http://banners.one.com/bannere/usa/200x200-usa.gif
P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-VC-HTTPS: On
Content-Length: 88
Expires: Fri, 07 Jun 2024 15:37:31 GMT

GET
H2 200 HG23_CoconutPatties_506.jpg
www.halegroves.com/images/xl/ 102 KB
103 KB 537ms
324ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/HG23_CoconutPatties_506.jpg?v=1
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 32c2d85077ee594b3d2688d4c7b5630a5e412493f2f46272fde075afebc4d0a5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Fri, 28 Jul 2023 19:07:53 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "ad73a133200efbc7f6c4430f6548170b"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 104791
x-amz-cf-id: xU88r-TPw4cdyGClMQ9FFkLGh3KOGcsmYyQvGl2D0fN-v_gmi0QHpg==

GET
H2 200 HG24-HoneybellZestCake.jpg
www.halegroves.com/images/xl/ 142 KB
142 KB 536ms
323ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/HG24-HoneybellZestCake.jpg?v=2
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9c0090d3c408776f4f1311087301a56bd9a798f9f72addb69e0ea1d4b22e74dc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 11:33:46 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Mon, 29 Jan 2024 17:43:45 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 446625
etag: "096c027436891946158b1208d6807fe5"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 144964
x-amz-cf-id: dIWUiSa70qPLJH7tjDtpDCXbviSX34MJ5uhdKafVlIfphoFV2wjZvA==

GET
H2 200 HG23-801.jpg
www.halegroves.com/images/xl/ 94 KB
94 KB 155ms
46ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/HG23-801.jpg?v=1
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3c48ad34fa979d77253a6719043f1db094fc92540032196abfc57867a817c41d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 07:59:09 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Tue, 31 Oct 2023 04:04:18 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 113903
etag: "75937b2603f396e025fbbb53eef09984"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 96072
x-amz-cf-id: ybcURJYsLeAomm0wr9fTWa0fln3bPifl6hSZ9g48SS1MdisuBgtnCA==

GET
H2 200 6350-chocolate-chip-cookies.jpg
www.halegroves.com/images/xl/ 150 KB
151 KB 410ms
302ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/6350-chocolate-chip-cookies.jpg?v=3
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8a3b9a27b7975f95a7018c3f921af4e5b926b3cce37a07ebbc3802e75780eb70

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Wed, 07 Sep 2022 20:57:32 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "1fd1f9e921fe13ec5b562a371663bc90"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 153702
x-amz-cf-id: 4fFqsnrWnH9CWtafBUbquFsF6y7VIsXFA8SlKYDzFd2ghtPdXKQrNQ==

GET
H2 200 marmalades.jpg
www.halegroves.com/images/xl/ 126 KB
127 KB 431ms
323ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/marmalades.jpg?v=2
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4ccea8b02b372fb788a67bdabf23189f9f5529db8c85034c44747ae93ca5e43c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 04 Jun 2024 12:31:01 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Wed, 07 Sep 2022 20:58:19 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 270391
etag: "35ff499f2bc33dff9a3cb22e2fd9c9d9"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 129292
x-amz-cf-id: UBmPla9mkxgB4Vpm31m5N6Mr-HGe8Jezbeq4HQg8GGdWdW_GBjJ08Q==

GET
H2 200 HG23_6164_Hwinter_6983HG_resize_23.jpg
www.halegroves.com/images/xl/ 71 KB
72 KB 435ms
327ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/HG23_6164_Hwinter_6983HG_resize_23.jpg?v=1
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a15ade3a4aaccfe86fffe5ff04d547a250c521fa8fc8fb8398a1a6bfed69cd7

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Tue, 08 Aug 2023 17:44:27 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "3b97e25d7d77e19a76f930244dfe796c"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 73180
x-amz-cf-id: XnVlT3nXvFE-31pGZMpsooIQNE2yea9ccgX_-YrKMy4QCtznPUQRPQ==

GET
H2 200 130n-navel-oranges-sunshine-gift-box.jpg
www.halegroves.com/images/xl/ 111 KB
112 KB 394ms
287ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/130n-navel-oranges-sunshine-gift-box.jpg?v=2
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5068db76645e56f944cedd88e0936801038268cc13506c7b2242a4a54d20e81f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:39 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Wed, 07 Sep 2022 20:57:54 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "34ee1817b68155047a7ee766197c20b3"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 113961
x-amz-cf-id: ttCGo7KOV11Muxo2Apmw4zHVIxKFmIhASctgkj-0c8G2d7CU5-dVcQ==

GET
H2 200 130r-ruby-red-grapefruit-sunshine-gift-box.jpg
www.halegroves.com/images/xl/ 120 KB
120 KB 429ms
322ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/130r-ruby-red-grapefruit-sunshine-gift-box.jpg?v=2
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a12c1014e11dbd5cb8748a69c7a7a88e079535431a4d588a0b966ad5be1a57d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Fri, 09 Sep 2022 19:30:43 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "e3e3ad910d273dd5689fc84c42e526f5"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 122471
x-amz-cf-id: URTvBxEStZYEGDNFJCT65OLdBrbE-1AASaWMw3eRyexOnww0mDBgjQ==

GET
H2 200 130nr-navel-oranges-grapefruit-042030.jpg
www.halegroves.com/images/xl/ 124 KB
124 KB 294ms
185ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/130nr-navel-oranges-grapefruit-042030.jpg?v=2
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 828f5e20a6044ef92704b1a49b15693cf8133a1416c2d0f996b255db41bb7d5f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 03:39:09 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Wed, 07 Sep 2022 20:57:27 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 129503
etag: "95754c5ffe5bfac501ed34df68fb25dc"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 126579
x-amz-cf-id: Ddt1XCt2Da_WF0_PLF29SyAG5c_m6RLA_fyedSEvgjT01AmgOI6sAw==

GET
H2 200 142-spring-signature-gift-box-012720.jpg
www.halegroves.com/images/xl/ 159 KB
159 KB 425ms
317ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/142-spring-signature-gift-box-012720.jpg?v=2
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4a9e63eb00afce46dcdc6cc47c3af1d615b50625f643178041b474e562efe172

