www.au-education.xyz Open in urlscan Pro
142.250.186.147 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.au-education.xyz/login.php
Submission Tags: krdprod
Submission: On October 11 via api (October 11th 2021, 12:55:12 am UTC) from JP — Scanned from DE

Summary HTTP 161 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 39 IPs in 6 countries across 45 domains to perform 161 HTTP transactions. The main IP is 142.250.186.147, located in United States and belongs to GOOGLE, US. The main domain is www.au-education.xyz.
TLS certificate: Issued by GTS CA 1D4 on October 9th 2021. Valid for: 3 months.

This is the only time www.au-education.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	142.250.186.147 142.250.186.147	15169 (GOOGLE) (GOOGLE)
1	3.129.250.65 3.129.250.65	16509 (AMAZON-02) (AMAZON-02)
3	104.18.225.52 104.18.225.52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
14	172.217.18.97 172.217.18.97	15169 (GOOGLE) (GOOGLE)
3	192.243.59.20 192.243.59.20	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	104.21.80.8 104.21.80.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	13.32.121.17 13.32.121.17	16509 (AMAZON-02) (AMAZON-02)
6	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
1	192.243.59.13 192.243.59.13	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
16	148.251.155.232 148.251.155.232	24940 (HETZNER-AS) (HETZNER-AS)
2	23.95.12.219 23.95.12.219	36352 (AS-COLOCR...) (AS-COLOCROSSING)
3	23.95.12.218 23.95.12.218	36352 (AS-COLOCR...) (AS-COLOCROSSING)
1	142.250.186.65 142.250.186.65	15169 (GOOGLE) (GOOGLE)
1	104.26.13.118 104.26.13.118	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	139.45.197.234 139.45.197.234	9002 (RETN-AS) (RETN-AS)
3	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
9	139.45.197.250 139.45.197.250	9002 (RETN-AS) (RETN-AS)
6	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
2	139.45.197.243 139.45.197.243	9002 (RETN-AS) (RETN-AS)
4	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	152.228.223.13 152.228.223.13	16276 (OVH) (OVH)
1 2	104.26.6.17 104.26.6.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.21.79.4 104.21.79.4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	188.72.201.86 188.72.201.86	35415 (WEBZILLA) (WEBZILLA)
3	139.45.197.240 139.45.197.240	9002 (RETN-AS) (RETN-AS)
4	104.22.25.116 104.22.25.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	104.168.58.149 104.168.58.149	36352 (AS-COLOCR...) (AS-COLOCROSSING)
26	104.26.8.100 104.26.8.100	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.174 142.250.186.174	15169 (GOOGLE) (GOOGLE)
1	104.16.89.20 104.16.89.20	() ()
3	216.58.212.138 216.58.212.138	() ()
1	52.222.214.85 52.222.214.85	() ()
5	172.64.142.12 172.64.142.12	() ()
1	52.222.214.30 52.222.214.30	() ()
1	216.58.212.136 216.58.212.136	() ()
161	39

2 142.250.186.147 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f19.1e100.net

www.au-education.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.129.250.65 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-250-65.us-east-2.compute.amazonaws.com

ads.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.225.52 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 172.217.18.97 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f97.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

pl16633608.effectivecpmgate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pl16633601.effectivecpmgate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.80.8 (None, )

ASN13335 (CLOUDFLARENET, US)

www.scarlet-clicks.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.17 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-17.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.243.59.13 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

www.effectivedisplayformat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 148.251.155.232 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.232.155.251.148.clients.your-server.de

ad.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acceptable.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.95.12.219 (United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 23-95-12-219-host.colocrossing.com

ad2bitcoin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.95.12.218 (United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 23-95-12-218-host.colocrossing.com

adalso.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tiggercoin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.65 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f1.1e100.net

blogger.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.13.118 (United States)

ASN13335 (CLOUDFLARENET, US)

iclickcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.234 (United Kingdom)

ASN9002 (RETN-AS, GB)

bedrapiona.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 139.45.197.250 (United Kingdom)

ASN9002 (RETN-AS, GB)

pseepsie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

toglooman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.243 (United Kingdom)

ASN9002 (RETN-AS, GB)

onmarshtompor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.228.223.13 (France)

ASN16276 (OVH, FR)
PTR: ns3190386.ip-152-228-223.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.6.17 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

get.cryptobrowser.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.79.4 (None, )

ASN13335 (CLOUDFLARENET, US)

www.adthurst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 188.72.201.86 (Netherlands)

ASN35415 (WEBZILLA, NL)

interst12.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.240 (United Kingdom)

ASN9002 (RETN-AS, GB)

propeller-tracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.22.25.116 (None, )

ASN13335 (CLOUDFLARENET, US)

littlecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.168.58.149 (United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 104-168-58-149-host.colocrossing.com

bandirun.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
donaldco.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
smurfgo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 104.26.8.100 (United States)

ASN13335 (CLOUDFLARENET, US)

ad.gab.ag	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gab.ag	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.174 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.89.20 (None, )

ASN- ()

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.138 (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.85 (None, )

ASN- ()

arc.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.64.142.12 (None, )

ASN- ()

adhitzads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p3.adhitzads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.30 (None, )

ASN- ()

adserver.reklamstore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.136 (None, )

ASN- ()

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	gab.ag ad.gab.ag www.gab.ag	336 KB
16	a-ads.com ad.a-ads.com static.a-ads.com acceptable.a-ads.com	2 MB
9	pseepsie.com pseepsie.com	45 KB
9	ampproject.org cdn.ampproject.org	143 KB
6	toglooman.com toglooman.com	130 KB
6	gstatic.com fonts.gstatic.com	139 KB
5	adhitzads.com adhitzads.com p3.adhitzads.com	3 KB
5	interst12.com interst12.com	159 KB
5	blogspot.com 2.bp.blogspot.com 1.bp.blogspot.com	161 KB
4	littlecdn.com littlecdn.com	35 KB
4	rtmark.net my.rtmark.net	2 KB
3	googleapis.com fonts.googleapis.com	3 KB
3	smurfgo.com smurfgo.com	2 KB
3	propeller-tracking.com propeller-tracking.com	4 KB
3	dozubatan.com dozubatan.com	32 KB
3	effectivecpmgate.com pl16633608.effectivecpmgate.com pl16633601.effectivecpmgate.com
3	onesignal.com cdn.onesignal.com onesignal.com	73 KB
2	google-analytics.com www.google-analytics.com ssl.google-analytics.com	18 KB
2	adthurst.com www.adthurst.com
2	cryptobrowser.site 1 redirects get.cryptobrowser.site	602 B
2	onmarshtompor.com onmarshtompor.com	3 KB
2	adalso.com adalso.com	949 B
2	ad2bitcoin.com ad2bitcoin.com	4 KB
2	doubleclick.net googleads.g.doubleclick.net	5 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com	92 KB
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	861 B
2	googlesyndication.com pagead2.googlesyndication.com	145 KB
2	au-education.xyz www.au-education.xyz	12 KB
1	reklamstore.com adserver.reklamstore.com	29 KB
1	arc.io arc.io static.arc.io Failed core.arc.io Failed	3 KB
1	jsdelivr.net cdn.jsdelivr.net	8 KB
1	tiggercoin.com tiggercoin.com	488 B
1	donaldco.in donaldco.in	489 B
1	bandirun.com bandirun.com	335 B
1	ibb.co i.ibb.co	996 B
1	bedrapiona.com bedrapiona.com	3 KB
1	iclickcdn.com iclickcdn.com	22 KB
1	googleusercontent.com blogger.googleusercontent.com	30 KB
1	google.com adservice.google.com	570 B
1	googleadservices.com partner.googleadservices.com	270 B
1	effectivedisplayformat.com www.effectivedisplayformat.com
1	scarlet-clicks.info www.scarlet-clicks.info	92 KB
1	vidoomy.com ads.vidoomy.com pixel.vidoomy.com Failed	4 KB
0	mellowads.com Failed mellowads.com Failed
0	histats.com Failed s4is.histats.com Failed
161	45

	Domain	Requested by
24	www.gab.ag	ad.gab.ag www.gab.ag
9	pseepsie.com	iclickcdn.com pseepsie.com www.au-education.xyz
9	cdn.ampproject.org	www.au-education.xyz cdn.ampproject.org pagead2.googlesyndication.com
6	static.a-ads.com	ad.a-ads.com acceptable.a-ads.com
6	toglooman.com	iclickcdn.com toglooman.com
6	ad.a-ads.com	www.au-education.xyz adalso.com tiggercoin.com ad2bitcoin.com www.gab.ag
6	fonts.gstatic.com	www.au-education.xyz fonts.googleapis.com
5	interst12.com	toglooman.com interst12.com
4	acceptable.a-ads.com	smurfgo.com donaldco.in
4	littlecdn.com	interst12.com
4	my.rtmark.net	onmarshtompor.com www.au-education.xyz dozubatan.com
4	1.bp.blogspot.com	www.au-education.xyz
3	adhitzads.com	www.gab.ag
3	fonts.googleapis.com	www.gab.ag
3	smurfgo.com	ad2bitcoin.com
3	propeller-tracking.com	interst12.com propeller-tracking.com
3	dozubatan.com	iclickcdn.com dozubatan.com
2	p3.adhitzads.com	adhitzads.com
2	ad.gab.ag	ad2bitcoin.com
2	www.adthurst.com	ad2bitcoin.com
2	get.cryptobrowser.site	1 redirects ad2bitcoin.com
2	onmarshtompor.com	iclickcdn.com
2	adalso.com	www.au-education.xyz ad2bitcoin.com
2	ad2bitcoin.com	www.au-education.xyz ad2bitcoin.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	sb.scorecardresearch.com	1 redirects www.au-education.xyz
2	pl16633601.effectivecpmgate.com	www.au-education.xyz
2	pagead2.googlesyndication.com	www.au-education.xyz pagead2.googlesyndication.com
2	cdn.onesignal.com	www.au-education.xyz cdn.onesignal.com
2	www.au-education.xyz	www.au-education.xyz
1	ssl.google-analytics.com	www.gab.ag
1	adserver.reklamstore.com	www.gab.ag
1	arc.io	www.gab.ag
1	stackpath.bootstrapcdn.com	www.gab.ag
1	cdn.jsdelivr.net	www.gab.ag
1	www.google-analytics.com	cdn.ampproject.org
1	tiggercoin.com	ad2bitcoin.com
1	donaldco.in	ad2bitcoin.com
1	bandirun.com	ad2bitcoin.com
1	i.ibb.co	ad2bitcoin.com
1	bedrapiona.com	iclickcdn.com
1	iclickcdn.com	www.au-education.xyz
1	blogger.googleusercontent.com	www.au-education.xyz
1	adservice.google.com	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	2.bp.blogspot.com	www.au-education.xyz
1	onesignal.com	cdn.onesignal.com
1	maxcdn.bootstrapcdn.com	www.au-education.xyz
1	www.effectivedisplayformat.com	www.au-education.xyz
1	www.scarlet-clicks.info	www.au-education.xyz
1	pl16633608.effectivecpmgate.com	www.au-education.xyz
1	ads.vidoomy.com	www.au-education.xyz
0	core.arc.io Failed	arc.io
0	static.arc.io Failed	arc.io
0	mellowads.com Failed	www.gab.ag
0	s4is.histats.com Failed	www.gab.ag
0	pixel.vidoomy.com Failed	www.au-education.xyz
161	57

This site contains links to these domains. Also see Links.

Domain
www.au-blog.xyz
www.scarlet-clicks.info
paktechbeta.blogspot.com
web.facebook.com

Subject Issuer	Validity	Valid
www.au-education.xyz GTS CA 1D4	`2021-10-09` - `2022-01-07`	3 months	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-06` - `2022-09-05`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
effectivecpmgate.com R3	`2021-08-25` - `2021-11-23`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
effectivedisplayformat.com R3	`2021-09-20` - `2021-12-19`	3 months	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.a-ads.com Sectigo ECC Domain Validation Secure Server CA	`2020-12-02` - `2022-01-02`	a year	crt.sh
ad2bitcoin.com cPanel, Inc. Certification Authority	`2021-08-18` - `2021-11-16`	3 months	crt.sh
adalso.com cPanel, Inc. Certification Authority	`2021-09-02` - `2021-12-01`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
bedrapiona.com R3	`2021-10-02` - `2021-12-31`	3 months	crt.sh
dozubatan.com R3	`2021-10-09` - `2022-01-07`	3 months	crt.sh
pseepsie.com R3	`2021-08-16` - `2021-11-14`	3 months	crt.sh
toglooman.com R3	`2021-09-07` - `2021-12-06`	3 months	crt.sh
onmarshtompor.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-03` - `2022-11-03`	a year	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-11-26`	a year	crt.sh
ibb.co R3	`2021-10-06` - `2022-01-04`	3 months	crt.sh
interst12.com R3	`2021-07-26` - `2021-10-24`	3 months	crt.sh
propeller-tracking.com Sectigo RSA Domain Validation Secure Server CA	`2020-10-05` - `2021-11-05`	a year	crt.sh
bandirun.com cPanel, Inc. Certification Authority	`2021-08-19` - `2021-11-17`	3 months	crt.sh
donaldco.in cPanel, Inc. Certification Authority	`2021-07-28` - `2021-10-26`	3 months	crt.sh
tiggercoin.com cPanel, Inc. Certification Authority	`2021-08-19` - `2021-11-17`	3 months	crt.sh
smurfgo.com cPanel, Inc. Certification Authority	`2021-08-19` - `2021-11-17`	3 months	crt.sh
gab.ag Cloudflare Inc ECC CA-3	`2021-06-08` - `2022-06-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
arc.io Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
adserver2.reklamstore.com Amazon	`2021-05-20` - `2022-06-18`	a year	crt.sh

This page contains 36 frames:

Primary Page: https://www.au-education.xyz/login.php
Frame ID: DF50AC6ACCE4A0CEA58D5A6FB8854CD3
Requests: 57 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20211006/r20190131/zrt_lookup.html
Frame ID: 055C4085D3D0C3FF226C1776F7A6BCC1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1055251694677333&output=html&adk=1812271804&adf=3025194257&lmt=1633913706&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633913706801&bpp=2&bdt=468&idt=94&shv=r20211006&mjsv=m202110040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5007398313446&frm=20&pv=2&ga_vid=1218772332.1633913707&ga_sid=1633913707&ga_hid=2088379369&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060047&oid=2&pvsid=910932120229394&pem=756&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=108
Frame ID: C6E6C3945E7D4AF9AEDE225E9B5A3CE5
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/1787798?size=468x60
Frame ID: 4CC134CBB1129C6D5476934CED082B98
Requests: 2 HTTP requests in this frame

Frame: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Frame ID: 98A108263AF0E13C117EE58B7169070B
Requests: 5 HTTP requests in this frame

Frame: https://adalso.com/ad/pbnr2.php?ref=17290
Frame ID: B7BE0090A90C43BE530E64B19B2C25AC
Requests: 1 HTTP requests in this frame

Frame: https://onmarshtompor.com/fac.php?OAID=946be6b73f164597bd0772c846991f65&oaidts=1633913707
Frame ID: 43DFCBE09B1A25DE44B13BFF2169611B
Requests: 2 HTTP requests in this frame

Frame: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Frame ID: 7D974941A7E9320BB6DD361A5A2BDBDC
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/433955?size=468x60
Frame ID: 6223CE31055FFB4CEA8585676B814949
Requests: 3 HTTP requests in this frame

Frame: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Frame ID: 0CF75D606AAEEF079EB7F1383D567A49
Requests: 12 HTTP requests in this frame

Frame: https://bandirun.com/templates/ad.php
Frame ID: 12B39886042C1E9B0C0E3D6106892547
Requests: 1 HTTP requests in this frame