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 23 May 2024 23:49:35 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Wed, 07 Sep 2022 20:57:32 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 1266477
etag: "c72b1a4467a3fa4101ed9619e593b0f6"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 162561
x-amz-cf-id: hhiH6w6KolYvwzATWPipFt9cTQzj1dKamrGVSJhUBlk8A-V3edB8Ow==

GET
H2 200 101NCR3X-navel-oranges-honeybells-grapefruit-fruit-club.jpg
www.halegroves.com/images/xl/ 136 KB
137 KB 438ms
330ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/101NCR3X-navel-oranges-honeybells-grapefruit-fruit-club.jpg?v=2
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a7d3793e48d2c22d08ecf5c82cfa90c00337f59f49748ee19cc84061affa83e0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Wed, 07 Sep 2022 20:57:28 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "b62a860fbd715957d1b608baf2875088"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 139279
x-amz-cf-id: _i51riJHJv1H3PTqaGmnfyzNJ7qAYxRgFATpP6kcmGgHh7ZeHmvAFw==

GET
H2 200 772-grapefruit-knife-013019b.jpg
www.halegroves.com/images/xl/ 118 KB
119 KB 253ms
144ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/772-grapefruit-knife-013019b.jpg?v=1
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d6119fd7d5902fe2132d1739b4579f9b4cac68dfbfa055e0c4a220a38f6ab508

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Fri, 09 Sep 2022 19:30:40 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "bd473a1a2184b06ef448eb82dda88903"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 121298
x-amz-cf-id: zD7IulBPbeYIvgGMFpKFwmSkFWRPy-trd6DQUHGSdVOsdzxTwI_tHA==

GET
H2 200 780-grapefruit-spoon-013019b.jpg
www.halegroves.com/images/xl/ 145 KB
145 KB 346ms
238ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/780-grapefruit-spoon-013019b.jpg?v=1
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a654c105bae8f2f2e7e11caf385a4c01214c6c81615293d470141c9511045ae2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Fri, 09 Sep 2022 19:30:40 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "19bff7719611f709eaeeab9948469a2a"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 148271
x-amz-cf-id: 2rIrujXyF0V2aRKeop8T__qR8a8xJ_16xvSTXn7k_DSV229WCs_aWA==

GET
H2 200 HG23-CitrusToolKit.jpg
www.halegroves.com/images/xl/ 133 KB
133 KB 373ms
266ms Image
image/jpeg 18.239.36.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.halegroves.com/images/xl/HG23-CitrusToolKit.jpg?v=1
Requested by: Host: 28.saves.men
URL: https://28.saves.men/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.36.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-36-106.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: adb17bf177f2741f2b07195ef46b65de7ebc87161c558bb0b000949fc14b5bbe

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 10:10:40 GMT
via: 1.1 24145882259ee3aa55cb95d62adb00ea.cloudfront.net (CloudFront)
last-modified: Wed, 06 Dec 2023 00:12:21 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P2
age: 106012
etag: "27a702d0f81a5d34833ccc0c35faec7b"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
content-length: 135813
x-amz-cf-id: 64QiWX_Vfun75gTN9LufF-s-jWLkueqcqYICq8ReMLYfZTGxR9p_cg==

GET
H3 200 logo.png
28.saves.men/op/android/ 6 KB
7 KB 106ms
105ms Image
image/png 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://28.saves.men/op/android/logo.png

Requested by

Host: 28.saves.men
URL: https://28.saves.men/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d018940e1ce3df7aa5061a70b6347e42bd05294b81430e354643765746f68623

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:30 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6352
last-modified: Thu, 14 Feb 2019 08:22:21 GMT
server: cloudflare
etag: "18d0-581d65b760940"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u1BunVeZCbvIHTSKmMkmHX8iie%2BYuXbgjwMHCYgbwYd3mJCURFa0WySEf%2BltoEWHLIlsgix4mPU81eyHJJTc4Ka%2FZtDVMGVECIrUy9OCD5VWHnGzrhSgfQiY4s9KB4c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=3600
accept-ranges: bytes
cf-ray: 8901b94fde861973-FRA

GET
H3 200 gT7ooqgucsgZuT8gglGmLbTvJfo.js Show response
28.saves.men/cdn-cgi/apps/body/ 4 KB
3 KB 461ms
460ms Script
application/javascript 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/cdn-cgi/apps/body/gT7ooqgucsgZuT8gglGmLbTvJfo.js

Requested by

Host: 28.saves.men
URL: https://28.saves.men/cdn-cgi/apps/head/aVnC_agW_zFkmRhpvQkZJJXM4aQ.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39bcd42d10ef3ba6ded555f0f7aa96d8020fe3d3171aa8c95c00b78d0317cc07

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-version-id: .U5ZKkFhxhdNiAOkLApmco3ygYZZGbJE
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
x-amz-request-id: 0VM36ARTNG2YTBPX
strict-transport-security: max-age=2592000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
content-length: 1932
x-amz-id-2: 2UdwJSAO+nnqxtjMajUcb3Wrch130yYRnid7PPjxlAQ2Z59vFoyz9VoIW86gVey0PtoZE9mI1Pw=
last-modified: Wed, 17 Jan 2018 16:58:03 GMT
server: cloudflare
etag: "dde5e62933ed430ffd05425efd7ad764"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pzwRDq07nseqon9LIKJd2NC%2FUDanWRtyCZ6ZibfqgYcorFwtfk4bU9Eu1Kj8wLv9FiT2108xrTALS56%2FlR9YxL%2BMioYdVsaR6S95V4YYPEviVGfIj8PhKLhQODT7jDk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8901b94fde871973-FRA

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
32 KB 319ms
202ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 01:36:19 GMT
x-content-type-options: nosniff
age: 50472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Jun 2025 01:36:19 GMT

GET
H2 200 o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2
fonts.gstatic.com/s/notosans/v36/ 38 KB
39 KB 332ms
216ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v36/o-0bIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjc5a7duw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c01ec0de315f973f4c00041b7ae25e1a790cedff79a6fbb56c571bba379142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 05:37:13 GMT
x-content-type-options: nosniff
age: 36018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39412
x-xss-protection: 0
last-modified: Wed, 14 Feb 2024 22:43:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 07 Jun 2025 05:37:13 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/ 125 KB
126 KB 160ms
44ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 04 Jun 2024 14:10:34 GMT
x-content-type-options: nosniff
age: 264417
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Jun 2025 14:10:34 GMT

GET
H3 200 fontawesome-webfont.woff2
28.saves.men/best/2sdff_g/vcc/v6/fonts/ 55 KB
56 KB 78ms
71ms Font
text/plain 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/best/2sdff_g/vcc/v6/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: 28.saves.men
URL: https://28.saves.men/best/2sdff_g/vcc/min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/best/2sdff_g/vcc/min.css
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:31 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 15 Sep 2017 21:33:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "ddcc-5594123355f80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O0xyk8P1ST6dh66qIZxC9nmOEF5nCt4l8Df7xnLce%2FacNiBDEecvXTPfk8MoXb%2Bjs5AX8qmiELhVmE1qYOl1F4248sCVfhpli6niW%2BMzAB1191FbljFCifQx%2BYUHCfg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=3600
accept-ranges: bytes
cf-ray: 8901b95098201973-FRA
alt-svc: h3=":443"; ma=86400
content-length: 56780

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 156 KB
51 KB 203ms
98ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3814950462762836

Requested by

Host: 28.saves.men
URL: https://28.saves.men/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e6e9499be8808203026bd043c9619a07c53ecd4d4157dddf908d8e963f42cf76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52220
x-xss-protection: 0
server: cafe
etag: 13957513687839129267
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Fri, 07 Jun 2024 15:37:31 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 85 KB
30 KB 53ms
52ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Requested by

Host: 28.saves.men
URL: https://28.saves.men/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:31 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 391963
content-encoding: gzip
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: W/"5eb03ec4-1538f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZC1pLrWUWbi5lARuIKaQXqT5z4IyXOOjMVhUgWWEwhe47Dx3lfreroeYkcX56qBTXykahvtY%2BxhqUau70Yq7iyf%2BAdkDUkf9CnwvR73jKsp3Vh%2Fvrk4lYj0nA395UiAeV4qmvhjA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
timing-allow-origin: *
cf-ray: 8901b9515cd091ff-FRA
expires: Wed, 28 May 2025 15:37:31 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04bd065e6e6b19d274e29275414252aa0f97b5b307bf706a0b9f27f9ffa3e24c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406030101/ 425 KB
144 KB 195ms
110ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406030101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3814950462762836&plah=28.saves.men&aplac=true

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3814950462762836

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e4f6825bae7b651939c302e7a71835b1dd0ce7a9a471834c9d52590270bddec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 147237
x-xss-protection: 0
server: cafe
etag: 11590101831670187980
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 07 Jun 2024 15:37:34 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
4 KB 146ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: 28.saves.men
URL: https://28.saves.men/cdn-cgi/apps/body/gT7ooqgucsgZuT8gglGmLbTvJfo.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

800008b19c657e2dee748c3e28589230c1c4e8cf2dff1fa66e68a77a3270699b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Jun 2024 15:37:34 GMT
content-md5: 6YTQsknWY6cEkov93agQhA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=2806, tp=-1, tpl=-1, uplat=0, ullat=-1
x-fb-debug: Cae71uw6b1ulvlFT2zSUCPjyJGoiCNCnpSy0d+cVEbsbMrm8pX/oH927sN9FkvKuwHfGCIuxY9XFsQMYLhOPzg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: b35bf2c417da8c2e76f52ffb56715e60
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "fc4d5b80f02798378c3c2abd55077560"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
expires: Fri, 07 Jun 2024 15:39:48 GMT

GET
H3 200 favicon.ico
28.saves.men/ 2 KB
3 KB 80ms
80ms Other
image/x-icon 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd36bba386da059947f696d106f31d652b2a9738f852f528923f1c4a19a491cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 07 Jun 2024 13:51:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000; includeSubDomains; preload
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=clk6ksgulDMLeKiAR8TksiXzy9RwScj%2BZJavOCxRw85YieSweOxlrbx2qJOsn3kkpSHftQv52ii82bG9cJu06EU%2B1sMAjRfNGkVYdw%2BfZQB9u0p1fTtEEYksgnhLqIE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=3600
cf-ray: 8901b964a8811973-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 min.js Show response
28.saves.men/best/2sdff_g/js/ 85 KB
24 KB 68ms
68ms XHR
application/javascript 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/best/2sdff_g/js/min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b534c5a740b3080dacb4888157a735c5064c4994aa72f24420973e5e472301fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://28.saves.men/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-polished: origSize=129976
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 15 Aug 2022 18:06:15 GMT
server: cloudflare
etag: W/"1fbb8-5e64b7cd7b3c0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BpLRBgjrPNVaGXIqN0y6FpJvzxeY9%2BoZdfyM2YWOGiQ5RW2pVLREtCbVarwgv%2Bm3GoNcXxs%2FV7GTWHjX9j11ZQ5MTAk9MbW1ciuQEsqUngmmLahiY9p8cVV%2BwQMQ7wk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 8901b964a88c1973-FRA

GET
H2 200 / Show response
extreme-ip-lookup.com/json/ 440 B
589 B 160ms
49ms Script
text/javascript 109.236.91.3
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://extreme-ip-lookup.com/json/?callback=make
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 109.236.91.3 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx /
Resource Hash: 576d32fc46db04fa097792ad63f647dbc587cf4c48fb6ea92d52840a97b3c698

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 07 Jun 2024 15:37:34 GMT
cache-control: max-age=3600
server: nginx
access-control-allow-headers: *
content-length: 440
content-type: text/javascript; charset=utf-8;