Frame: https://donaldco.in/templates/ad.php
Frame ID: CCEF7F1608BFD6988AF0C0F3FDAB7FF0
Requests: 1 HTTP requests in this frame

Frame: https://tiggercoin.com/aads.php
Frame ID: CDFDB9B2DE2384B2B87FF4204EE624DB
Requests: 1 HTTP requests in this frame

Frame: https://smurfgo.com/game.php
Frame ID: A2BED47BD8281E754706D546BDBABC1F
Requests: 1 HTTP requests in this frame

Frame: https://smurfgo.com/game.php
Frame ID: 563AB67726B190B3D413DAB387B164B7
Requests: 1 HTTP requests in this frame

Frame: https://www.gab.ag/index.php?view=register
Frame ID: 0C0AD07E55C33ABBEE2078D4E3927A60
Requests: 42 HTTP requests in this frame

Frame: https://smurfgo.com/game.php
Frame ID: 8F6B56843D9CA69A7819B8A9A0DCE661
Requests: 1 HTTP requests in this frame

Frame: https://www.gab.ag/index.php?view=register
Frame ID: 2B26A4654B7B545165666DC5EF8028F6
Requests: 2 HTTP requests in this frame

Frame: https://adalso.com/adz/aads468.php
Frame ID: A90CE2E98CCAECB27EC5A9DFFC884BE4
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/433955?size=468x60
Frame ID: FD33EB1EBFDF659ED341D7CDF3C9B20A
Requests: 3 HTTP requests in this frame

Frame: https://acceptable.a-ads.com/528706?size=200x200
Frame ID: DB7382483FE32568DBC72CB4AE30D063
Requests: 2 HTTP requests in this frame

Frame: https://acceptable.a-ads.com/907989?size=336x280
Frame ID: 5E39433F23EEBCBA682FB88DFE51A104
Requests: 3 HTTP requests in this frame

Frame: https://acceptable.a-ads.com/528706?size=200x200
Frame ID: 95B072BB7C3DFB9A8AEE4BDA047D1463
Requests: 2 HTTP requests in this frame

Frame: https://acceptable.a-ads.com/1690418?size=468x60
Frame ID: 37963B19B67250A395F1C1D0B6F2C864
Requests: 2 HTTP requests in this frame

Frame: https://ad.a-ads.com/1105819?size=728x90
Frame ID: 61C23899646D181F217253C5002F84C3
Requests: 3 HTTP requests in this frame

Frame: https://ad.a-ads.com/1110727?size=728x90
Frame ID: C8F647A3DE5BEA7191FA2D757BEC558C
Requests: 3 HTTP requests in this frame

Frame: https://mellowads.com/view/A860A4556C60
Frame ID: BE1E876A16856D3DD996E9194F961DC5
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/860840?size=468x60
Frame ID: 966E1B1335C41AF024B869FA7C79A2D2
Requests: 3 HTTP requests in this frame

Frame: https://mellowads.com/view/B8AE533AA3BB
Frame ID: 503D1BA1080C03EA5088703986FE8592
Requests: 1 HTTP requests in this frame

Frame: https://core.arc.io/broker.html?4c137d4
Frame ID: 28AEFAD07FDF1A53478AF7D6DD8CDDFB
Requests: 1 HTTP requests in this frame

Frame: https://mellowads.com/view/B8AE533AA3BB
Frame ID: DFC5BF70251980B356F31DFBE83C53BA
Requests: 1 HTTP requests in this frame

Frame: https://mellowads.com/view/A860A4556C60
Frame ID: 997AA11A09C98A3725FD888A15866FE7
Requests: 1 HTTP requests in this frame

Frame: https://mellowads.com/view/A860A4556C60
Frame ID: 013D20887E1095068B999F5F849B17A9
Requests: 1 HTTP requests in this frame

Frame: https://mellowads.com/view/A860A4556C60
Frame ID: 1D109AFBD81D5BF611563D3DCCB120AE
Requests: 1 HTTP requests in this frame

Frame: https://ad.a-ads.com/1410164?size=728x90
Frame ID: 84E88860F14784D8E0708A1D02EAA3D8
Requests: 1 HTTP requests in this frame

Frame: https://mellowads.com/view/9670CF766F96
Frame ID: F159A07B8B96C27B4817B84739FB9113
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404: Page Not Found | Au-education

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Lightbox (JavaScript Libraries) Expand

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

161
Requests

92 %
HTTPS

0 %
IPv6

45
Domains

57
Subdomains

39
IPs

6
Countries

3993 kB
Transfer

6381 kB
Size

17
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.au-blog.xyz/
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.scarlet-clicks.info/?ref=attaulrehman

Search URL Search Domain Scan URL

URL: https://paktechbeta.blogspot.com/
Title: Paktechbeta

Search URL Search Domain Scan URL

URL: https://web.facebook.com/au.rehman.923/
Title: Atta ul rehman

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://sb.scorecardresearch.com/p?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=52297&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1633913706 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=52297&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1633913706

Request Chain 51

https://get.cryptobrowser.site/pb/4/17938813/?t=pro%20style=width:%20300px%20height:%20250px%20frameborder=no&gt/iframe&gt HTTP 302
https://get.cryptobrowser.site/pb/4/17938813/?t=pro+style%3Dwidth%3A+300px+height%3A+250px+frameborder%3Dno&gt%2Fiframe=&gt=&l=de

161 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request login.php Show response
www.au-education.xyz/ 43 KB
12 KB 767ms
719ms Document
text/html 142.250.186.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f19.1e100.net

Software

GSE /

Resource Hash

94d89a6867a9b2b9f404f1347ecc94ee3817975acce43e39919317cc331c64ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.au-education.xyz
:scheme: https
:path: /login.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 12250
server: GSE

GET
H/1.1 200
OK au-educationxyz_17681.js Show response
ads.vidoomy.com/ 3 KB
4 KB 357ms
115ms Script
application/javascript 3.129.250.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.vidoomy.com/au-educationxyz_17681.js
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.129.250.65 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-250-65.us-east-2.compute.amazonaws.com
Software: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33 / PHP/7.0.33
Resource Hash: 2b5df8b341740add635fa41b6c2fc6ca778dd48e72bb8be848da98abd16b6e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 11 Oct 2021 00:55:06 GMT
Server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=300
Content-Length: 3480

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 44ms
18ms Script
application/javascript 104.18.225.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.225.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e72afcd1a38e3ab0bb322104a9238e75dda48df9c455e5471bbaaece5207d83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2281
etag: W/"cf0cbe7aadaadd0a12673a93ac7780e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 69c41ef8edda5364-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 14 Oct 2021 00:55:06 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
51 KB 61ms
33ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

7c3918ed61f3a256e2f2f02ef82ac2077b5dd878005586f8fb0ebcc147699738

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51243
x-xss-protection: 0
server: cafe
etag: 15960329958866337538
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Oct 2021 00:55:06 GMT

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 270 KB
71 KB 57ms
15ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

db02aedeb08fe64136e1380293224bd9d7c1a330b75ae2823251f7636cd6bc4f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71028
x-xss-protection: 0
server: sffe
date: Mon, 11 Oct 2021 00:55:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "c1239395e803e742"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 11 Oct 2021 00:55:06 GMT

GET
H2 200 amp-form-0.1.js Show response
cdn.ampproject.org/v0/ 45 KB
14 KB 66ms
24ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-form-0.1.js

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

9802d14f0ef67628d6f3471209d615b533909cc193e48a4bb12dfb4614be794d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14306
x-xss-protection: 0
server: sffe
date: Mon, 11 Oct 2021 00:55:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "86f9c85cec52892b"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 11 Oct 2021 00:55:06 GMT

GET
H2 200 amp-iframe-0.1.js Show response
cdn.ampproject.org/v0/ 23 KB
8 KB 69ms
27ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-iframe-0.1.js

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

f89e31fffc0258bb7b05dad19cbdb0f3710d2c97f6948afb3ec27b33955e5f68

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8389
x-xss-protection: 0
server: sffe
date: Mon, 11 Oct 2021 00:55:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "57f5f8de20f96dcd"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 11 Oct 2021 00:55:06 GMT

GET
H2 200 amp-social-share-0.1.js Show response
cdn.ampproject.org/v0/ 15 KB
5 KB 67ms
26ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-social-share-0.1.js

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

a5ffa4aa900695db6b3f8e3d53c6d12833ddb3cdc424763d88878cbf90f2e8d0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5453
x-xss-protection: 0
server: sffe
date: Mon, 11 Oct 2021 00:55:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "1dd0e6e807240586"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 11 Oct 2021 00:55:06 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 100 KB
30 KB 69ms
28ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

abdae8aa8f4613eafbee6e7f74c5f8c2165dcae619b0a87a365144b3665dfcaa

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30790
x-xss-protection: 0
server: sffe
date: Mon, 11 Oct 2021 00:55:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "c1912e8f3df09950"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 11 Oct 2021 00:55:06 GMT

GET
H2 403 invoke.js
pl16633608.effectivecpmgate.com/bc9ad15dda476eed8f62c3e70266a2c8/ 0
0 136ms
98ms Script
application/javascript 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pl16633608.effectivecpmgate.com/bc9ad15dda476eed8f62c3e70266a2c8/invoke.js
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.9 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Oct 2021 00:55:06 GMT
server: nginx/1.17.9
content-type: application/javascript
content-length: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 banner1.png
www.scarlet-clicks.info/banners/ 91 KB
92 KB 55ms
17ms Image
image/png 104.21.80.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scarlet-clicks.info/banners/banner1.png
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.80.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65340314569927c5d8da0366b2f500f643e3b9a19b9ab9ebf7bd26206414953f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
cf-cache-status: HIT
last-modified: Tue, 22 Nov 2016 12:32:16 GMT
server: cloudflare
age: 2192
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Mo9ijnQX2Uum%2BAAVa0w4Ksh05hep0gPUCrQPBpXTAzDnct8Z4nTpfjIq%2BJMsF3Z%2BA9JbWmhrcmhfxvtLutyDKFxGhHuX6RQ1qKNlR85VrOqdDPUKiX3sRnaMp1f2VvMvf0L7iMyuwVt0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69c41efb4b104126-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 93479

GET
H2 403 49dc4fc51504f6415c7e3814d6d8926d.js
pl16633601.effectivecpmgate.com/49/dc/4f/ 0
0 435ms
116ms Script
application/javascript 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pl16633601.effectivecpmgate.com/49/dc/4f/49dc4fc51504f6415c7e3814d6d8926d.js
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.9 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Oct 2021 00:55:06 GMT
server: nginx/1.17.9
content-type: application/javascript
content-length: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET reg.cgi
pixel.vidoomy.com/ 0
0

GET
H2

200

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=52297&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&...
https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=52297&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va...

64 B
329 B

9ms
8ms

Image
image/gif

13.32.121.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=52297&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1633913706
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-17.fra60.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
via: 1.1 c60125e7f3465aceafb0abd071a41a36.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: lgtOjZu11PjfQxdp5TN22YjgJAB1KKBVyPXXR4F4cnoAtUSK27khlg==

Redirect headers

date: Mon, 11 Oct 2021 00:55:06 GMT
via: 1.1 c60125e7f3465aceafb0abd071a41a36.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=34403499&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=52297&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=0&ns_st_pt=0&c3=vidoomynet&c4=&c6=&ns_ts=1633913706
content-length: 280
x-amz-cf-id: _AgIRudA3lpZ7aHOsrJ3NLXFDZobfstAXdk9fPSpM6ugbqdhGn0png==

GET
H2 200 cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/opensans/v14/ 14 KB
14 KB 33ms
11ms Font
font/woff2 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v14/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

0b5f1d872289143e9aab4ea1b8e1b6a9f36e1cc9b60227ddd6ef08830588efc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.au-education.xyz/
Origin: https://www.au-education.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 12:19:28 GMT
x-content-type-options: nosniff
age: 218138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13964
x-xss-protection: 0
last-modified: Wed, 14 Jun 2017 16:46:31 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 08 Oct 2022 12:19:28 GMT

GET
H2 200 EInbV5DfGHOiMmvb1Xr-hugdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/opensans/v14/ 14 KB
15 KB 29ms
8ms Font
font/woff2 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v14/EInbV5DfGHOiMmvb1Xr-hugdm0LZdjqr5-oayXSOefg.woff2

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

7380193fe2c6d29925884f7f4ea0184cca0364bb94f74fcf80a25cf28a2897ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.au-education.xyz/
Origin: https://www.au-education.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 05 Oct 2021 17:59:18 GMT
x-content-type-options: nosniff
age: 456948
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14696
x-xss-protection: 0
last-modified: Wed, 14 Jun 2017 16:46:00 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 05 Oct 2022 17:59:18 GMT

GET
H2 200 k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/opensans/v14/ 14 KB
14 KB 35ms
15ms Font
font/woff2 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg.woff2

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

233b124d917b9a53fb219b29af4a784486049b10134848ba993b885f9a4b1a5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.au-education.xyz/
Origin: https://www.au-education.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 13:23:37 GMT
x-content-type-options: nosniff
age: 387089
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14636
x-xss-protection: 0
last-modified: Wed, 14 Jun 2017 16:46:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 06 Oct 2022 13:23:37 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 18ms
17ms Script
application/javascript 104.18.225.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151508
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.225.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b63fe792eca92d7cb67c652ddc4e76692c7f7f0899316ada620039b6438b8961

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2301
etag: W/"fff10df2ca37ad0e879283b24dd072d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 69c41efb1f985364-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 14 Oct 2021 00:55:06 GMT

GET
H2 403 invoke.js
www.effectivedisplayformat.com/55bf6df81d4797fab837a9697a190111/ 0
0 313ms
114ms Script
application/javascript 192.243.59.13
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.effectivedisplayformat.com/55bf6df81d4797fab837a9697a190111/invoke.js
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

access-control-allow-origin: *
date: Mon, 11 Oct 2021 00:55:07 GMT
server: nginx/1.17.6
content-type: application/javascript
content-length: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 37ms
12ms Font
font/woff2 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.au-education.xyz/
Origin: https://www.au-education.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 718
age: 2044009
cdn-cachedat: 2021-08-02 20:43:32
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 527c274894899cd2eaf66d28f65498b8
accept-ranges: bytes
cf-ray: 69c41efb48022bd6-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 web Show response
onesignal.com/api/v1/sync/2e9f0406-553c-44b8-bdfc-013188229d49/ 5 KB
2 KB 28ms
18ms Script
text/javascript 104.18.225.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/2e9f0406-553c-44b8-bdfc-013188229d49/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151508

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.225.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

178ab8a4adb9fa71988038fea8fa398a970aebe7c734647b7cd6eebb927da889

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 350
cf-polished: origSize=5564
status: 200 OK
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 79c6c869-57f5-4262-af6f-eb1071c82725
x-runtime: 0.024822
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"11ce99c7313bb74a88a662ab6c489e23"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 69c41efb7fdb5364-FRA
access-control-allow-headers: SDK-Version
expires: Mon, 11 Oct 2021 01:55:06 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/ 257 KB
95 KB 58ms
43ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

19f362b8270f24033bb3822bc08eeee3f431c8e2ad0c2e33cbf83bfbc8f70dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97103
x-xss-protection: 0
server: cafe
etag: 1209692965872863621
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Oct 2021 00:55:06 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20211006/r20190131/ Frame 055C 10 KB
5 KB 30ms
6ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20211006/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e59f39fd9be6b3737942676248d273b23f94ab60f7b7e608230d6a107dccb7ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20211006/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.au-education.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 10 Oct 2021 17:14:18 GMT
expires: Sun, 24 Oct 2021 17:14:18 GMT
content-type: text/html; charset=UTF-8
etag: 10398570473303663775
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4601
x-xss-protection: 0
age: 27648
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 logo.png
2.bp.blogspot.com/-V1bkwqWVGV0/WaEqBG6WQEI/AAAAAAAAAek/mRc0UH9cK6IHn1uqU082x903fmn6qSLlQCLcBGAs/s1600/ 6 KB
6 KB 53ms
15ms Image
image/png 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2.bp.blogspot.com/-V1bkwqWVGV0/WaEqBG6WQEI/AAAAAAAAAek/mRc0UH9cK6IHn1uqU082x903fmn6qSLlQCLcBGAs/s1600/logo.png

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

fife /

Resource Hash

a4f3862f41cebe8a91c5f533ee278b63b523de1af4bd8ea830c6ff27515f2e15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 23:22:22 GMT
x-content-type-options: nosniff
age: 5564
content-disposition: inline;filename="logo.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5904
x-xss-protection: 0
server: fife
etag: "v1ea"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 09 Oct 2021 04:01:20 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012109272305001/v0/ 7 KB
3 KB 42ms
14ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109272305001/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

d7169397334d4a658dd9c1dd27a8fdac0d981d89c1bea30d6bdc5d88654c86d5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.au-education.xyz/
Origin: https://www.au-education.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 58572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2908
x-xss-protection: 0
server: sffe
date: Sun, 10 Oct 2021 08:38:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "59cb87fc8780911c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 10 Oct 2022 08:38:54 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012109272305001/v0/ 15 KB
4 KB 38ms
15ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109272305001/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

a93e35c968a1704afd997c891700547f0af51f807c7d09f1f16590cee18c04f3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.au-education.xyz/
Origin: https://www.au-education.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 455716
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3699
x-xss-protection: 0
server: sffe
date: Tue, 05 Oct 2021 18:19:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1216c13bb2f53e0f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 05 Oct 2022 18:19:50 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 206 B
270 B 16ms
15ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.au-education.xyz&callback=_gfp_s_&client=ca-pub-1055251694677333

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

45ebff2267b29415899e6eb1af5ea220c8f65971bfeac634207ed6071599dc15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 43ms
15ms Script
application/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.au-education.xyz

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C6E6 603 B
68 B 40ms
25ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1055251694677333&output=html&adk=1812271804&adf=3025194257&lmt=1633913706&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633913706801&bpp=2&bdt=468&idt=94&shv=r20211006&mjsv=m202110040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5007398313446&frm=20&pv=2&ga_vid=1218772332.1633913707&ga_sid=1633913707&ga_hid=2088379369&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060047&oid=2&pvsid=910932120229394&pem=756&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=108

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1055251694677333&output=html&adk=1812271804&adf=3025194257&lmt=1633913706&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1633913706801&bpp=2&bdt=468&idt=94&shv=r20211006&mjsv=m202110040101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5007398313446&frm=20&pv=2&ga_vid=1218772332.1633913707&ga_sid=1633913707&ga_hid=2088379369&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31060047&oid=2&pvsid=910932120229394&pem=756&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=108
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.au-education.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 11 Oct 2021 00:55:06 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 11-Oct-2021 01:10:06 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 11 Oct 2021 00:55:06 GMT
cache-control: private

GET
H/1.1 200
OK 1787798 Show response
ad.a-ads.com/ Frame 4CC1 6 KB
2 KB 56ms
24ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1787798?size=468x60

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

1e4396afc21ca51b7636a55470b279c49b39abfe9da4c0883a2d2dc8dd17c533

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.au-education.xyz/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:07 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://www.au-education.xyz/
Content-Encoding: gzip

GET
H/1.1 200
OK ad.php Show response
ad2bitcoin.com/ Frame 98A1 2 KB
2 KB 334ms
122ms Document
text/html 23.95.12.219
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.219 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-219-host.colocrossing.com
Software: Apache /
Resource Hash: 051553ff7babb168d5b46e4a1442337deccaefc1db5fd178af2a753800daac94

Request headers

Host: ad2bitcoin.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.au-education.xyz/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/

Response headers

Date: Mon, 11 Oct 2021 00:55:04 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK pbnr2.php Show response
adalso.com/ad/ Frame B7BE 382 B
498 B 348ms
128ms Document
text/html 23.95.12.218
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://adalso.com/ad/pbnr2.php?ref=17290
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.218 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-218-host.colocrossing.com
Software: Apache /
Resource Hash: 091856095b903c1595ff23b4f6f5fba011ea219f78cd1817424beeda5709f1a6

Request headers

Host: adalso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.au-education.xyz/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/

Response headers

Date: Mon, 11 Oct 2021 00:55:04 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 288
Connection: close
Content-Type: text/html; charset=UTF-8

GET
H2 403 49dc4fc51504f6415c7e3814d6d8926d.js
pl16633601.effectivecpmgate.com/49/dc/4f/ 0
0 95ms
95ms Script
application/javascript 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pl16633601.effectivecpmgate.com/49/dc/4f/49dc4fc51504f6415c7e3814d6d8926d.js
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.9 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Oct 2021 00:55:07 GMT
server: nginx/1.17.9
content-type: application/javascript
content-length: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H3 200 MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/opensans/v14/ 14 KB
14 KB 22ms
8ms Font
font/woff2 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v14/MTP_ySUJH_bn48VBG8sNSugdm0LZdjqr5-oayXSOefg.woff2

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

f02c0dbef87917bf667ab79728f4f49cc98225624fc6c5c5afe635bee1ef4843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.au-education.xyz/
Origin: https://www.au-education.xyz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 17:33:40 GMT
x-content-type-options: nosniff
age: 26487
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14468
x-xss-protection: 0
last-modified: Wed, 14 Jun 2017 16:46:36 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Oct 2022 17:33:40 GMT

GET
H2 200 what%2Bis%2Byoutube%2Btab.png
1.bp.blogspot.com/-1f_opQfXmBk/YSNABu4nrnI/AAAAAAAAANY/D84Pu1lDZJIizhKuakE30Ebp2cLEF5-lQCLcBGAsYHQ/w300/ 15 KB
15 KB 38ms
36ms Image
image/png 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-1f_opQfXmBk/YSNABu4nrnI/AAAAAAAAANY/D84Pu1lDZJIizhKuakE30Ebp2cLEF5-lQCLcBGAsYHQ/w300/what%2Bis%2Byoutube%2Btab.png

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

fife /

Resource Hash

aa3c176d03cb5d4e7a5d854d4f23056e1cdc12e65ba3b3bc05c78dec0fad02e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 21:43:50 GMT
x-content-type-options: nosniff
age: 11477
content-disposition: inline;filename="what is youtube tab.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15141
x-xss-protection: 0
server: fife
etag: "vd7"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 08 Oct 2021 21:27:59 GMT

GET
H2 200 AVvXsEg-oXW7kDh2QtBSyaDunSs-YHi9yptQsip-LJMILYhcfrvN1UZ_lskgRupwBd45GNw1yc4TqNv4Cjyf8KQS7Ci8m4ahBbRRxQYHDpaSqwe_I7-rg7vA6a75g96GeXlTBXKCPhI3uWe8LYbdfinWPVlqrVRNw3BJgGysssUMGi1yS2BAHOKGySckxMflEw=w300
blogger.googleusercontent.com/img/a/ 30 KB
30 KB 449ms
406ms Image
image/png 142.250.186.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/a/AVvXsEg-oXW7kDh2QtBSyaDunSs-YHi9yptQsip-LJMILYhcfrvN1UZ_lskgRupwBd45GNw1yc4TqNv4Cjyf8KQS7Ci8m4ahBbRRxQYHDpaSqwe_I7-rg7vA6a75g96GeXlTBXKCPhI3uWe8LYbdfinWPVlqrVRNw3BJgGysssUMGi1yS2BAHOKGySckxMflEw=w300

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f1.1e100.net

Software

fife /

Resource Hash

f8f2f28a6dbef1eec050759f337a3d3f2761a10fc1f67986871f75768389b75d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
x-content-type-options: nosniff
server: fife
etag: "v165"
vary: Origin
content-type: image/png
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="123.PNG"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30522
x-xss-protection: 0
expires: Tue, 12 Oct 2021 00:55:07 GMT

GET
H2 200 how%2Bto%2Bbuy%2Byt%2Btab.png
1.bp.blogspot.com/-2UA2Z3W9JuE/YSNStY29p1I/AAAAAAAAANw/IkAKBLXHu8Eka3ZCN3i2xVg8w7XtDoCEQCLcBGAsYHQ/w300/ 17 KB
17 KB 16ms
15ms Image
image/png 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-2UA2Z3W9JuE/YSNStY29p1I/AAAAAAAAANw/IkAKBLXHu8Eka3ZCN3i2xVg8w7XtDoCEQCLcBGAsYHQ/w300/how%2Bto%2Bbuy%2Byt%2Btab.png

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

fife /

Resource Hash

a3db7763b08392cd24c576026bd7d3e2585b34ea47558418317537e5327a4576

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 21:43:50 GMT
x-content-type-options: nosniff
age: 11477
content-disposition: inline;filename="how to buy yt tab.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17736
x-xss-protection: 0
server: fife
etag: "vdd"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 08 Oct 2021 21:27:59 GMT

GET
H2 200 Neon%2BGreen%2BPurple%2BBlack%2BModern%2BGrunge%2BCommentary%2BYouTube%2BThumbnail.png
1.bp.blogspot.com/-1sdO4yklYLY/YSw-Wi2ga-I/AAAAAAAAASY/f1-E1NRIHcgRGFBegsOQ7ZTyaus09wLtQCLcBGAsYHQ/w300/ 64 KB
64 KB 42ms
41ms Image
image/png 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-1sdO4yklYLY/YSw-Wi2ga-I/AAAAAAAAASY/f1-E1NRIHcgRGFBegsOQ7ZTyaus09wLtQCLcBGAsYHQ/w300/Neon%2BGreen%2BPurple%2BBlack%2BModern%2BGrunge%2BCommentary%2BYouTube%2BThumbnail.png

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

fife /

Resource Hash

a3c61cc2984ba70c42263a81388f0b947b3406e3e9426836534f32c8619aece3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 21:43:50 GMT
x-content-type-options: nosniff
age: 11477
content-disposition: inline;filename="Neon Green Purple Black Modern Grunge Commentary YouTube Thumbnail.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65163
x-xss-protection: 0
server: fife
etag: "v127"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 07 Oct 2021 14:19:13 GMT

GET
H2 200 Capture.PNG
1.bp.blogspot.com/-d4CjRO860eY/YS9rX06-McI/AAAAAAAAATE/Lz5Wuq4DlV0-yvC3qhoHbBObwh2VsLYjQCLcBGAsYHQ/w300/ 59 KB
59 KB 22ms
21ms Image
image/png 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-d4CjRO860eY/YS9rX06-McI/AAAAAAAAATE/Lz5Wuq4DlV0-yvC3qhoHbBObwh2VsLYjQCLcBGAsYHQ/w300/Capture.PNG

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

fife /

Resource Hash

f373dc6c8b5004decc99f957045dd710a9c00bba3c74f6f0f96676a5cc0468ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 21:43:50 GMT
x-content-type-options: nosniff
age: 11477
content-disposition: inline;filename="Capture.PNG"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60168
x-xss-protection: 0
server: fife
etag: "v132"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 08 Oct 2021 21:28:03 GMT

GET
DATA 200
OK truncated
/ Frame 4CC1 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 tag.min.js Show response
iclickcdn.com/ 62 KB
22 KB 65ms
22ms Script
text/javascript 104.26.13.118
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iclickcdn.com/tag.min.js
Requested by: Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.118 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0491492f45a37ae8dd753622b824da1849ced9dd28f2043557c8d6dc84ff689e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: *
age: 46572
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
x-trace-id: 60140f58f3fafe1cff2e7f97c1d356b9
pragma: no-cache
last-modified: Fri, 08 Oct 2021 13:55:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j1iGhEHhJ1TMGxqlXStXF3v1vkJRo3XofwZ13Z1%2BDs%2BeBGyMHqsFin%2F2oIVwIGlu8RriX26if026RaMLqjNEQ2LjmPi%2BSRkiC3lt%2FJncJwWfGZUZJvWNAlW7WOfTpuo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 69c41efe084627b4-PRG
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Mon, 11 Oct 2021 11:58:54 GMT

GET
H2 200 / Show response
bedrapiona.com/5/4514891/ 3 KB
3 KB 47ms
14ms XHR
application/json 139.45.197.234
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://bedrapiona.com/5/4514891/?oo=1&js_build=2
Requested by: Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 20267f0513001856356e603cfb7ac86e6417b2b2bc2488657dd2c01675cfb941

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: dbd8cf834926845833e35041dffc18ae
pragma: no-cache, no-cache
date: Mon, 11 Oct 2021 00:55:00 GMT
content-encoding: gzip
server: nginx
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://lukomol.com>; rel="preconnect dns-prefetch"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.au-education.xyz
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 4514888 Show response
dozubatan.com/400/ 85 KB
30 KB 60ms
26ms Script
application/javascript 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/400/4514888

Requested by

Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e79b140c856cb9e24e4087e4b7b2aa2a41dc2f2cdd6058d51eb926c8a31558de

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 343ec15ca5c838d5c506e6e6cce84bf4
pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 tag.min.js Show response
pseepsie.com/pfe/current/ 15 KB
6 KB 44ms
12ms Script
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/pfe/current/tag.min.js?z=4514890
Requested by: Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: bd1bc7dcc959a4c5aba56c4231e35363fd453df6d240f24e714df91ce1f5b2ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:06 GMT
content-encoding: gzip
last-modified: Thu, 07 Oct 2021 11:40:04 GMT
server: nginx
etag: W/"615edc94-3bfd"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 1 Show response
toglooman.com/ 6 KB
4 KB 47ms
13ms Script
text/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/1?z=4514889
Requested by: Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: db51076f1d8b3485efa61cc9eb700937cc52fae112ca5a27c037e8854e5f1420

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
x-sc: MTH0kyHXMKOYTsudU4EYhx1tQMCdtdUSmCGULCZBxu4tM35xr-SoDgrFQs4fNBYrP1zwETcDmGO9XNwT8ZPRaAVcW70=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fac.php Show response
onmarshtompor.com/ Frame 43DF 203 B
833 B 88ms
11ms Document
text/html 139.45.197.243
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://onmarshtompor.com/fac.php?OAID=946be6b73f164597bd0772c846991f65&oaidts=1633913707

Requested by

Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.243 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff3e70d999011811ca12f026ea2049b656892beeae7e81daac92048f822b35ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: onmarshtompor.com
:scheme: https
:path: /fac.php?OAID=946be6b73f164597bd0772c846991f65&oaidts=1633913707
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.au-education.xyz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/

Response headers

server: nginx
date: Mon, 11 Oct 2021 00:55:07 GMT
content-type: text/html; charset=utf8
content-length: 203
x-trace-id: 56a6f5f89a343722a7699b91f8c317bb
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: * *
set-cookie: OAID=946be6b73f164597bd0772c846991f65; expires=Tue, 11 Oct 2022 00:55:07 GMT; path=/; secure; SameSite=None oaidts=1633913707; expires=Tue, 11 Oct 2022 00:55:07 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff

GET
H2 200 zone Show response
pseepsie.com/ 667 B
957 B 14ms
13ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/zone?pub=0&zone_id=4514890&is_mobile=false&domain=www.au-education.xyz&var=&ymid=&var_3=

Requested by

Host: pseepsie.com
URL: https://pseepsie.com/pfe/current/tag.min.js?z=4514890

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

a34f2de5d7b500c94149f29b27ca6a82b2247383f58a2637ab9ad3f306525a7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 781b55a3ae0103f0265b11dc2a2b52a0
date: Mon, 11 Oct 2021 00:55:06 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 667