GET
H3 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 137ms
66ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2478
etag: W/"a87c48d211877c49b878679b2e3cdab8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8901b965bd4fbbd2-WAW
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Mon, 10 Jun 2024 15:37:34 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.13.0/umd/ 19 KB
7 KB 55ms
55ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.13.0/umd/popper.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 75488
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6157
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6UJZNHbhJQqLZtv054piw596QW5zPwH5BTudMnAu47Ex6WZbT8UjYsw5%2Bn%2BQeISyarrqrVZGjOPIYQZYW8ekDHB1nZ%2BZjIBzDTNxhPmb8ho0Xf83NAaMBFhYJdgf0zHYv6zSHhN0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8901b9654bb391ff-FRA
expires: Wed, 28 May 2025 15:37:34 GMT

GET
H3 200 mdb.min.js Show response
cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/js/ 205 KB
54 KB 55ms
55ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/js/mdb.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed9c5481e8ee0aac1c6bb9b81554440b71f279f32aac618c1ced1618975abb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 5584389
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54886
last-modified: Mon, 04 May 2020 16:13:19 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f1f-334c3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gqqo1rMMqpq5UqBczMi%2BTAeJ9qj2rmgv68gGls54%2FBw9yVtqjIkQ6uMmL6b4ikcRQZIj6zsDnzR3SupINDUE9ovKqE9rnj2tbR%2BpVw3Ftksf%2FD7hY9DaLdFUKM8SQomCSb%2B6DX93"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8901b9654bb591ff-FRA
expires: Wed, 28 May 2025 15:37:34 GMT

GET
H3 200 jquery.mCustomScrollbar.min.js Show response
cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/ 39 KB
11 KB 52ms
51ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/3.1.5/jquery.mCustomScrollbar.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00a1230e22b6af3f9df1348f2cd54dc9dbe026f3a41b9bde3009dcefd1648ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 75481
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10595
last-modified: Mon, 04 May 2020 16:12:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ed4-9cd4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COuWISNpbZLaR%2F5RTJVxC91WEB3dGRh5PjliiBxXZUc48f9AL8Ced3O42bfCP1oW3GSw94NQjyLxRycpf57LxoCWSBH0wJC3LTKktPc%2BTnOXZTGRnDKyA9IYwlsnbwZmvgv%2FK5ca"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8901b9654bb691ff-FRA
expires: Wed, 28 May 2025 15:37:34 GMT

GET
H3 200 analy.php Show response
28.saves.men/best/2sdff_g/com/ 278 B
628 B 90ms
90ms XHR
text/html 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/best/2sdff_g/com/analy.php

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e186a022ede801db9e5815af51bb90d08dd0dfd97e172597db04f3e622f562e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: text/html, */*; q=0.01
Referer: https://28.saves.men/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iwoOQ%2BdzXyeR596i73JyfULO5fL3nrKmSuOpvj5dLTWwFlkmFrTFKtG6XAm8u3pfmNOoZsVxxEMQRbxVubZ5vowFkb%2Fzo3LExPJkw5eDcw6Oquk2EsZHR7yH0ZJBV0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 8901b96579ab1973-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 topmanu.php Show response
28.saves.men/best/2sdff_g/com/desin/header/v77/ 5 KB
1 KB 92ms
92ms XHR
text/html 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/best/2sdff_g/com/desin/header/v77/topmanu.php

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

618e45c222653f18b58156ff75d960859ee8f694bb5939f9524143f3a893e33d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: text/html, */*; q=0.01
Referer: https://28.saves.men/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=djFj9YeqIvbsjORV%2F0iX61HTz4Yc0l4matCccEGzh5Cu4v21kjVPeIaiEds9pS5VTmjdbCxlF9AcvDiogW27sdlONZVFdaGLBopNeLEi4FGVOmi%2FVzCz2PV4PXvoLX4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 8901b96579ae1973-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 305 KB
87 KB 88ms
44ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=769600873fe540dedf74ff5ee95e6edb

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

50595908d24492eea04033964a4e17abaa9bebf1ee7d18fc99fafe391cade548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Jun 2024 15:37:34 GMT
content-md5: 9UD+X0dRQQmNNuuDT3PRiA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 89072
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=23, mss=1232, tbw=4300, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: dhd3F3TtRCpaVAp0qtgtKuuiihodBLgUHXJiroDIQ+dsfO1e8ccXtHM3nNnZ43O4njtQN/uCbAVrU1VJ7A+MRg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: bd42e50a556d82101a0daf0e0bedd79c
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "9fa402c159d55ba09e9245a4d20833f4"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Sat, 07 Jun 2025 13:46:10 GMT

GET
H3 200 jquery.mousewheel.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 3 KB
2 KB 52ms
51ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 68420
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1046
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-ad3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hPWwYONgqsjmAwwuPVIod4TZlpbPpHP0WKjQhMYNVWULXxh3oD%2FiBRpy1eBINVkcWQZ88Dl9xpTNipWybDxY0l%2FW7LazEhy3S6%2BH%2FqdYV0Y9CHSaR7Co1D2R%2FwAxz0kI2wwAV9%2Bu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8901b965ac2a91ff-FRA
expires: Wed, 28 May 2025 15:37:34 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 196 KB
71 KB 194ms
74ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-74947533-1

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2357d14de90240e1d177e5789c46c3bf067176063d04f11e09df463fb2af5b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 72774
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 07 Jun 2024 15:37:34 GMT

GET jquery-3.3.1.min.js
code.jquery.com/ 0
0

GET
H3 200 toxojson.php Show response
28.saves.men/best/2sdff_g/com/desin/header/v6/ 134 KB
39 KB 102ms
101ms XHR
application/json 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://28.saves.men/best/2sdff_g/com/desin/header/v6/toxojson.php