GET
H2 200 universal.min.js Show response
pseepsie.com/pfe/current/ 101 KB
37 KB 40ms
14ms Fetch
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/pfe/current/universal.min.js?v=3.1.327
Requested by: Host: pseepsie.com
URL: https://pseepsie.com/pfe/current/tag.min.js?z=4514890
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: bffdc928fdee3304215707f3ceb75e5c5f9e55336d0aad2cb1786b19fba67149

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
last-modified: Thu, 07 Oct 2021 11:40:12 GMT
server: nginx
etag: W/"615edc9c-195b8"
content-type: application/javascript
access-control-allow-origin: https://www.au-education.xyz
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 ba3293ba6ae4b70bc5619579a15e6eb1 Show response
toglooman.com/27/ 374 KB
123 KB 25ms
25ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://toglooman.com/27/ba3293ba6ae4b70bc5619579a15e6eb1

Requested by

Host: toglooman.com
URL: https://toglooman.com/1?z=4514889

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

6267e7327e1e979d47a466eb3d4f4877961d5c1a132b765de9e1aa2df871a685

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 09:36:49 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Tue, 04 Nov 2081 09:36:49 GMT

GET
H2 200 38 Show response
toglooman.com/42/ 0
495 B 83ms
83ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/42/38?z=4514889
Requested by: Host: toglooman.com
URL: https://toglooman.com/1?z=4514889
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 img.gif
my.rtmark.net/ Frame 43DF 43 B
492 B 44ms
11ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=946be6b73f164597bd0772c846991f65

Requested by

Host: onmarshtompor.com
URL: https://onmarshtompor.com/fac.php?OAID=946be6b73f164597bd0772c846991f65&oaidts=1633913707

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onmarshtompor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:00 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 myfav.png
i.ibb.co/2v3vkM7/ Frame 98A1 753 B
996 B 58ms
16ms Image
image/png 152.228.223.13
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/2v3vkM7/myfav.png
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 152.228.223.13 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3190386.ip-152-228-223.eu
Software: nginx /
Resource Hash: 54713b9d1724743939ad4bb89e456ad179df917f6aa831f4ff26788a8eccd0c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
last-modified: Tue, 21 Sep 2021 07:12:20 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 753
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

/
get.cryptobrowser.site/pb/4/17938813/ Frame 98A1
Redirect Chain

https://get.cryptobrowser.site/pb/4/17938813/?t=pro%20style=width:%20300px%20height:%20250px%20frameborder=no&gt/iframe&gt
https://get.cryptobrowser.site/pb/4/17938813/?t=pro+style%3Dwidth%3A+300px+height%3A+250px+frameborder%3Dno&gt%2Fiframe=&gt=&l=de

0
0

283ms
283ms

Image
text/html

104.26.6.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://get.cryptobrowser.site/pb/4/17938813/?t=pro+style%3Dwidth%3A+300px+height%3A+250px+frameborder%3Dno&gt%2Fiframe=&gt=&l=de
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.6.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

cf-ray: 69c41effb8d02794-PRG
date: Mon, 11 Oct 2021 00:55:07 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Cookie, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VsYc6wh5UVkuY0CI2mBEcKxBzwzizbu5OfOQagYV74XN%2FTuik0JEN84fkcaa7TsuzX4rBOzV3i6kI7H11MdljUfOOgeMLCqCy94xZkR%2FUTfLqLVOyuXrz1wZ8zZHaXVDHYUxi87U%2FaA%3D"}],"group":"cf-nel","max_age":604800}
content-language: de
location: ?t=pro+style%3Dwidth%3A+300px+height%3A+250px+frameborder%3Dno&gt%2Fiframe=&gt=&l=de
cache-control: max-age=3600, s-maxage=0
strict-transport-security: max-age=15768000
content-type: text/html; charset=utf-8

GET
H2 200 items.php Show response
www.adthurst.com/display/ Frame 98A1 0
0 336ms
293ms Script
text/html 104.21.79.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adthurst.com/display/items.php?232&111&300&250&1&0&0
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.79.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 items.php Show response
www.adthurst.com/display/ Frame 98A1 0
0 336ms
292ms Script
text/html 104.21.79.4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adthurst.com/display/items.php?195&111&728&90&1&0&0
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.79.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1 200
OK adqlt.php Show response
ad2bitcoin.com/ Frame 7D97 2 KB
2 KB 344ms
142ms Document
text/html 23.95.12.219
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.219 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-219-host.colocrossing.com
Software: Apache /
Resource Hash: 7d750c087a86d8396e4211fd3f6efe750d1f962be693e9045d540b78b6f897fe

Request headers

Host: ad2bitcoin.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300

Response headers

Date: Mon, 11 Oct 2021 00:55:05 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK 433955 Show response
ad.a-ads.com/ Frame 6223 6 KB
2 KB 26ms
25ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/433955?size=468x60

Requested by

Host: adalso.com
URL: https://adalso.com/ad/pbnr2.php?ref=17290

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

d513872c2565682a050bcda4978c78ee69921693d1de653a00ccdb7f763f4f89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://adalso.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adalso.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:07 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://adalso.com/
Content-Encoding: gzip

POST
H2 200 9 Show response
toglooman.com/ 6 KB
3 KB 26ms
26ms XHR
application/json 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=4514889&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=6&sah=1200&drf=&hil=1&ist=0
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/ba3293ba6ae4b70bc5619579a15e6eb1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 7330eb512c31cfbee5ba36ae8f5ea97f76ede9fc1b87b39b88ef40c4dcd99e2d

Request headers

Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json
access-control-allow-origin: https://www.au-education.xyz
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 204 9
toglooman.com/ Frame 0
0 36ms
11ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=4514889&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=6&sah=1200&drf=&hil=1&ist=0
Protocol: H2
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.au-education.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 11 Oct 2021 00:55:01 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
onmarshtompor.com/ 2 KB
2 KB 14ms
14ms Fetch
application/json 139.45.197.243
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://onmarshtompor.com/?rb=j8r69gV_w-sDSlFLK90nk7rD6UN4hoWT1lRtaN6u2FyhNiNZ02P5_rBcUXWJkFZd9hCYJtiWvaX1yOx-qHFQvzOG3b-Icj6kimZigTyGLOH5pCAhN3rbP3tF1k77KhrkpOmWBuxmY6sAEFrCP7uyHBj31dyXLVA8an8d2VhCg8NXhSjbG1nu-M7TemD2VUxPJ8VP162WKUPMvxIes0CSsHoo4BQW3nqqFguF76NtkQ8IlTbwOa7j2tLO2hX4Yx9PYx8RRiLY-OGOeU-99ypdZ1kTZWRLHNX2sFB5PeSYqUwW0rM9YNryB8pAIIvLZRg9j1iKN-ERqHT2fj-KePiGlg%3D%3D&zoneid=4514891&request_ab2=67001&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=5&pl=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=2&os=other&os_version=other&bs=949c6f54-ac48-44af-8603-c53fb7f4868f&m=link

Requested by

Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.243 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

55326dbc21bd96146cb04fb34a0cd5e03a3861755629dbafa5be09621f25a61b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.au-education.xyz
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK 468x60
static.a-ads.com/a-ads-banners/117620/ Frame 6223 156 KB
157 KB 61ms
23ms Image
image/gif 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/117620/468x60?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/433955?size=468x60
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.155.251.148.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d8b5a182bc67221d6aca1ae17ae45734e487e51959af519203bbc0b088b94062

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:07 GMT
Last-Modified: Sun, 19 Apr 2020 16:08:09 GMT
Server: nginx/1.18.0 (Ubuntu)
x-amz-request-id: 7EZ376GTFZAZQ10H
ETag: "d89cd17d5e22adfb5532615d116d84b8"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 160195
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: LKnGuoVSDoJ.bbTuKu8XrVLG1BNZQuT4
x-amz-id-2: QbrBXmBv2znSSc/73Ug1P+4Z2dSLwtFbuOH+PCfTNfuhuskGmX4B3w64873wntyJrodXD9vHuRs=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 6223 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 200 custom
pseepsie.com/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/custom
Protocol: H2
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.au-education.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 11 Oct 2021 00:55:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400

POST
H2 200 custom Show response
pseepsie.com/ 39 B
329 B 12ms
12ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/custom

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 0ced296e92e9298c4590136536ce1b95
date: Mon, 11 Oct 2021 00:55:06 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 404 sw.js
www.au-education.xyz/ 43 KB
0 211ms
211ms Fetch
text/html 142.250.186.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.au-education.xyz/sw.js

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f19.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /sw.js
pragma: no-cache
cookie: __gads=ID=745de5de8ffbfa27-22251608f0ca0007:T=1633913706:RT=1633913706:S=ALNI_MYtc5T_mQwn-Ia_k8a81Qp3wQiUew; prefetchAd_4514891=true
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: www.au-education.xyz
referer: https://www.au-education.xyz/login.php
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 12246
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 12ms
12ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=be48db62df3146e3a48499eed707313a

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:01 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 11 Show response
toglooman.com/ 0
526 B 14ms
14ms XHR
image/jpeg 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/11?rnd=3276282463&z=4514889&b=5362695&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=AGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw==&ruid=3bfa7cba-0c7e-4d02-a974-7e2157b18485&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=6&sah=1200&drf=&hil=1&ist=0&ot=65
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/ba3293ba6ae4b70bc5619579a15e6eb1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/jpeg
access-control-allow-origin: https://www.au-education.xyz
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK Cookie set / Show response
interst12.com/ Frame 0CF7 20 KB
6 KB 145ms
96ms Document
text/html 188.72.201.86
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/ba3293ba6ae4b70bc5619579a15e6eb1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.201.86 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx / PHP/7.4.24
Resource Hash: f6fb1bc5d7770ad08063e186762a7e85d86f7aa4396fd9a4606f60b37f3dfc8c

Request headers

Host: interst12.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.au-education.xyz/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/

Response headers

Server: nginx
Date: Mon, 11 Oct 2021 00:55:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.24
Set-Cookie: reverse=0BvVh2W_NW0hh4LrlNuFqhlh-I5vcJ3hLqPUQ-oq4dk; expires=Mon, 11-Oct-2021 01:55:07 GMT; Max-Age=3600; path=/
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Encoding: gzip

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
548 B 12ms
12ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4514888

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b5c448144abebd143fcc0fbae2a041e795c38962ef504f44aa8462ec492fdcf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:01 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.au-education.xyz
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

OPTIONS
H2 200 4514888
dozubatan.com/500/ Frame 0
0 38ms
12ms Preflight 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/500/4514888?excludes=&oaid=946be6b73f164597bd0772c846991f65&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=7&pl=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

Protocol

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://www.au-education.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 11 Oct 2021 00:55:01 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
access-control-allow-origin: https://www.au-education.xyz
access-control-max-age: 300
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 200 4514888 Show response
dozubatan.com/500/ 4 KB
2 KB 104ms
103ms XHR
application/javascript 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4514888

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

841ad11917ce2897034a3f74ef8cb051039717f6084cc79f0acffe826e84b1a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 705f54f5e54103da203df70ddd549b32
pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://www.au-education.xyz
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 fv.js Show response
propeller-tracking.com/ Frame 0CF7 5 KB
3 KB 44ms
12ms Script
text/javascript 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/fv.js?t=72747&cb=1138123044

Requested by

Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: 1891b6ce19409f49866eb6894b445392
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 style.css
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/ Frame 0CF7 12 KB
3 KB 43ms
18ms Stylesheet
text/css 104.22.25.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/style.css?v=1518177503492
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.25.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12ec824a66b6ad652e1cf0952853b6ba3053dd76a84bbcf4bdb3c055e411c78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: br
cf-cache-status: HIT
age: 5396
last-modified: Thu, 12 Aug 2021 11:38:21 GMT
server: cloudflare
etag: W/"6115082d-30c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-ray: 69c41f015ab4d711-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 audible.png
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/ Frame 0CF7 3 KB
3 KB 15ms
15ms Image
image/png 104.22.25.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.25.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 871975b8040629c7b43de81b1a0878f40991ec2f49caddd6441b5d1f8322aeed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
cf-cache-status: HIT
age: 5388
content-length: 3429
last-modified: Thu, 12 Aug 2021 11:38:21 GMT
server: cloudflare
etag: "6115082d-d65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69c41f017ac6d711-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H/1.1 200
OK 0100657458245.jpeg
interst12.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/ Frame 0CF7 52 KB
53 KB 25ms
24ms Image
image/jpeg 188.72.201.86
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interst12.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/0100657458245.jpeg
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.201.86 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: be88718a0eb175ebc4385600fe4168853a2ba705d814d2f9887ca7aa8cbd9238

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:07 GMT
Last-Modified: Thu, 31 Jan 2019 11:14:34 GMT
Server: nginx
ETag: "5c52d89a-d0e0"
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 53472

GET
H/1.1 200
OK 0933414948049.jpeg
interst12.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/ Frame 0CF7 14 KB
15 KB 49ms
24ms Image
image/jpeg 188.72.201.86
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interst12.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/0933414948049.jpeg
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.201.86 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: f710c2b11df9cadcb3a6d25a9dc8306172c04ff1d2fa8d96d4019d70833f695d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:07 GMT
Last-Modified: Mon, 26 Mar 2018 13:01:51 GMT
Server: nginx
ETag: "5ab8ef3f-393b"
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 14651

GET
H/1.1 200
OK 0350025199145.jpeg
interst12.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/ Frame 0CF7 35 KB
35 KB 50ms
24ms Image
image/jpeg 188.72.201.86
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interst12.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/0350025199145.jpeg
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.201.86 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: 01a91cef52f9849703fb84a945f9fb51b9debf7ac36730043d097c3865550e8c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:07 GMT
Last-Modified: Tue, 17 Jul 2018 10:46:08 GMT
Server: nginx
ETag: "5b4dc8f0-8b17"
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 35607

GET
H/1.1 200
OK 01289039865190.jpeg
interst12.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/ Frame 0CF7 49 KB
50 KB 49ms
24ms Image
image/jpeg 188.72.201.86
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interst12.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/01289039865190.jpeg
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 188.72.201.86 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx /
Resource Hash: 89d93e12a15f6a5d57b5f8aca8bd1e6984dc4c8c5dec7840a8c8e8c8274c1568

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:07 GMT
Last-Modified: Thu, 31 Jan 2019 11:14:34 GMT
Server: nginx
ETag: "5c52d89a-c502"
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length: 50434

GET
H2 200 player.png
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/ Frame 0CF7 28 KB
28 KB 14ms
13ms Image
image/png 104.22.25.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.25.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1eb8cf889202f439bb6bd1a03049b2e71953c7c0a5aadddde498cbea9bcadac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
cf-cache-status: HIT
age: 5388
content-length: 28527
last-modified: Thu, 12 Aug 2021 11:38:21 GMT
server: cloudflare
etag: "6115082d-6f6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69c41f017acad711-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 script.js Show response
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/ Frame 0CF7 1 KB
562 B 14ms
14ms Script
application/javascript 104.22.25.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494
Requested by: Host: interst12.com
URL: https://interst12.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftoglooman.com%2F12%3Frnd%3D2818475942%26z%3D4514889%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fdeshaici.net%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DAGUhV1zB7pVB2J_RJzSf_DzYt7x9p6EdH9T3863IPNafNl283hOUD0mflKE3qdXUnzQf_FE3qF59sUPknTgDLoDbPXaq9cmrIiITlOnziZBEmvmUnKrU5VdL7M0LCX1HLzWf5Alkgzr77luH_Q2ET29FNe6CGW0sCHF-WOorHrwUwz6Ci_UDH5cP3EfGykLU3Fs1Z-MUTLVh0oipJyre6vEUKuoB4Ia7rM-Xi_2KRcRs2M_rK03MkOS3GAQgReLKvp8yiiZBnnpRrTdXE9gyLEmgpjUnPZf-u0-smw%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D3bfa7cba-0c7e-4d02-a974-7e2157b18485%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Fwww.au-education.xyz%252Flogin.php%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D6%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.25.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55c72f42fc6ee2c502a5f86fe215690719ce746f383ec8551af1f1fb66252b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
content-encoding: br
cf-cache-status: HIT
age: 5388
last-modified: Thu, 12 Aug 2021 11:38:21 GMT
server: cloudflare
etag: W/"6115082d-58b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=14400
cf-ray: 69c41f017ac5d711-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