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11fc0bc9eea43dac51e45f95663c757a78cecf67a3bc5978f5c6f1a0c4d6bed7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept: */*
Referer: https://28.saves.men/
X-Requested-With: XMLHttpRequest
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=2592000; includeSubDomains; preload
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEjEGGoqzvWbMHD2R0J14aCqqzyIHlu3Z5kqSTXjJnewCt%2FMLC%2FUcakEVjLTrcSHtFDBpcDpTB53rUZSxVmpcFbn4fjwGw2WOQqH0ihUhNNvGDP%2F2fbJZsc20R2jH5U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cf-ray: 8901b9661aed1973-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 80ms
79ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2478
etag: W/"e3be409ac3c100e2a5d3f264ec260551"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8901b9663e1bbbd2-WAW
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Mon, 10 Jun 2024 15:37:34 GMT

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20240605/r20110914/ Frame 4B5F 0
0 223ms
45ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20240605/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406030101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3814950462762836&plah=28.saves.men&aplac=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 76244
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4165
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jun 2024 18:26:50 GMT
etag: 3711839061170457607
expires: Thu, 20 Jun 2024 18:26:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame CCC4 0
0 630ms
501ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-3814950462762836&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1717774654&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2F28.saves.men%2F&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=30~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aiael=30~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&aifxl=30_23~27_8~29_18&aiixl=30_6~27_3~29_5&aslmct=0.7&asamct=0.7&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNS4wLjY0MjIuMTQxIixudWxsLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMjUuMC42NDIyLjE0MSJdLFsiQ2hyb21pdW0iLCIxMjUuMC42NDIyLjE0MSJdLFsiTm90LkEvQnJhbmQiLCIyNC4wLjAuMCJdXSwwXQ..&dt=1717774654136&bpp=7&bdt=3826&idt=298&shv=r20240605&mjsv=m202406030101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=4317900602208&frm=20&pv=2&ga_vid=366449407.1717774654&ga_sid=1717774654&ga_hid=1672571542&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31084199%2C44795922%2C95332925%2C95334509%2C95334527%2C95334571%2C95335263%2C95334053%2C95334157%2C21065724%2C31078668&oid=2&pvsid=1532846553997636&tmod=2025909054&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&nt=1&ifi=1&uci=a!1&fsb=1&dtd=369

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 31079
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 07 Jun 2024 15:37:35 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 17 KB
13 KB 144ms
142ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240605&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

064963547d3fec201c56ae5dbdda47fa7512da680a6448717e78a46832d00f3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12789
x-xss-protection: 0

GET
H3 200 me.png
28.saves.men/images/ 53 B
53 B 82ms
81ms Image
text/html 172.67.217.217
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://28.saves.men/images/me.png

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.217.217 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 07 Jun 2024 13:51:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPCRyx2cPR4jf9mZcstnAmh6oEqvKYFW3e%2BsaS9pk%2FjYnMI3CqVo%2FyIH8AKsvihwe%2Byn%2FzOlu5jn74OnEcW7d1TCZYKWpF1dcJF35sMRmk1TKZ5Uhh%2FnQYj9soqC9f8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=3600
cf-ray: 8901b9674cd01973-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 web Show response
onesignal.com/api/v1/sync/267feea5-89b0-4dba-8a72-0cf366d8c372/ 5 KB
2 KB 136ms
124ms Script
text/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/267feea5-89b0-4dba-8a72-0cf366d8c372/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0eab228ca85119ae80f417dcf1499997cb713946685f5d1f2224542fa036005

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 5737a6a7-ce9f-4170-9599-d48f881470e5
x-runtime: 0.029107
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"e0eab228ca85119ae80f417dcf149999"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 8901b967d880bbd2-WAW
access-control-allow-headers: SDK-Version
expires: Fri, 07 Jun 2024 16:37:34 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 210ms
101ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 07 Jun 2024 15:37:34 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 302 KB
101 KB 75ms
74ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JK1EDLGPQV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74947533-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a34abcf51960b74ded84b3370b357b7f4bb4c7ca9745be01c30f0ff192433ac1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103115
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 07 Jun 2024 15:37:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 151ms
48ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74947533-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 07 Jun 2024 13:41:03 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6991
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 07 Jun 2024 15:41:03 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 228ms
100ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JK1EDLGPQV&gtm=45je4650v885793253za200&_p=1717774654392&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=366449407.1717774654&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1717774654&sct=1&seg=0&dl=https%3A%2F%2F28.saves.men%2F&dt=28%20Dips%20%26%20Spreads%20-%20Jams%20%26%20Jellies%20Food%20Gift%20Baskets%20-%20Home%20%26%20Garden%20Food%20Gift%20%7C%20Kitchen%20Tools%20%26%20Utensils%2028.saves.men&en=page_view&_fv=1&_ss=1&tfd=5523
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JK1EDLGPQV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 07 Jun 2024 15:37:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://28.saves.men
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
48 B 230ms
99ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JK1EDLGPQV&cid=366449407.1717774654&gtm=45je4650v885793253za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JK1EDLGPQV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 07 Jun 2024 15:37:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://28.saves.men
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 189ms
64ms Image
image/gif 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JK1EDLGPQV&cid=366449407.1717774654&gtm=45je4650v885793253za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&frm=0&z=1845985685

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 07 Jun 2024 15:37:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2AE6 0
0 132ms
42ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 23421
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 07 Jun 2024 09:07:14 GMT
expires: Sat, 07 Jun 2025 09:07:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
206 B 50ms
49ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1672571542&t=pageview&_s=1&dl=https%3A%2F%2F28.saves.men%2F&ul=de-de&de=UTF-8&dt=28%20Dips%20%26%20Spreads%20-%20Jams%20%26%20Jellies%20Food%20Gift%20Baskets%20-%20Home%20%26%20Garden%20Food%20Gift%20%7C%20Kitchen%20Tools%20%26%20Utensils%2028.saves.men&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=951800589&gjid=601434346&cid=366449407.1717774654&tid=UA-74947533-1&_gid=1737932306.1717774655&_r=1&gtm=457e4650za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&jsscut=1&npa=1&z=1854083992

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 07 Jun 2024 15:37:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://28.saves.men
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
348 B 104ms
99ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-74947533-1&cid=366449407.1717774654&jid=951800589&gjid=601434346&_gid=1737932306.1717774655&npa=1&_u=YADAAUAAAAAAACAAI~&z=404760070