OPTIONS
H2 200 custom
pseepsie.com/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/custom
Protocol: H2
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.au-education.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 11 Oct 2021 00:55:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400

POST
H2 200 custom Show response
pseepsie.com/ 39 B
329 B 13ms
13ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/custom

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 69c9d6db47d18a13a1fc4b30bb02ccd5
date: Mon, 11 Oct 2021 00:55:06 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
548 B 12ms
12ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=39c693d38f384f738dcdacd1700e80fc&zoneId=4514890&checkDuplicate=true&ymid=&var=

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

b5c448144abebd143fcc0fbae2a041e795c38962ef504f44aa8462ec492fdcf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:01 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.au-education.xyz
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 204 vctx Show response
propeller-tracking.com/ Frame 0CF7 0
490 B 52ms
52ms XHR
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vctx?t=72747

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=72747&cb=1138123044

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://interst12.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-trace-id: 4f310dedda873d1afdff5b9ce0f11362
pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://interst12.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK ad.php Show response
bandirun.com/templates/ Frame 12B3 122 B
335 B 403ms
130ms Document
text/html 104.168.58.149
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://bandirun.com/templates/ad.php
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.58.149 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-58-149-host.colocrossing.com
Software: Apache /
Resource Hash: 928c8202d524d3c97c7220021e5ed9c583030740f1a609af9707008c98b42463

Request headers

Host: bandirun.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Server: Apache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ad.php Show response
donaldco.in/templates/ Frame CCEF 197 B
489 B 396ms
131ms Document
text/html 104.168.58.149
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://donaldco.in/templates/ad.php
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.58.149 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-58-149-host.colocrossing.com
Software: Apache /
Resource Hash: 1dfaca30d1566485405e2821a569f99925141e5d93b3427ae40f42d3f0911705

Request headers

Host: donaldco.in
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Server: Apache
Cache-Control: max-age=172800
Expires: Wed, 13 Oct 2021 00:55:08 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 170
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK aads.php Show response
tiggercoin.com/ Frame CDFD 317 B
488 B 412ms
126ms Document
text/html 23.95.12.218
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://tiggercoin.com/aads.php
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.218 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-218-host.colocrossing.com
Software: Apache /
Resource Hash: 0c5e0d20cb8462c02110f58a28e2a26ca62049645c9cc701774497b4911e3e26

Request headers

Host: tiggercoin.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Date: Mon, 11 Oct 2021 00:55:05 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK game.php Show response
smurfgo.com/ Frame A2BE 333 B
542 B 348ms
133ms Document
text/html 104.168.58.149
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://smurfgo.com/game.php
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.58.149 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-58-149-host.colocrossing.com
Software: Apache /
Resource Hash: 8dd23154bca42448833bb9b7498a34bd3c3ff932747b85a8f08732bae23617db

Request headers

Host: smurfgo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Server: Apache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK game.php Show response
smurfgo.com/ Frame 563A 333 B
542 B 357ms
137ms Document
text/html 104.168.58.149
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://smurfgo.com/game.php
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.58.149 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-58-149-host.colocrossing.com
Software: Apache /
Resource Hash: 8dd23154bca42448833bb9b7498a34bd3c3ff932747b85a8f08732bae23617db

Request headers

Host: smurfgo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Server: Apache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 / Show response
ad.gab.ag/ Frame 0C0A 2 KB
709 B 165ms
128ms Document
text/html 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.gab.ag/
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e13589a0a7baf0b5dfa4f09662faf348b1b9d70c0f8d89adc25243fea19b626

Request headers

:method: GET
:authority: ad.gab.ag
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2bitcoin.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

date: Mon, 11 Oct 2021 00:55:07 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 06 Oct 2021 22:24:34 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=krvidYRvzPts06gp9yi6NrrRIXO%2BPcCX26CFwkM8EG7w5rFvzchQkdHUJqt2UlTAFJ93cJZp13AXMCF4bgn9ITvKbCho9y2DTNOQpEc5tZ6OR8N%2FFwzRJrkayQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69c41f01eb31410d-PRG
content-encoding: br

GET
H/1.1 200
OK game.php Show response
smurfgo.com/ Frame 8F6B 333 B
542 B 350ms
131ms Document
text/html 104.168.58.149
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://smurfgo.com/game.php
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.58.149 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-58-149-host.colocrossing.com
Software: Apache /
Resource Hash: 9ecd8680434d70230945dbb78df89bf158512dd727e3910ab2055e2e88063154

Request headers

Host: smurfgo.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Server: Apache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 / Show response
ad.gab.ag/ Frame 2B26 2 KB
497 B 2162ms
2127ms Document
text/html 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.gab.ag/
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e13589a0a7baf0b5dfa4f09662faf348b1b9d70c0f8d89adc25243fea19b626

Request headers

:method: GET
:authority: ad.gab.ag
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2bitcoin.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

date: Mon, 11 Oct 2021 00:55:09 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 06 Oct 2021 22:24:34 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HFv%2FOzgeC5FUG9M5y11OcK0EcnZa3bxDpyP1hDobw%2BwJa%2F5AjLBmYfeTadP6ghWVz72nR2ESXi1vJBrvpRO5aJDLoHdeoCqqCukdVNYl5roCqykhCVnYXnNuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69c41f01eb32410d-PRG
content-encoding: br

GET
H/1.1 200
OK aads468.php Show response
adalso.com/adz/ Frame A90C 315 B
451 B 335ms
125ms Document
text/html 23.95.12.218
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://adalso.com/adz/aads468.php
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=aueducation&keycode=4392
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.218 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-218-host.colocrossing.com
Software: Apache /
Resource Hash: 7eaf10613dbcd8daf35ea78dc12558a25efcb5326ba7ba6af9eb4fbdde334637

Request headers

Host: adalso.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Date: Mon, 11 Oct 2021 00:55:05 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 241
Connection: close
Content-Type: text/html; charset=UTF-8

POST
H2 204 vbl
propeller-tracking.com/ Frame 0CF7 0
490 B 12ms
12ms Ping
text/plain 139.45.197.240
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://propeller-tracking.com/vbl?t=72747&bid=undefined&aid=undefined

Requested by

Host: propeller-tracking.com
URL: https://propeller-tracking.com/fv.js?t=72747&cb=1138123044

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.240 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://interst12.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-trace-id: 05fcb3fca5ac6d4e8573189855b13a93
pragma: no-cache
date: Mon, 11 Oct 2021 00:55:07 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://interst12.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 index.php Show response
www.gab.ag/ Frame 0C0A 18 KB
3 KB 4057ms
4048ms Document
text/html 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/index.php?view=register
Requested by: Host: ad.gab.ag
URL: https://ad.gab.ag/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 974e0c1f684ae1d7f594a71fc8bdbb6564246c85b6cd35f16e8127f79c24ec3c

Request headers

:method: GET
:authority: www.gab.ag
:scheme: https
:path: /index.php?view=register
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.gab.ag/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad.gab.ag/

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-type: text/html; charset=UTF-8
set-cookie: evo_session=imt46ff9jdvie83qp7d1j7f80bge4l0i; expires=Mon, 11-Oct-2021 02:55:11 GMT; Max-Age=7200; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtukI5TmcCnoifpnKmd%2FIvKIEwpX6QR2BOXihHDsL5aXzOWrOaYMNj%2FgmUUm9VIcQ2yA1YDGb5lDRhjzijia3%2F57YFE4Wp3N2doIKDi%2BNL0oIbSd9b%2BKSkgjnj0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 69c41f02db6e410d-PRG
content-encoding: br

GET
H3 200 googleanalytics.json Show response
cdn.ampproject.org/rtv/012109272305001/v0/analytics-vendors/ 2 KB
812 B 14ms
13ms Fetch
application/json 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109272305001/v0/analytics-vendors/googleanalytics.json

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

8065f98a0c313ee69495c3c529c6d093e08c980c4419bdf2c9c7318925056ead

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 58573
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 782
x-xss-protection: 0
server: sffe
date: Sun, 10 Oct 2021 08:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: application/json
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "863c767bda2a1591"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 10 Oct 2022 08:38:55 GMT

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/ 20 KB
7 KB 57ms
24ms Script
text/javascript 172.217.18.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/amp4ads-host-v0.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202110040101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f97.1e100.net

Software

sffe /

Resource Hash

ffc55f9774cf25506fcd84f62e1aa3eeda6d69001142cb44d28750b643447f6c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.au-education.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7335
x-xss-protection: 0
server: sffe
date: Mon, 11 Oct 2021 00:55:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=3000, stale-while-revalidate=1206600
etag: "57bf2293fa78e300"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 11 Oct 2021 00:55:08 GMT

POST
H2 200 collect
www.google-analytics.com/r/ 35 B
465 B 57ms
20ms Ping
image/gif 142.250.186.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=a1&ds=AMP&aip&_s=1&dt=404%3A%20Page%20Not%20Found%20%7C%20Au-education&sr=1600x1200&_utmht=1633913708115&cid=amp-XWdh4I4-fkZRt1yu44JQ4A&tid=UA-XXXXX-1&dl=https%3A%2F%2Fwww.au-education.xyz%2Flogin.php&dr=&sd=24&ul=en-us&de=UTF-8&t=pageview&jid=0.5964752064982579&_r=1&a=4757&z=0.8878803804265305

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.174 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 11 Oct 2021 00:55:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://www.au-education.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 433955 Show response
ad.a-ads.com/ Frame FD33 6 KB
2 KB 24ms
24ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/433955?size=468x60

Requested by

Host: adalso.com
URL: https://adalso.com/adz/aads468.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

f2521c69cc05581c61955f96dc2fab6d24db0747c3c24912584a742d61835ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://adalso.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adalso.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:08 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://adalso.com/
Content-Encoding: gzip

GET
H/1.1 200
OK 528706 Show response
acceptable.a-ads.com/ Frame DB73 23 KB
5 KB 71ms
30ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://acceptable.a-ads.com/528706?size=200x200

Requested by

Host: smurfgo.com
URL: https://smurfgo.com/game.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

d689f82085ce6ddcc0e7bfc1bec691728d5acfcbf32d083de362922ecc802227

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: acceptable.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://smurfgo.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://smurfgo.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:08 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://smurfgo.com/
Content-Encoding: gzip

GET
H/1.1 200
OK 907989 Show response
acceptable.a-ads.com/ Frame 5E39 23 KB
5 KB 72ms
33ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://acceptable.a-ads.com/907989?size=336x280

Requested by

Host: smurfgo.com
URL: https://smurfgo.com/game.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

edcc9575094e3064f2f71db2d1512f4ea0aad231173c1455e9a125fc85ef97dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: acceptable.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://smurfgo.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://smurfgo.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:08 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://smurfgo.com/
Content-Encoding: gzip

GET
H/1.1 200
OK 528706 Show response
acceptable.a-ads.com/ Frame 95B0 23 KB
5 KB 68ms
31ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://acceptable.a-ads.com/528706?size=200x200

Requested by

Host: smurfgo.com
URL: https://smurfgo.com/game.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

d689f82085ce6ddcc0e7bfc1bec691728d5acfcbf32d083de362922ecc802227

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: acceptable.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://smurfgo.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://smurfgo.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:08 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://smurfgo.com/
Content-Encoding: gzip

OPTIONS
H2 200 event
pseepsie.com/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/event
Protocol: H2
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.au-education.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Mon, 11 Oct 2021 00:55:08 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400

POST
H2 200 event Show response
pseepsie.com/ 94 B
384 B 13ms
13ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/event

Requested by

Host: www.au-education.xyz
URL: https://www.au-education.xyz/login.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d224433df14f81e032432a5d9afc0a5af694f292e19013a0068d8898f61add3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.au-education.xyz/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: eee9c8a27112f058cc838f2982897e7b
date: Mon, 11 Oct 2021 00:55:07 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.au-education.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 94

GET
H/1.1 200
OK 468x60
static.a-ads.com/a-ads-banners/104029/ Frame FD33 615 KB
615 KB 11ms
10ms Image
image/gif 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/104029/468x60?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/433955?size=468x60
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.155.251.148.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 607afef00fd5897e2ecbda82aa560057f1b9c6e5f97f613468b048903079890f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Last-Modified: Sun, 29 Dec 2019 17:09:04 GMT
Server: nginx/1.18.0 (Ubuntu)
x-amz-request-id: WX9XGPEE4997E96Q
ETag: "365a46b73920464356581df598644a81"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 629554
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: n7DE0Ih2SX67KfJXQVo9P6D5u9ksDvm.
x-amz-id-2: GD4dwt+BPtHoe5nQ2YRBEwmw5uW66ftiync7/TvgssFV3BQE2tErlGkAvUjOhve3oEsMISrQ2Os=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 1690418 Show response
acceptable.a-ads.com/ Frame 3796 22 KB
5 KB 45ms
28ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://acceptable.a-ads.com/1690418?size=468x60

Requested by

Host: donaldco.in
URL: https://donaldco.in/templates/ad.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

8d4b5a64b25bd09fa8e205cf7d0ad81f9c543c3f7e685f0bfee1d9a9b4dcca81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: acceptable.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://donaldco.in/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://donaldco.in/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:08 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://donaldco.in/
Content-Encoding: gzip

GET
H/1.1 200
OK 1105819 Show response
ad.a-ads.com/ Frame 61C2 6 KB
2 KB 24ms
23ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1105819?size=728x90

Requested by

Host: tiggercoin.com
URL: https://tiggercoin.com/aads.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

2041917331aa6f89b1121bf5192fdf0cadae97cdfbf5e6c4cb5d83980dcdfdc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tiggercoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://tiggercoin.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:08 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://tiggercoin.com/
Content-Encoding: gzip

GET
DATA 200
OK truncated
/ Frame FD33 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DB73 68 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame 95B0 68 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK 300x250
static.a-ads.com/a-ads-banners/103763/ Frame 5E39 686 KB
687 KB 20ms
11ms Image
image/gif 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/103763/300x250?region=eu-central-1
Requested by: Host: acceptable.a-ads.com
URL: https://acceptable.a-ads.com/907989?size=336x280
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.155.251.148.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2191d31c59541b9c44346fde06c4e0ea2900c7ff88d084e8871ef13d2daa1326

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acceptable.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Last-Modified: Fri, 27 Dec 2019 12:20:30 GMT
Server: nginx/1.18.0 (Ubuntu)
x-amz-request-id: MCWWB2MZBXE0YARG
ETag: "28dd56aa4c3448923f2e06f6f90e1017"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 702864
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: KIPQ8aj2AKbgfuqCDbQF8bZCjZrg7.Bd
x-amz-id-2: O7Shi/mI5cVo4IY6Hwa1KQ03EDAMLUR8RiN0QDGxieXSZkcQ9alWcLoEsgpduXUutmUsshjqLO4=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 5E39 68 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK 728x90
static.a-ads.com/a-ads-banners/280720/ Frame 61C2 300 KB
301 KB 47ms
22ms Image
image/gif 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/280720/728x90?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/1105819?size=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.155.251.148.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6e26d8cea058345730958e81c48fcdc5a69f59e61ba18228ffac1944e621d252