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 07 Jun 2024 15:37:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://28.saves.men
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406030101/ 168 KB
56 KB 94ms
93ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202406030101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

5f69dfb63517aebb6011cf75b81b75d7ed7e711240978b0d95cb332dd90876e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57787
x-xss-protection: 0
server: cafe
etag: 9345074846308648915
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 Jun 2024 15:37:35 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 260ms
65ms Image
image/gif 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-74947533-1&cid=366449407.1717774654&jid=951800589&npa=1&_u=YADAAUAAAAAAACAAI~&z=790860841

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 07 Jun 2024 15:37:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 64ms
64ms Image
image/gif 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-74947533-1&cid=366449407.1717774654&jid=951800589&npa=1&_u=YADAAUAAAAAAACAAI~&z=790860841

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 07 Jun 2024 15:37:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20240605/r20110914/ Frame BF13 0
0 0ms
0ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20240605/r20110914/zrt_lookup_fy2021.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://28.saves.men/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 76244
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4165
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 06 Jun 2024 18:26:50 GMT
etag: 3711839061170457607
expires: Thu, 20 Jun 2024 18:26:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 64ms
64ms Stylesheet
text/css 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:37 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2477
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 8901b97b880bbbd2-WAW
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Sun, 07 Jul 2024 15:37:37 GMT

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/267feea5-89b0-4dba-8a72-0cf366d8c372/ 44 B
707 B 170ms
105ms Fetch
application/json 104.16.160.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/267feea5-89b0-4dba-8a72-0cf366d8c372/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.160.145 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e51140cdcd044ad76335646936ec53196a169aace83a8b266bc1c182a944609b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://28.saves.men/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:38 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: MISS
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400
content-length: 44
x-xss-protection: 1; mode=block
x-request-id: 301ea9a3-9bcf-48d4-8002-b6d694affce3
x-runtime: 0.012641
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"e51140cdcd044ad76335646936ec5319"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept, Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
accept-ranges: bytes
cf-ray: 8901b97c7d59bbb8-WAW
access-control-allow-headers: SDK-Version

GET
DATA 200
OK truncated
/ 582 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1f6b66e052e0dba3f115f59a94d7304a27a73848db4b8995e2a2017ba79046b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 Roboto-Regular.woff2
cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/font/roboto/ 48 KB
49 KB 189ms
142ms Font
application/octet-stream 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/font/roboto/Roboto-Regular.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/css/mdb.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5c9c23bd12593523a46d79dd0aee80e3226bbde4c9ac05fc30a95e2c1510de0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/css/mdb.min.css
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:38 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 724586
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 49236
last-modified: Mon, 04 May 2020 16:13:19 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f1f-c054"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MEfKfCnHtBuVannRO%2BGo4v1CR9bBf4yQRiXWvDbBqRXD00PKGiKpmpc5blsHDLHtOandvWyCdSherjywmc9ovm5eD3OCH6nkEJwOBoKwmURAAH8UtaacTaYl8bxOqcQ5DBzjiLwl"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8901b97dbb252bdc-FRA
expires: Wed, 28 May 2025 15:37:38 GMT

GET
H3 200 Roboto-Light.woff2
cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/font/roboto/ 48 KB
49 KB 103ms
57ms Font
application/octet-stream 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/font/roboto/Roboto-Light.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/css/mdb.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a0ac8d73bb60a9cbe27a4fa36669104f6ffa37c8ff2df29313a6c0d3b64a75

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://cdnjs.cloudflare.com/ajax/libs/mdbootstrap/4.5.9/css/mdb.min.css
Origin: https://28.saves.men
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 07 Jun 2024 15:37:38 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7426957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 49380
last-modified: Mon, 04 May 2020 16:13:19 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f1f-c0e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3fbXNuu2KF9yBenan1%2BvQDHkT1bTnEG6F%2BKtVYkxAiJCjT%2BIomBluHAfxq0XGVWZGgjiWRt0de0qCW0Kzj0E6XtfbRMVm8qOv2%2F6D%2FVkq81oWZijsSLW8BoZPKcJwFpqOuiXWyMg"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8901b97dbb202bdc-FRA
expires: Wed, 28 May 2025 15:37:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lghttp.17106.nexcesscdn.net
URL: https://lghttp.17106.nexcesscdn.net/808773/magento/media/catalog/product/cache/1/small_image/220x330/9df78eab33525d08d6e5fb8d27136e95/s/h/shoes-heels-plsr-kiss-295clearclear.jpg

Domain: code.jquery.com
URL: http://code.jquery.com/jquery-3.3.1.min.js

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240605&jk=1532846553997636&bg=!HxylHFPNAAb64txl2uI7ADQBe5WfOINXWywE2e1qWPdGNtE3zqzdgpvROLOCiJNUdCch8QekjrugiWm-J2FZXTTtvP8WAgAAAMRSAAAABmgBB34ANVDq5Tlj8geeqgJ1hlwIaa2ZOA0ywD8d1VHiS9Ud82a1HLNVELFD6QWSrzhOMl9O65ub6Da7CgAuf8msUBs1ghGJgF-ZkBDjwjRiHssOHLXidhZGUynC-Kp2skYW7EEEBoeh3FKPJJkCnLmjixnDoyM6ZAiOsGdW09LElRYztQW7zd_4u3dHp7zw9PSxcBQBlzydR-GkIhdPk6Bys6wZIkQIn3SFY1qbhGgEoc3-ka8s2JZfF-gJuJrKsWXc6BppBfy-GyOde7O9ejxi1BLG70KVDgyZvLPMVeOPOWMhbKkDFmwJQVt1yaee3Vy5SvRO923l4grBtrqVMmZujQQJXBaneM1DApMn4B8-BEzHR9VnSCbccfiQYckt3nN6LsYm_IXp6jcFpT6t44lWaPQoFj9ssXXe3Q3c4lhn88MZthFaS6tdnbkGbUvb6ws4_K9KGLKhnweWaD5qkSjyA0vI2zYw-FJ__kOx49cKTij0VVl1DfqoOheWix63-_BMIYXBtul5JqhvqMSBu2x4_lB5w4lukenKiXES9ooPTQ-w4whQBJYvvcos8rXh0ZmBX5zJ5cuLmPeO8OPNXka-aT79jBH6O61Xo0-LM81eepa1rnbCqPZZWUKYvaDVp35qj1A_tyM1DsV1IyzHedKw9-yNTbz8HZpw-O0wPXbgmWFrcJ0_ZYLZJYMEOwPNvtPRi8q1sDssWpWcYt6o2DdpNavN72jSmEPtwTHCj_jQvPaATo1p17yZ23Dj14slgcrEei4U5ieuoEZqZSuj27Tot63cuVEGmR8S0lmu7OYSBFb_6qO0K6ce-OvEeum8Wzpc2Pi-vWfKWveYbcInWqc9jBDlJJOMgbJGFNFDsFSKuAEUUJCRTYo4o0H3I4oQF6Jt8S68pqzHMotiTw45UqCKjHPzK2pOmScKllC11sDnehZ6C5q_s1AeZJ2eMTzOa4P9BNWduUr24ddZAQagSIbghoj3_8JL_UB4u9TQZex2Q5OQoLNZD5fR90Kess3Ra0aI1HOrwALk2WxZ

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dotomi.com/	1969-12-31 23:59:59	Name: CJSession Value: 55c910a3-43d7-420d-902c-aa84a09629df
.dotomi.com/	1970-01-21 06:36:56	Name: cjae Value: yI0.qEymD_Ks
.dotomi.com/	1970-01-21 06:36:56	Name: DotomiUser Value: 400605751310214653$0$1
.emjcd.com/	1970-01-21 06:36:56	Name: S Value: 400605751310214653:yI0.qEymD_Ks
.emjcd.com/	1969-12-31 23:59:59	Name: CJSession Value: 55c910a3-43d7-420d-902c-aa84a09629df
28.saves.men/	1970-01-20 21:11:01	Name: visit Value: 1
.onesignal.com/	1970-01-20 21:09:36	Name: __cf_bm Value: CoNhRJ5m4fC1Jd07C82qnGniZ6ZVIyRtIcFZua7kitM-1717774654-1.0.1.1-lgOJCPT3BirRKYIftX7KFLCWab5PmepzE3V957YchB6kvxAraiIAPJfKnHVjFGLuZjydVW_puJe1hSQfSUKTpg
.saves.men/	1970-01-21 06:45:34	Name: _ga Value: GA1.2.366449407.1717774654
.saves.men/	1970-01-20 21:11:01	Name: _gid Value: GA1.2.1737932306.1717774655
.saves.men/	1970-01-20 21:09:34	Name: _gat_gtag_UA_74947533_1 Value: 1
.saves.men/	1970-01-21 01:28:46	Name: __eoi Value: ID=9e1b83f48a9339a0:T=1717774654:RT=1717774654:S=AA-AfjYS-BcyHPFVoqZKRQ-zP3tp
.saves.men/	1970-01-21 06:45:34	Name: _ga_JK1EDLGPQV Value: GS1.1.1717774654.1.0.1717774656.58.0.0

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.tqlkg.com/image-7658614-13081546'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-12611340'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.tqlkg.com/image-7658614-12956509'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-12856579'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-12235495'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.tqlkg.com/image-7658614-13086308'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-11485870'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/ Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.ftjcfx.com/image-7658614-12161616'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.tqlkg.com/image-7658614-13081546'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-12611340'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.tqlkg.com/image-7658614-12956509'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-12856579'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-12235495'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.tqlkg.com/image-7658614-13086308'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.awltovhc.com/image-7658614-11485870'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://28.saves.men/(Line 1510) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure element 'http://www.ftjcfx.com/image-7658614-12161616'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://lghttp.17106.nexcesscdn.net/808773/magento/media/catalog/product/cache/1/small_image/220x330/9df78eab33525d08d6e5fb8d27136e95/s/h/shoes-heels-plsr-kiss-295clearclear.jpg Message: Failed to load resource: net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js(Line 1) Message: Mixed Content: The page at 'https://28.saves.men/' was loaded over HTTPS, but requested an insecure script 'http://code.jquery.com/jquery-3.3.1.min.js'. This request has been blocked; the content must be served over HTTPS.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://28.saves.men/ Message: The keyword 'push-button' used on the 'appearance' property was deprecated and has now been removed. It will no longer have any effect.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