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:08 GMT
Last-Modified: Fri, 08 Oct 2021 09:07:06 GMT
Server: nginx/1.18.0 (Ubuntu)
x-amz-request-id: V3DBBGS2PEA15D57
ETag: "60db98e9fa8dfd6a3eee9dd2f3df062b"
Content-Type: image/gif
Cache-Control: max-age=315360000
x-amz-replication-status: COMPLETED
Content-Length: 307438
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: huRyDe4_PRCqQG3aPDoRbAJU0VWvef1I
x-amz-id-2: ZirBVVWKH58vD6o/FIQc8lp6Rdv0/d7srUJtkIXr2Vq8b7d/gvxW0FuMJI8bl/dVRovVyYIVTv8pYICq0ilGFw==
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 61C2 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3796 68 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/gif

GET index.php
www.gab.ag/ Frame 2B26 0
0

GET
H/1.1 200
OK 1110727 Show response
ad.a-ads.com/ Frame C8F6 6 KB
2 KB 24ms
24ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1110727?size=728x90

Requested by

Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=aueducation&width=300

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

124d2a56354f3e469966d5ac3551331268911cbd9de0b4d51eed3781a9899fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad2bitcoin.com/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:10 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://ad2bitcoin.com/
Content-Encoding: gzip

GET
H/1.1 200
OK 728x90
static.a-ads.com/a-ads-banners/280720/ Frame C8F6 300 KB
301 KB 21ms
20ms Image
image/gif 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/280720/728x90?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/1110727?size=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.155.251.148.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6e26d8cea058345730958e81c48fcdc5a69f59e61ba18228ffac1944e621d252

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:10 GMT
Last-Modified: Fri, 08 Oct 2021 09:07:06 GMT
Server: nginx/1.18.0 (Ubuntu)
x-amz-request-id: V3DBBGS2PEA15D57
ETag: "60db98e9fa8dfd6a3eee9dd2f3df062b"
Content-Type: image/gif
Cache-Control: max-age=315360000
x-amz-replication-status: COMPLETED
Content-Length: 307438
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: huRyDe4_PRCqQG3aPDoRbAJU0VWvef1I
x-amz-id-2: ZirBVVWKH58vD6o/FIQc8lp6Rdv0/d7srUJtkIXr2Vq8b7d/gvxW0FuMJI8bl/dVRovVyYIVTv8pYICq0ilGFw==
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame C8F6 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bootstrap.min.css
www.gab.ag/assets/components/bootstrap/css/ Frame 0C0A 152 KB
24 KB 21ms
20ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/bootstrap/css/bootstrap.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:21 GMT
server: cloudflare
age: 5503
etag: W/"5df12465-2606e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uoGD7iL0rCmBYvP9yg9A2Tb4W3w6J962Dlvle2ArziUBrMR92cvyNLSDd1xycWCta3Nogwq%2FXsmIWKfioFl5Ti3DyzZerDj3vxAqOajqVKCuaqQ1F1YVE%2B%2Fwf3s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c392e410d-PRG

GET
H2 200 font-awesome.min.css
www.gab.ag/assets/components/font-awesome/css/ Frame 0C0A 30 KB
7 KB 21ms
19ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/font-awesome/css/font-awesome.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:38 GMT
server: cloudflare
age: 1078
etag: W/"5df12476-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oeO06350hh41RwuoityTxB6busVdgN6npiaFuSrwmeCjaHDnWKNphtF8pN2rLkHEBZScXCuR3WoTO2KwLwGPZh1jWXfEgc77A9OwSaucCDXn%2Ff90Fsb%2Bkqhpojc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c392f410d-PRG

GET
H2 200 jquery.min.js Show response
www.gab.ag/assets/jquery/ Frame 0C0A 95 KB
34 KB 24ms
22ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jquery/jquery.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a69fb479b5382d113b7dd50923eeb1e743dfa6841500d28ab96b11a93f0abeea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:11:33 GMT
server: cloudflare
age: 3359
etag: W/"59c687b5-17ba0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1nF67NMTrKKSUUJSNHR%2F97Ee3CJTfaolLUk3G1pxRQiVWv3fziLIg1eNR%2BHlrdkYxYy7iLHq8wGGsjbpljr7aQMM04rgmkBieIPdABa2acFZL%2B23JdXyzIGs1M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3930410d-PRG

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ Frame 0C0A 21 KB
8 KB 43ms
18ms Script
application/javascript 104.16.89.20

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.89.20 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gab.ag/
Origin: https://www.gab.ag
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2711438
x-jsd-version: 1.16.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19145-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 69c41f1c5d981f51-FRA

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ Frame 0C0A 59 KB
16 KB 19ms
16ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gab.ag/
Origin: https://www.gab.ag
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 14758797
cdn-cachedat: 2021-04-23 07:14:53
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 1edfa969acb3be0bd7798ad472fe3975
cf-ray: 69c41f1c3f902bd6-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 jquery-ui.min.js Show response
www.gab.ag/assets/jqueryui/ Frame 0C0A 248 KB
68 KB 37ms
34ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jqueryui/jquery-ui.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9852ccf03b383d1b3855c1983e18258fbdf07999ff77a68327ed0413466db4f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:11:37 GMT
server: cloudflare
age: 3359
etag: W/"59c687b9-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2TPWICuvNENPerx8anbNc0vQjysbhU6p4cwc7vN1wKzSBFx8wqUPgnluEtJ5sWjAHF6aT9bhohco5D%2FtsppWZFBKMxz0DYf%2Bwhhu83YClZog05CCW7R1pXGFR1w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3931410d-PRG

GET
H2 200 evolutionscript.js Show response
www.gab.ag/assets/evolution/js/ Frame 0C0A 14 KB
4 KB 35ms
33ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/js/evolutionscript.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8be2a4d9b5c58396029b73f7f4786649bf20be679133cccf2130741f3786348d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 16:39:08 GMT
server: cloudflare
age: 3359
etag: W/"5df11bac-37e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFYQpDYDGpBzldulkpfG2aLVOka7u7i166vdpdfGuKmYJt4C6GbgDt%2BYmp%2FZ%2FOSEh1Q%2F2M3IibzczSvRdI0X%2B255rtGJPiCMQxnAUMeH1YJlUrfAVt20V9QgVDk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3933410d-PRG

GET
H2 200 l2blockit.js Show response
www.gab.ag/assets/evolution/js/ Frame 0C0A 4 KB
2 KB 23ms
21ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/js/l2blockit.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba57ba8c83b63763e70005c9b1840d8d7e8c71611969265aa5675aae93ead18

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 16:39:09 GMT
server: cloudflare
age: 3359
etag: W/"5df11bad-f2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jf3NLI0gWhGjw52cWYI1emPGP5s0HO0NrBQNYrL69YMSSk603DtJvX9tLqZZjg0MZlkfknI0BxGRGD2dQ83Kj7%2B7ZVS0FjX6NFBbEJwtnYm%2BU%2B4ccmevwUzCipk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3934410d-PRG

GET
H2 200 bootstrap.bundle.min.js Show response
www.gab.ag/assets/components/bootstrap/js/ Frame 0C0A 77 KB
23 KB 36ms
34ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/bootstrap/js/bootstrap.bundle.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:30 GMT
server: cloudflare
age: 3359
etag: W/"5df1246e-1332b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQkiySF2fV8UsB6Ite11nCu1VM21ZxWiNTjnwe%2FxA%2B%2BUfiG0skYR3GgHswVV6yXlWMmgjPm4kkl0tjak8WrWbjaubILjnEyVqA4bQ9GalyRTO24IBzRF3KoGOMM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3936410d-PRG

GET
H2 200 sdmenu.js Show response
www.gab.ag/assets/evolution/css/33brushes-styles/js/ Frame 0C0A 4 KB
1 KB 36ms
34ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/js/sdmenu.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9342eaeb6d2acb526ecb319ddbe84a493bd115040df5be3c83ec88ff3e337dde

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:02:15 GMT
server: cloudflare
age: 2351
etag: W/"59f0c397-e20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1aDmlpyc%2BtM4BPQIS0FN8w81mxTv6lNBCNnSnDgMqeLerlnAYQU1t41qrh7AKfrfKX3yLQ%2BGTQhHYgnL3iu3KwEOM4IEw9mJfxPEV6%2FrBt49ycmUQJrfa50NWX8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3937410d-PRG

GET
H2 200 jquery-ui.min.css
www.gab.ag/assets/jqueryui/css/ Frame 0C0A 31 KB
8 KB 35ms
33ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jqueryui/css/jquery-ui.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efaaa09c3b1e7b374e13123fe496ba19e53ac74386fa136d09fdb34701c76755

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:14:26 GMT
server: cloudflare
age: 1078
etag: W/"59c68862-7b5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hzT5ELcR0jrkRM%2BBo6FJs0LYisnClVWDFLR8bhsnz9iAbS0UlGGcY9QXDQ%2F%2BP0KWez0mc3hdIKlcO9E0m%2BSliyhDRLr7eS1Z%2BplRr0lqox9qjE5DYN%2FVqFTGX%2F8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3938410d-PRG

GET
H2 200 global.css
www.gab.ag/assets/evolution/css/ Frame 0C0A 21 KB
5 KB 35ms
33ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/global.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ae20896f1fa269e4a066a4f15cb0d0c0263c78f1bc3f69caacaa5e15f66aea0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 Dec 2019 20:27:25 GMT
server: cloudflare
age: 1078
etag: W/"5df93a2d-55e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1J83u9it1TygQLTTqzNCY%2BrfX9Rqhs1NVjY7v3NoSDQyzqMKkMPL4a1Ipw87qrcf%2BQoyH7tolDFO101gFLaLglNKe6sPDzC6U14y7i%2BKo%2FtruK6JnRw72j9SkE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c3939410d-PRG

GET
H2 200 site.css
www.gab.ag/assets/evolution/css/ Frame 0C0A 25 KB
6 KB 36ms
35ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/site.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae757987affdde9f2411be14b4cd5f17a0ad6eaa744e9f7ecca8338466055bbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 Dec 2019 20:22:00 GMT
server: cloudflare
age: 1078
etag: W/"5df938e8-62c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=povCI%2FulPuQ6VYEazYdNiJbkrQ3n8lLS829rPO9Kq7%2FhNLatjdpFx95mkY%2BcCtU%2B6dMUlCQgHkRpIzzESV%2BalkJ%2FwNJ1%2BabswXyo5TcCO%2BApjd4WwDWC%2FnKdnjA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c4941410d-PRG

GET
H2 200 core.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 0C0A 43 KB
7 KB 37ms
35ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/core.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd62e8a4e85eae2ab9c3143ffb85ec24428af4b98b2df89e75903ea7bc33493f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 13 Dec 2019 20:45:01 GMT
server: cloudflare
age: 1078
etag: W/"5df3f84d-ac4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ausWxMMy7LW1%2BUT%2F2DJG3gEbKjqIQfaPUVclJAqBqWaPRaQbwVqYRmMcq8uwo3JVTjlaC4omp1Nn%2FLwN0qxOKnAT7LGwcSOqpxjtLh5nhqXWoQNlXecp%2BhEvWxA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c4942410d-PRG

GET
H2 200 33brushes-custom.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 0C0A 114 KB
19 KB 37ms
35ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b1376c0b817203f501f2be50a8bc4ca8b67e4e069f3dbd7775eaa7ef9b65c77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Dec 2019 07:07:51 GMT
server: cloudflare
age: 1078
etag: W/"5dfb21c7-1c74a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dr%2BW%2BzsGl4Kzu%2FcDY94nEcZ8tZpxQqw%2FVifZW5Ky1qlXUMmPZQaG3h1cKIFEguCD99JfRl57kEXn319A0KN0KK8JkNv193t3XxidsrrTyhilLAObpfmIu%2BGElzA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c4943410d-PRG

GET
H2 200 cus-icons.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 0C0A 36 KB
5 KB 36ms
35ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/cus-icons.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c00d3d5af73123689b9baf2b54f0f7a08ec93f68cd6c15c61dbae8ebb7db90e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:01:46 GMT
server: cloudflare
age: 1078
etag: W/"59f0c37a-91ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LUyhZWB2HeaHRMMhPGuwZbRva%2Bh9wHjwlqKw9mH5btJXEott%2FvSMx6rR9Cu9qel%2FSgLFb1yORqrSv8Lp%2Famoc%2BjHckeP3n6MdmadjAiTLaylA0uA43W4i7ltUxo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c4944410d-PRG

GET
H2 200 sdmenu.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 0C0A 2 KB
1 KB 36ms
34ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/sdmenu.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5f0aaeb1391bc2af45ecc74f7db25f1bb39a5fa82c7e721c3118d2273725291

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:01:43 GMT
server: cloudflare
age: 1078
etag: W/"59f0c377-8f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JRE0pLsPcE2dvDBk5y9gIwgWk5rmLtTqQtyto%2Bl51meIUzdUJdMW5xongTT%2FBOw2swKbFh5q%2B9GYpSCFdsKUntsdcQ7cIBTBa1W1k4mOvUGZPU9yKE26JmDkjQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1c4945410d-PRG

GET
H2 200 css
fonts.googleapis.com/ Frame 0C0A 8 KB
1 KB 40ms
16ms Stylesheet
text/css 216.58.212.138

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.138 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

d562e856fbfe2fc2ffa00479809da1ddf3b16bc9b4b90363e633bf4d86d38bde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 00:17:34 GMT
server: ESF
date: Mon, 11 Oct 2021 00:55:12 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Mon, 11 Oct 2021 00:55:12 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0C0A 1 KB
542 B 42ms
18ms Stylesheet
text/css 216.58.212.138

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans+Caption

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.138 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

4648845d5a4e1e4dd362de39677b2b09005d63a93ea458c0505779bc11abb939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 10 Oct 2021 23:36:43 GMT
server: ESF
date: Mon, 11 Oct 2021 00:55:12 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Mon, 11 Oct 2021 00:55:12 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0C0A 9 KB
818 B 50ms
26ms Stylesheet
text/css 216.58.212.138

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.138 -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

b0c6270c06376a439c78b771536429905666d4899fea1561e7d9a4b1d8a2eca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 10 Oct 2021 23:04:58 GMT
server: ESF
date: Mon, 11 Oct 2021 00:55:12 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires: Mon, 11 Oct 2021 00:55:12 GMT

GET
H2 200 widget.min.js Show response
arc.io/ Frame 0C0A 7 KB
3 KB 34ms
7ms Script
application/javascript 52.222.214.85

General

Check archive.org

Show headers Download Go to

Full URL

https://arc.io/widget.min.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.214.85 -, , ASN (),

Reverse DNS

Software

Resource Hash

23fab5dab2da896b3e04b655de0c5ad9a47940beeb49def59fe90a83dd5ec8fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: br
last-modified: Fri, 03 Sep 2021 02:37:57 GMT
age: 2278
etag: "61318a85-b76"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600, stale-while-revalidate=864000
date: Mon, 11 Oct 2021 00:17:14 GMT
x-amz-cf-pop: FRA56-P3
content-length: 2934
via: 1.1 d79861a030d3421826a919f9c2b00147.cloudfront.net (CloudFront)
x-amz-cf-id: JNyzBfxH8zrRZm99_WzN0oHQNTjDqyp_-Z7r0S2wCHNIiKynR-OdYg==

GET 3959740.gif
s4is.histats.com/stats/i/ Frame 0C0A 0
0

GET
H2 200 1047672 Show response
adhitzads.com/ Frame 0C0A 448 B
880 B 83ms
36ms Script
text/html 172.64.142.12

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/1047672
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.142.12 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd4d63ec221017a4be24d2194abe9188f300b98946f29a1e2ddb0e7ce64e374