28.saves.men
banners.one.com
cdn.onesignal.com
cdnjs.cloudflare.com
cj.dotomi.com
code.jquery.com
connect.facebook.net
extreme-ip-lookup.com
fonts.googleapis.com
fonts.gstatic.com
lghttp.17106.nexcesscdn.net
onesignal.com
pagead2.googlesyndication.com
region1.analytics.google.com
s7d5.scene7.com
stats.g.doubleclick.net
tpc.googlesyndication.com
www.awltovhc.com
www.emjcd.com
www.ftjcfx.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.halegroves.com
www.tqlkg.com
www.yceml.net
code.jquery.com
lghttp.17106.nexcesscdn.net
pagead2.googlesyndication.com
104.16.160.145
104.17.111.223
104.17.25.14
109.236.91.3
142.250.184.226
142.250.185.163
142.250.186.132
157.240.251.9
172.67.217.217
18.239.36.106
195.47.247.12
2001:4860:4802:32::36
23.61.159.142
2a00:1450:4001:80b::200a
2a00:1450:4001:813::2008
2a00:1450:4001:813::200e
2a00:1450:4001:830::2001
2a00:1450:4001:830::2003
2a00:1450:400c:c00::9c
2a02:26f0:3500:599::9b6
2a03:2880:f083:9:face:b00c:0:3
89.207.16.75
00a1230e22b6af3f9df1348f2cd54dc9dbe026f3a41b9bde3009dcefd1648ae1
04bd065e6e6b19d274e29275414252aa0f97b5b307bf706a0b9f27f9ffa3e24c
064963547d3fec201c56ae5dbdda47fa7512da680a6448717e78a46832d00f3a
11fc0bc9eea43dac51e45f95663c757a78cecf67a3bc5978f5c6f1a0c4d6bed7
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2357d14de90240e1d177e5789c46c3bf067176063d04f11e09df463fb2af5b70
2bcae4bab5b4d9b0a1c3eb554bfdb28c74e8af691b63cc2130f0b5a42efb70ca
2d4bc9c3ff3f6be84acbd230bb1897e1e4b862a3e81ecee0bf7967ce93d57f1c
32c2d85077ee594b3d2688d4c7b5630a5e412493f2f46272fde075afebc4d0a5
3701f1301f8bc58fc4ce23a83a4f7059bde4d13709565498613fcf0386816e1b
39bcd42d10ef3ba6ded555f0f7aa96d8020fe3d3171aa8c95c00b78d0317cc07
3c48ad34fa979d77253a6719043f1db094fc92540032196abfc57867a817c41d
4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f
41dd3e48dbef1ddbc59957d4e99ef7662c1702dd8b55d0900b02150f87af354a
4a9e63eb00afce46dcdc6cc47c3af1d615b50625f643178041b474e562efe172
4ccea8b02b372fb788a67bdabf23189f9f5529db8c85034c44747ae93ca5e43c
50595908d24492eea04033964a4e17abaa9bebf1ee7d18fc99fafe391cade548
5068db76645e56f944cedd88e0936801038268cc13506c7b2242a4a54d20e81f
576d32fc46db04fa097792ad63f647dbc587cf4c48fb6ea92d52840a97b3c698
5f69dfb63517aebb6011cf75b81b75d7ed7e711240978b0d95cb332dd90876e3
618e45c222653f18b58156ff75d960859ee8f694bb5939f9524143f3a893e33d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6626875a972500b17084cd02ab4172256a9e30b6b4c7f3b4745d098c9dae44e6
6e3db48a3eb5acc5ff387f23a99813ae6332c8c00bff027dfd208ba62519db99
794c75cb3af217cdad26419bdc1a20c3057161ed6913ae5dd59784110c62283d
800008b19c657e2dee748c3e28589230c1c4e8cf2dff1fa66e68a77a3270699b
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
828f5e20a6044ef92704b1a49b15693cf8133a1416c2d0f996b255db41bb7d5f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8a3b9a27b7975f95a7018c3f921af4e5b926b3cce37a07ebbc3802e75780eb70
8bacab6e8220be1b3ce1eb317526903a7a2d88eaa51f58dcdec86ff4daec8c65
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
91c01ec0de315f973f4c00041b7ae25e1a790cedff79a6fbb56c571bba379142
94a0ac8d73bb60a9cbe27a4fa36669104f6ffa37c8ff2df29313a6c0d3b64a75
9a12c1014e11dbd5cb8748a69c7a7a88e079535431a4d588a0b966ad5be1a57d
9a15ade3a4aaccfe86fffe5ff04d547a250c521fa8fc8fb8398a1a6bfed69cd7
9c0090d3c408776f4f1311087301a56bd9a798f9f72addb69e0ea1d4b22e74dc
a1416bd76d8ae022c1b2aac177c67bd8d82a571fa7ea71ed8df1dea96cbb7eb9
a34abcf51960b74ded84b3370b357b7f4bb4c7ca9745be01c30f0ff192433ac1
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a654c105bae8f2f2e7e11caf385a4c01214c6c81615293d470141c9511045ae2
a7d3793e48d2c22d08ecf5c82cfa90c00337f59f49748ee19cc84061affa83e0
adb17bf177f2741f2b07195ef46b65de7ebc87161c558bb0b000949fc14b5bbe
b534c5a740b3080dacb4888157a735c5064c4994aa72f24420973e5e472301fa
b5c9c23bd12593523a46d79dd0aee80e3226bbde4c9ac05fc30a95e2c1510de0
b8ec5a8f44b10bfbdc8a90e59bd13790f7f115a1023a2434c276efe2a238ee0f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c1f6b66e052e0dba3f115f59a94d7304a27a73848db4b8995e2a2017ba79046b
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cde2998b17899094c08cb62f2345da9cbdfb339da6fc256a28525a91ff476800
d018940e1ce3df7aa5061a70b6347e42bd05294b81430e354643765746f68623
d6119fd7d5902fe2132d1739b4579f9b4cac68dfbfa055e0c4a220a38f6ab508
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0eab228ca85119ae80f417dcf1499997cb713946685f5d1f2224542fa036005
e186a022ede801db9e5815af51bb90d08dd0dfd97e172597db04f3e622f562e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f6825bae7b651939c302e7a71835b1dd0ce7a9a471834c9d52590270bddec7
e51140cdcd044ad76335646936ec53196a169aace83a8b266bc1c182a944609b
e6e9499be8808203026bd043c9619a07c53ecd4d4157dddf908d8e963f42cf76
e78d9ade7b3bfcbcd2afa052e09b16d59c0505adb5715f3e6ed3180f33fbe16b
ebc27b89de27a7b1b9abcf5d369cdb222d99fdb6f4c4b981484488e3e2cfdf25
ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a
ed9c5481e8ee0aac1c6bb9b81554440b71f279f32aac618c1ced1618975abb61
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd36bba386da059947f696d106f31d652b2a9738f852f528923f1c4a19a491cb

28.saves.men Open in urlscan Pro 172.67.217.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

76 Requests

87 %HTTPS

41 %IPv6

24 Domains

27 Subdomains

22 IPs

6 Countries

3375 kBTransfer

5693 kBSize

12 Cookies

9 Outgoing links

Redirected requests

76 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

28.saves.men Open in urlscan Pro
172.67.217.217 Public Scan

Screenshot
Live screenshot

Full Image

76
Requests

87 %
HTTPS

41 %
IPv6

24
Domains

27
Subdomains

22
IPs

6
Countries

3375 kB
Transfer

5693 kB
Size

12
Cookies

76 HTTP transactions
2 data transactions