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4qDBFSWKJamKQ%2FKxlIBx4Df9pjhU1LtQXWw4LXzTn2vDlPTk2rvfzXKLrdmaiYSkvQ6MOi%2B8B6bXX%2FruzcrLcyXFZkK9Vuw8EE3NCY53Yz7IS7F4R%2BW0gbj37br5jub"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 69c41f1ceeaa411a-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 11 Oct 2021 01:55:12 GMT

GET
H2 200 969200 Show response
adhitzads.com/ Frame 0C0A 447 B
543 B 57ms
49ms Script
text/html 172.64.142.12

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/969200
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.142.12 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fb0956632beb2db3c5099d6000ac4875a7373695db584327aa079b582e838da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQPuOyoVcEOMq7xErIlfMyvltGrgaQ1CmTzSBIGdUTHTskdl1qtcqMOEj%2BzhISzlxbrqtGCcIg16RLSLDMj5d9TGEHO4nMoAJIHXPy0Ceo79iBhBuICGonMwXPHjDX9G"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 69c41f1ceeab411a-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 11 Oct 2021 01:55:12 GMT

GET
H2 200 reklamstore.js Show response
adserver.reklamstore.com/ Frame 0C0A 96 KB
29 KB 55ms
7ms Script
application/javascript 52.222.214.30

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver.reklamstore.com/reklamstore.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.30 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 92e83fdf1ed8bb4a50fb72331cb20f536a1159ce55d523ebfca3441ce8e30294

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 02:17:15 GMT
content-encoding: gzip
last-modified: Mon, 28 Jun 2021 18:35:51 GMT
server: AmazonS3
age: 160366
etag: "78cf0f1f296c61b336db981022359dbc"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 63f629236e2f93bf1af732a50e42e587.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P3
content-length: 29778
x-amz-cf-id: 8YNQKiTddPRSj_UjvlLhGRXnxDn-NTZscqdj_XKFHmJzIsKrnaH-NA==

GET
H2 200 x.png
www.gab.ag/ Frame 0C0A 184 B
511 B 24ms
20ms Image
image/png 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/x.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0db53c29f47ea31122d7c6b88a22220ca50ce9a298abea4471d36f76d26b8cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
cf-cache-status: HIT
last-modified: Thu, 24 Jun 2021 02:42:31 GMT
server: cloudflare
age: 4713
etag: "60d3f117-b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfcazJyQQzBsazsqzzB4VUh6dqJluEQbFWl3mEJ3jiBXj7koY6Nr9je4vrrzcdaDMUp0OFvbuJ1fy9lAjM47IZIBb9xhPvaWK%2FNs0BWVl5cUcAX5HGx3vDQBqb8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69c41f1d0980410d-PRG
content-length: 184

GET
H2 200 969390 Show response
adhitzads.com/ Frame 0C0A 447 B
544 B 54ms
48ms Script
text/html 172.64.142.12

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/969390
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.142.12 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f5e5250f5e145b8941a549bd962a93b3ba45c55868cb13e9e439fd2f02a5763

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgRn1CoZ%2BOkMSjiFZsQpg3uZloevXkXMdBYPXc5I1OEPd4EQ3OUUMR153%2FBI5TuwgWp97eO8i8bM0Z3A5jv0NiDVXk0Ebck6aH1ph8kuWrv6ajtlzc2vUw%2FURMf4HNvd"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 69c41f1ceeac411a-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 11 Oct 2021 01:55:12 GMT

GET
H2 200 jquery.blockUI.js Show response
www.gab.ag/assets/components/blockui/ Frame 0C0A 19 KB
7 KB 21ms
20ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/blockui/jquery.blockUI.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a106b0f8926e51c250f5055831c1673f12020d3fa1bfcfa4bb14f614dcd31a17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:05 GMT
server: cloudflare
age: 2897
etag: W/"5df12455-4dfe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lpqP1TaY9978W7%2FoC0oy1deAXiqELBfRNZKBEHnBoX%2FL6dKDTi7DypRlSelaKkrLrew7RyrJr%2BENLAkQipinDCYuRnkfgF2ELWXGvA1XlsuGr1bZEPzGsWWna8E%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1cd969410d-PRG

GET
H2 200 ajaxSubmit.js Show response
www.gab.ag/assets/components/ajax_form/ Frame 0C0A 2 KB
887 B 20ms
19ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/ajaxSubmit.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3474f9e42f470faef4db25d456e1370e9cdacef7deab620d90362e86f2d933e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:03 GMT
server: cloudflare
age: 2897
etag: W/"5df12453-77a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FzpbHQacJEtnZEEGBE65OGKQ%2FG8%2BCMzS9le3kJ3u%2BfdxznPzHOeGRKX4JJS4MlthA0%2Bn%2B8pY0z%2F4uwKP7npFFkQFn6wCxh4a3HAK4X30wlab%2FWHE4HyVu9%2FWWeI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1cd96a410d-PRG

GET
H2 200 alerts.js Show response
www.gab.ag/assets/components/ajax_form/ Frame 0C0A 1 KB
676 B 21ms
20ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/alerts.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6491f4fd82597aa8a54e50b21a3d98427153039ad0dbc6bd99639a77e90cade2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:03 GMT
server: cloudflare
age: 2897
etag: W/"5df12453-497"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S2m4gLhC4hHQ9yonPTnHKOKGoJhPxv2uJ2plEK%2BVJ98c18BMmrXWQUINtoMZAz1KsTd4dq4oVlsqQr9JHfh4ByQzPhDZiFhji%2BOh9bB%2FnmF%2BxBKkm91Mzo%2F7rQQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1cd96b410d-PRG

GET
H2 200 forms.js Show response
www.gab.ag/assets/components/ajax_form/ Frame 0C0A 4 KB
1 KB 19ms
19ms Script
application/javascript 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/forms.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcca172fb8956a6cb32cc2e0938b4658afc275ddabe650e890cfdd13924c9d44

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Jul 2020 23:29:29 GMT
server: cloudflare
age: 2897
etag: W/"5f1f6359-10bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRWrTKDTqgL4uR%2FnYVyUqhwIs5%2BAN5D2J8TsaaZopDIKTan5PmOLVbGQDgKBDYkFtt8xCElCa0kc3Gu6jKXySXBR%2F6Lt6xKjchDR%2BNxQ0Y%2FNSwfMGakZJhUpwC0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1cd96c410d-PRG

GET
H2 200 uicons.css
www.gab.ag/assets/evolution/css/ Frame 0C0A 71 KB
9 KB 20ms
19ms Stylesheet
text/css 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/uicons.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/global.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b3e012f4506ee657c139ef677a5b5e8ce4504655cb7ac403a2cfe6e5a1af425

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/assets/evolution/css/global.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:13:32 GMT
server: cloudflare
age: 4713
etag: W/"59c6882c-11cf1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mJ0aKIVgSS3PifOXIAOqpxCVtD7OtVDaah3bJLag%2FHT5ZnomPHKieZZkmI8pDbF3oylc%2BZfyiOJEhW3DO3FSJmo5SUmuTFhH8TaPv7hvPSYsB7YbSA1oZUIqWzU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 69c41f1ca956410d-PRG

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ Frame 0C0A 45 KB
17 KB 53ms
13ms Script
text/javascript 216.58.212.136

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.136 -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 7065
date: Sun, 10 Oct 2021 22:57:27 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 11 Oct 2021 00:57:27 GMT

GET A860A4556C60
mellowads.com/view/ Frame BE1E 0
0

GET
H/1.1 200
OK 860840 Show response
ad.a-ads.com/ Frame 966E 6 KB
2 KB 21ms
21ms Document
text/html 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/860840?size=468x60

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.232.155.251.148.clients.your-server.de

Software

nginx/1.18.0 (Ubuntu) / Phusion Passenger(R)

Resource Hash

a8f97e00b2b1f6bff529d36960447ea8e26abaf5c5a5c006408e9b119feabb4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 11 Oct 2021 00:55:12 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger(R)
X-Original-Referer: https://www.gab.ag/
Content-Encoding: gzip

GET B8AE533AA3BB
mellowads.com/view/ Frame 503D 0
0

GET
H2 200 wrapper.jpg
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame 0C0A 77 KB
78 KB 24ms
17ms Image
image/jpeg 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/wrapper.jpg
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19f8b06b5a73ee52551631b6c30b25218eb9efcb2cbb5e1b8818de7accff1f62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4713
content-length: 79061
last-modified: Wed, 25 Oct 2017 17:01:53 GMT
server: cloudflare
etag: "59f0c381-134d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lwz1S8JGeF6UVkJx6nKV55O9xuZroMsqJfja901Y3Y9nx9I2cyOp0W84TjklX6joTQZpBX2tSJHH%2FAz0KJcULbsX4KeWgkox1mt%2B5NgG4zvq95rQ3xnvDqLbyvM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 69c41f1d097e410d-PRG
cf-bgj: h2pri

GET
H2 200 logo.png
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame 0C0A 19 KB
19 KB 21ms
17ms Image
image/png 104.26.8.100
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/logo.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d2f44d1c5763fd34f43813d77acf6a6ff6a96b5443450331321645866c425b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:02:06 GMT
server: cloudflare
age: 4198
etag: "59f0c38e-4a00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BmRiI4PMfqf7tbT7pQ5K6vYEjv%2BK%2FU9egnNsoDuTRT2WjJlRpW%2FdcWCsS99i1wd3l6JadFwRIv1jWghRXG%2Bk5mdjHZySNl2VclHRNCgfTDxErkklltQ4fWq0b%2BA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 69c41f1d097f410d-PRG
content-length: 18944

GET
H3 200 0FlMVP6Hrxmt7-fsUFhlFXNIlpcaeg_x.woff2
fonts.gstatic.com/s/ptsanscaption/v13/ Frame 0C0A 38 KB
38 KB 8ms
7ms Font
font/woff2 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsanscaption/v13/0FlMVP6Hrxmt7-fsUFhlFXNIlpcaeg_x.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans+Caption

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

2cc2dc463136f83997692baae0211e0c1d9573159476a988d20e1a6afe9a8c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.gab.ag
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 08 Oct 2021 15:48:27 GMT
x-content-type-options: nosniff
age: 205605
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39328
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 04:43:52 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 08 Oct 2022 15:48:27 GMT

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ Frame 0C0A 44 KB
44 KB 13ms
13ms Font
font/woff2 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.gab.ag
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 17:04:31 GMT
x-content-type-options: nosniff
age: 287441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44760
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 16:50:17 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 07 Oct 2022 17:04:31 GMT

GET
H/1.1 200
OK 468x60
static.a-ads.com/a-ads-banners/117620/ Frame 966E 156 KB
157 KB 22ms
22ms Image
image/gif 148.251.155.232
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/117620/468x60?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/860840?size=468x60
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.155.232 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.232.155.251.148.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d8b5a182bc67221d6aca1ae17ae45734e487e51959af519203bbc0b088b94062

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 11 Oct 2021 00:55:12 GMT
Last-Modified: Sun, 19 Apr 2020 16:08:09 GMT
Server: nginx/1.18.0 (Ubuntu)
x-amz-request-id: 7EZ376GTFZAZQ10H
ETag: "d89cd17d5e22adfb5532615d116d84b8"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 160195
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: LKnGuoVSDoJ.bbTuKu8XrVLG1BNZQuT4
x-amz-id-2: QbrBXmBv2znSSc/73Ug1P+4Z2dSLwtFbuOH+PCfTNfuhuskGmX4B3w64873wntyJrodXD9vHuRs=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET core.js
static.arc.io/widget/js/ Frame 0C0A 0
0

GET broker.html
core.arc.io/ Frame 28AE 0
0

GET
DATA 200
OK truncated
/ Frame 966E 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
p3.adhitzads.com/ Frame 0C0A 0
304 B 50ms
41ms Script
text/html 172.64.142.12

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=1047672&p=237064879&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=1
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/1047672
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.142.12 -, , ASN (),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ja%2Ffs0574FEFHFy5Z0sHv6sWuplY1VWgUpVT7vyd1Yrf1lMmlKRlxGpGcbBi%2F6rx3vWM38s0QoegRkQ4t3%2BMi094yBIp47F2syFLXpP7jk68jcpk7HjH%2FecHTr30UeUZZMtk"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 69c41f1d3ed1411a-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET B8AE533AA3BB
mellowads.com/view/ Frame DFC5 0
0

GET
H3 200 /
p3.adhitzads.com/ Frame 0C0A 0
577 B 51ms
34ms Script
text/html 172.64.142.12

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=969200&p=237064879&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=2
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/969200
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.142.12 -, , ASN (),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 11 Oct 2021 00:55:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGwShEDVYrWNgYlp8HBYS1i5WF1iG%2B%2F8PG0U1rTa16pHa2XhM4SZKhZYXr60czewmpqdZO4UP4av0Y9jdvC8p0PojLOqgG9wrsldSLmzkdqzl%2FQhcmWwBisQKUQrQFYJ2rXC"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 69c41f1d9b4e412c-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET A860A4556C60
mellowads.com/view/ Frame 997A 0
0

GET A860A4556C60
mellowads.com/view/ Frame 013D 0
0

GET A860A4556C60
mellowads.com/view/ Frame 1D10 0
0

GET 1410164
ad.a-ads.com/ Frame 84E8 0
0

GET 9670CF766F96
mellowads.com/view/ Frame F159 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel.vidoomy.com
URL: https://pixel.vidoomy.com/reg.cgi?id=17681

Domain: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Domain: s4is.histats.com
URL: https://s4is.histats.com/stats/i/3959740.gif?3959740&103

Domain: mellowads.com
URL: https://mellowads.com/view/A860A4556C60

Domain: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB

Domain: static.arc.io
URL: https://static.arc.io/widget/js/core.js?4c137d4

Domain: core.arc.io
URL: https://core.arc.io/broker.html?4c137d4

Domain: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB

Domain: mellowads.com
URL: https://mellowads.com/view/A860A4556C60

Domain: mellowads.com
URL: https://mellowads.com/view/A860A4556C60

Domain: mellowads.com
URL: https://mellowads.com/view/A860A4556C60

Domain: ad.a-ads.com
URL: https://ad.a-ads.com/1410164?size=728x90

Domain: mellowads.com
URL: https://mellowads.com/view/9670CF766F96

Verdicts & Comments Add Verdict or Comment

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
toglooman.com/42	1970-01-20 06:37:29	Name: OAID Value: be48db62df3146e3a48499eed707313a
toglooman.com/42	1970-01-20 06:37:29	Name: oaidts Value: 1633913707
.scorecardresearch.com/	1970-01-20 15:08:41	Name: UID Value: 1AGIRUDA3LPZ7AHOSRJ3NLg1633913707
.au-education.xyz/	1970-01-20 07:13:29	Name: __gads Value: ID=745de5de8ffbfa27-22251608f0ca0007:T=1633913706:RT=1633913706:S=ALNI_MYtc5T_mQwn-Ia_k8a81Qp3wQiUew
.doubleclick.net/	1970-01-19 21:51:54	Name: test_cookie Value: CheckForPermission
bedrapiona.com/	1970-01-20 06:37:29	Name: OAID Value: 946be6b73f164597bd0772c846991f65
bedrapiona.com/	1970-01-20 06:37:29	Name: oaidts Value: 1633913707
bedrapiona.com/	1970-01-20 06:37:29	Name: EOAID Value: 8050ab91d2db41ce9927df2364fb9d30
toglooman.com/	1970-01-20 06:37:29	Name: scm Value: 1
toglooman.com/	1970-01-20 06:37:29	Name: OAID Value: be48db62df3146e3a48499eed707313a
toglooman.com/	1970-01-20 06:37:29	Name: oaidts Value: 1633913707
onmarshtompor.com/	1970-01-20 06:37:29	Name: OAID Value: 946be6b73f164597bd0772c846991f65
onmarshtompor.com/	1970-01-20 06:37:29	Name: oaidts Value: 1633913707
my.rtmark.net/	1970-01-20 06:37:29	Name: ID Value: 946be6b73f164597bd0772c846991f65
www.au-education.xyz/	1970-01-19 21:51:53	Name: prefetchAd_4514891 Value: true
dozubatan.com/	1970-01-20 06:37:29	Name: OAID Value: 946be6b73f164597bd0772c846991f65
.au-education.xyz/	1970-01-20 06:37:29	Name: _ga Value: amp-XWdh4I4-fkZRt1yu44JQ4A

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.au-education.xyz/login.php Message: Failed to load resource: the server responded with a status of 404 ()
javascript	warning	URL: https://www.au-education.xyz/login.php(Line 453) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.effectivedisplayformat.com/55bf6df81d4797fab837a9697a190111/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.au-education.xyz/login.php(Line 453) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.effectivedisplayformat.com/55bf6df81d4797fab837a9697a190111/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://pl16633601.effectivecpmgate.com/49/dc/4f/49dc4fc51504f6415c7e3814d6d8926d.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://pl16633608.effectivecpmgate.com/bc9ad15dda476eed8f62c3e70266a2c8/invoke.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.effectivedisplayformat.com/55bf6df81d4797fab837a9697a190111/invoke.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://pl16633601.effectivecpmgate.com/49/dc/4f/49dc4fc51504f6415c7e3814d6d8926d.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.au-education.xyz/sw.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
2.bp.blogspot.com
acceptable.a-ads.com
ad.a-ads.com
ad.gab.ag
ad2bitcoin.com
adalso.com
adhitzads.com
ads.vidoomy.com
adserver.reklamstore.com
adservice.google.com
arc.io
bandirun.com
bedrapiona.com
blogger.googleusercontent.com
cdn.ampproject.org
cdn.jsdelivr.net
cdn.onesignal.com
core.arc.io
donaldco.in
dozubatan.com
fonts.googleapis.com
fonts.gstatic.com
get.cryptobrowser.site
googleads.g.doubleclick.net
i.ibb.co
iclickcdn.com
interst12.com
littlecdn.com
maxcdn.bootstrapcdn.com
mellowads.com
my.rtmark.net
onesignal.com
onmarshtompor.com
p3.adhitzads.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.vidoomy.com
pl16633601.effectivecpmgate.com
pl16633608.effectivecpmgate.com
propeller-tracking.com
pseepsie.com
s4is.histats.com
sb.scorecardresearch.com
smurfgo.com
ssl.google-analytics.com
stackpath.bootstrapcdn.com
static.a-ads.com
static.arc.io
tiggercoin.com
toglooman.com
www.adthurst.com
www.au-education.xyz
www.effectivedisplayformat.com
www.gab.ag
www.google-analytics.com
www.scarlet-clicks.info
ad.a-ads.com
core.arc.io
mellowads.com
pixel.vidoomy.com
s4is.histats.com
static.arc.io
www.gab.ag
104.16.89.20
104.168.58.149
104.18.10.207
104.18.225.52
104.21.79.4
104.21.80.8
104.22.25.116
104.26.13.118
104.26.6.17
104.26.8.100
13.32.121.17
139.45.195.8
139.45.197.234
139.45.197.237
139.45.197.239
139.45.197.240
139.45.197.243
139.45.197.250
142.250.181.226
142.250.185.163
142.250.185.66
142.250.186.147
142.250.186.174
142.250.186.65
148.251.155.232
152.228.223.13
172.217.18.97
172.64.142.12
188.72.201.86
192.243.59.13
192.243.59.20
216.58.212.136
216.58.212.138
23.95.12.218
23.95.12.219
3.129.250.65
52.222.214.30
52.222.214.85
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
01a91cef52f9849703fb84a945f9fb51b9debf7ac36730043d097c3865550e8c
0491492f45a37ae8dd753622b824da1849ced9dd28f2043557c8d6dc84ff689e
051553ff7babb168d5b46e4a1442337deccaefc1db5fd178af2a753800daac94
091856095b903c1595ff23b4f6f5fba011ea219f78cd1817424beeda5709f1a6
0b5f1d872289143e9aab4ea1b8e1b6a9f36e1cc9b60227ddd6ef08830588efc1
0c5e0d20cb8462c02110f58a28e2a26ca62049645c9cc701774497b4911e3e26
0e13589a0a7baf0b5dfa4f09662faf348b1b9d70c0f8d89adc25243fea19b626
124d2a56354f3e469966d5ac3551331268911cbd9de0b4d51eed3781a9899fc5
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
178ab8a4adb9fa71988038fea8fa398a970aebe7c734647b7cd6eebb927da889
19f362b8270f24033bb3822bc08eeee3f431c8e2ad0c2e33cbf83bfbc8f70dc6
19f8b06b5a73ee52551631b6c30b25218eb9efcb2cbb5e1b8818de7accff1f62
1dfaca30d1566485405e2821a569f99925141e5d93b3427ae40f42d3f0911705
1e4396afc21ca51b7636a55470b279c49b39abfe9da4c0883a2d2dc8dd17c533
20267f0513001856356e603cfb7ac86e6417b2b2bc2488657dd2c01675cfb941
2041917331aa6f89b1121bf5192fdf0cadae97cdfbf5e6c4cb5d83980dcdfdc5
2191d31c59541b9c44346fde06c4e0ea2900c7ff88d084e8871ef13d2daa1326
233b124d917b9a53fb219b29af4a784486049b10134848ba993b885f9a4b1a5c
23fab5dab2da896b3e04b655de0c5ad9a47940beeb49def59fe90a83dd5ec8fd
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2ae20896f1fa269e4a066a4f15cb0d0c0263c78f1bc3f69caacaa5e15f66aea0
2b5df8b341740add635fa41b6c2fc6ca778dd48e72bb8be848da98abd16b6e12
2c00d3d5af73123689b9baf2b54f0f7a08ec93f68cd6c15c61dbae8ebb7db90e
2cc2dc463136f83997692baae0211e0c1d9573159476a988d20e1a6afe9a8c2e
45ebff2267b29415899e6eb1af5ea220c8f65971bfeac634207ed6071599dc15
4648845d5a4e1e4dd362de39677b2b09005d63a93ea458c0505779bc11abb939
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
54713b9d1724743939ad4bb89e456ad179df917f6aa831f4ff26788a8eccd0c0
55326dbc21bd96146cb04fb34a0cd5e03a3861755629dbafa5be09621f25a61b
55c72f42fc6ee2c502a5f86fe215690719ce746f383ec8551af1f1fb66252b2e
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
607afef00fd5897e2ecbda82aa560057f1b9c6e5f97f613468b048903079890f
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
6267e7327e1e979d47a466eb3d4f4877961d5c1a132b765de9e1aa2df871a685
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6491f4fd82597aa8a54e50b21a3d98427153039ad0dbc6bd99639a77e90cade2
65340314569927c5d8da0366b2f500f643e3b9a19b9ab9ebf7bd26206414953f
6b3e012f4506ee657c139ef677a5b5e8ce4504655cb7ac403a2cfe6e5a1af425
6d2f44d1c5763fd34f43813d77acf6a6ff6a96b5443450331321645866c425b4
6e26d8cea058345730958e81c48fcdc5a69f59e61ba18228ffac1944e621d252
6fd4d63ec221017a4be24d2194abe9188f300b98946f29a1e2ddb0e7ce64e374
7330eb512c31cfbee5ba36ae8f5ea97f76ede9fc1b87b39b88ef40c4dcd99e2d
7380193fe2c6d29925884f7f4ea0184cca0364bb94f74fcf80a25cf28a2897ea
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b1376c0b817203f501f2be50a8bc4ca8b67e4e069f3dbd7775eaa7ef9b65c77
7ba57ba8c83b63763e70005c9b1840d8d7e8c71611969265aa5675aae93ead18
7c3918ed61f3a256e2f2f02ef82ac2077b5dd878005586f8fb0ebcc147699738
7d750c087a86d8396e4211fd3f6efe750d1f962be693e9045d540b78b6f897fe
7eaf10613dbcd8daf35ea78dc12558a25efcb5326ba7ba6af9eb4fbdde334637
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c
8065f98a0c313ee69495c3c529c6d093e08c980c4419bdf2c9c7318925056ead
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
841ad11917ce2897034a3f74ef8cb051039717f6084cc79f0acffe826e84b1a8
871975b8040629c7b43de81b1a0878f40991ec2f49caddd6441b5d1f8322aeed
89d93e12a15f6a5d57b5f8aca8bd1e6984dc4c8c5dec7840a8c8e8c8274c1568
8be2a4d9b5c58396029b73f7f4786649bf20be679133cccf2130741f3786348d
8d4b5a64b25bd09fa8e205cf7d0ad81f9c543c3f7e685f0bfee1d9a9b4dcca81
8dd23154bca42448833bb9b7498a34bd3c3ff932747b85a8f08732bae23617db
8e72afcd1a38e3ab0bb322104a9238e75dda48df9c455e5471bbaaece5207d83
8f5e5250f5e145b8941a549bd962a93b3ba45c55868cb13e9e439fd2f02a5763
928c8202d524d3c97c7220021e5ed9c583030740f1a609af9707008c98b42463
92e83fdf1ed8bb4a50fb72331cb20f536a1159ce55d523ebfca3441ce8e30294
9342eaeb6d2acb526ecb319ddbe84a493bd115040df5be3c83ec88ff3e337dde
94d89a6867a9b2b9f404f1347ecc94ee3817975acce43e39919317cc331c64ee
95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7
974e0c1f684ae1d7f594a71fc8bdbb6564246c85b6cd35f16e8127f79c24ec3c
9802d14f0ef67628d6f3471209d615b533909cc193e48a4bb12dfb4614be794d
9852ccf03b383d1b3855c1983e18258fbdf07999ff77a68327ed0413466db4f2
9ecd8680434d70230945dbb78df89bf158512dd727e3910ab2055e2e88063154
9fb0956632beb2db3c5099d6000ac4875a7373695db584327aa079b582e838da
a106b0f8926e51c250f5055831c1673f12020d3fa1bfcfa4bb14f614dcd31a17
a34f2de5d7b500c94149f29b27ca6a82b2247383f58a2637ab9ad3f306525a7b
a3c61cc2984ba70c42263a81388f0b947b3406e3e9426836534f32c8619aece3
a3db7763b08392cd24c576026bd7d3e2585b34ea47558418317537e5327a4576
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4f3862f41cebe8a91c5f533ee278b63b523de1af4bd8ea830c6ff27515f2e15
a5f0aaeb1391bc2af45ecc74f7db25f1bb39a5fa82c7e721c3118d2273725291
a5ffa4aa900695db6b3f8e3d53c6d12833ddb3cdc424763d88878cbf90f2e8d0
a69fb479b5382d113b7dd50923eeb1e743dfa6841500d28ab96b11a93f0abeea
a8f97e00b2b1f6bff529d36960447ea8e26abaf5c5a5c006408e9b119feabb4b
a93e35c968a1704afd997c891700547f0af51f807c7d09f1f16590cee18c04f3
aa3c176d03cb5d4e7a5d854d4f23056e1cdc12e65ba3b3bc05c78dec0fad02e3
abdae8aa8f4613eafbee6e7f74c5f8c2165dcae619b0a87a365144b3665dfcaa
ae757987affdde9f2411be14b4cd5f17a0ad6eaa744e9f7ecca8338466055bbc
b0c6270c06376a439c78b771536429905666d4899fea1561e7d9a4b1d8a2eca2
b3474f9e42f470faef4db25d456e1370e9cdacef7deab620d90362e86f2d933e
b5c448144abebd143fcc0fbae2a041e795c38962ef504f44aa8462ec492fdcf7
b63fe792eca92d7cb67c652ddc4e76692c7f7f0899316ada620039b6438b8961
bcef0af5a6953da87ed9353729f60db60540b4bc5c9081b98bfae84f97e9128f
bd1bc7dcc959a4c5aba56c4231e35363fd453df6d240f24e714df91ce1f5b2ea
bd62e8a4e85eae2ab9c3143ffb85ec24428af4b98b2df89e75903ea7bc33493f
be88718a0eb175ebc4385600fe4168853a2ba705d814d2f9887ca7aa8cbd9238
bffdc928fdee3304215707f3ceb75e5c5f9e55336d0aad2cb1786b19fba67149
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
d0db53c29f47ea31122d7c6b88a22220ca50ce9a298abea4471d36f76d26b8cc
d12ec824a66b6ad652e1cf0952853b6ba3053dd76a84bbcf4bdb3c055e411c78
d1eb8cf889202f439bb6bd1a03049b2e71953c7c0a5aadddde498cbea9bcadac
d224433df14f81e032432a5d9afc0a5af694f292e19013a0068d8898f61add3e
d513872c2565682a050bcda4978c78ee69921693d1de653a00ccdb7f763f4f89
d562e856fbfe2fc2ffa00479809da1ddf3b16bc9b4b90363e633bf4d86d38bde
d689f82085ce6ddcc0e7bfc1bec691728d5acfcbf32d083de362922ecc802227
d7169397334d4a658dd9c1dd27a8fdac0d981d89c1bea30d6bdc5d88654c86d5
d8b5a182bc67221d6aca1ae17ae45734e487e51959af519203bbc0b088b94062
db02aedeb08fe64136e1380293224bd9d7c1a330b75ae2823251f7636cd6bc4f
db51076f1d8b3485efa61cc9eb700937cc52fae112ca5a27c037e8854e5f1420
dcca172fb8956a6cb32cc2e0938b4658afc275ddabe650e890cfdd13924c9d44
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e59f39fd9be6b3737942676248d273b23f94ab60f7b7e608230d6a107dccb7ac
e79b140c856cb9e24e4087e4b7b2aa2a41dc2f2cdd6058d51eb926c8a31558de
edcc9575094e3064f2f71db2d1512f4ea0aad231173c1455e9a125fc85ef97dc
efaaa09c3b1e7b374e13123fe496ba19e53ac74386fa136d09fdb34701c76755
f02c0dbef87917bf667ab79728f4f49cc98225624fc6c5c5afe635bee1ef4843
f2521c69cc05581c61955f96dc2fab6d24db0747c3c24912584a742d61835ad8
f373dc6c8b5004decc99f957045dd710a9c00bba3c74f6f0f96676a5cc0468ac
f6fb1bc5d7770ad08063e186762a7e85d86f7aa4396fd9a4606f60b37f3dfc8c
f710c2b11df9cadcb3a6d25a9dc8306172c04ff1d2fa8d96d4019d70833f695d
f89e31fffc0258bb7b05dad19cbdb0f3710d2c97f6948afb3ec27b33955e5f68
f8f2f28a6dbef1eec050759f337a3d3f2761a10fc1f67986871f75768389b75d
ff3e70d999011811ca12f026ea2049b656892beeae7e81daac92048f822b35ad
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
ffc55f9774cf25506fcd84f62e1aa3eeda6d69001142cb44d28750b643447f6c

www.au-education.xyz Open in urlscan Pro 142.250.186.147 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

161 Requests

92 %HTTPS

0 %IPv6

45 Domains

57 Subdomains

39 IPs

6 Countries

3993 kBTransfer

6381 kBSize

17 Cookies

4 Outgoing links

Redirected requests

161 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.au-education.xyz Open in urlscan Pro
142.250.186.147 Public Scan

Screenshot
Live screenshot

Full Image

161
Requests

92 %
HTTPS

0 %
IPv6

45
Domains

57
Subdomains

39
IPs

6
Countries

3993 kB
Transfer

6381 kB
Size

17
Cookies

161 HTTP transactions
10 data transactions