promo.libertex.org Open in urlscan Pro
2606:4700::6811:5a0e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Submission: On March 17 via manual (March 17th 2023, 1:54:08 am UTC) from PE — Scanned from DE

Summary HTTP 115 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 55 IPs in 10 countries across 44 domains to perform 115 HTTP transactions. The main IP is 2606:4700::6811:5a0e, located in United States and belongs to CLOUDFLARENET, US. The main domain is promo.libertex.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 29th 2022. Valid for: a year.

This is the only time promo.libertex.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
28	2606:4700::68... 2606:4700::6811:5a0e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	52.222.236.60 52.222.236.60	16509 (AMAZON-02) (AMAZON-02)
15	2600:9000:223... 2600:9000:223e:3200:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	2a04:4e42:600... 2a04:4e42:600::300	54113 (FASTLY) (FASTLY)
1 2	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
1	18.66.97.53 18.66.97.53	16509 (AMAZON-02) (AMAZON-02)
5	2400:52e0:1e0... 2400:52e0:1e00::863:1	200325 (BUNNYCDN) (BUNNYCDN)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2.16.186.242 2.16.186.242	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:2638::14 2a02:2638::14	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	52.50.72.142 52.50.72.142	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	18.66.112.92 18.66.112.92	16509 (AMAZON-02) (AMAZON-02)
1	52.222.236.63 52.222.236.63	16509 (AMAZON-02) (AMAZON-02)
4 5	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1 1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1 2	18.158.7.247 18.158.7.247	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	3.67.0.77 3.67.0.77	16509 (AMAZON-02) (AMAZON-02)
1	185.86.138.154 185.86.138.154	201081 (SMARTADSE...) (SMARTADSERVER)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1 2	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1	37.157.2.234 37.157.2.234	198622 (ADFORM) (ADFORM)
1	185.255.84.153 185.255.84.153	200271 (IGUANE-) (IGUANE-)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1 2	54.171.39.218 54.171.39.218	16509 (AMAZON-02) (AMAZON-02)
1 2	54.220.176.181 54.220.176.181	16509 (AMAZON-02) (AMAZON-02)
1	34.117.157.22 34.117.157.22	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.69.114.229 3.69.114.229	16509 (AMAZON-02) (AMAZON-02)
1	70.42.32.191 70.42.32.191	13789 (INTERNAP-...) (INTERNAP-BLK3)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2600:1f18:612... 2600:1f18:612b:4216:1721:e587:98b8:3e72	14618 (AMAZON-AES) (AMAZON-AES)
1	85.215.5.31 85.215.5.31	6786 (CRONON-BE...) (CRONON-BERLIN-AS)
1	23.45.237.121 23.45.237.121	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.49.84.227 52.49.84.227	16509 (AMAZON-02) (AMAZON-02)
1	54.75.60.155 54.75.60.155	16509 (AMAZON-02) (AMAZON-02)
1	3.18.193.91 3.18.193.91	16509 (AMAZON-02) (AMAZON-02)
115	55

28 2606:4700::6811:5a0e (United States)

ASN13335 (CLOUDFLARENET, US)

promo.libertex.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lib.libertex.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-account.libertex.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-geo.libertex.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.222.236.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-60.fra56.r.cloudfront.net

widget.trustpilot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:9000:223e:3200:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

11442981.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-53.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2400:52e0:1e00::863:1 (Slovenia)

ASN200325 (BUNNYCDN, SI)

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.16.186.242 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-242.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::14 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.72.142 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-72-142.eu-west-1.compute.amazonaws.com

tealium-proxy.libertex.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-92.fra56.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-63.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638:3::c (France) 4 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.158.7.247 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-7-247.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.212 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.85 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.67.0.77 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-0-77.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.154 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.217.42 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.149.231 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.153 (France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.39.218 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-39-218.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.220.176.181 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-220-176-181.eu-west-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.157.22 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 22.157.117.34.bc.googleusercontent.com

matching.ivitrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.114.229 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-114-229.eu-central-1.compute.amazonaws.com

exchange.mediavine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.191 (United States)

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:1721:e587:98b8:3e72 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

criteo-partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.215.5.31 (Berlin, Germany)

ASN6786 (CRONON-BERLIN-AS, DE)

a.twiago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.237.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-237-121.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.84.227 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-84-227.eu-west-1.compute.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.75.60.155 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-60-155.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.18.193.91 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-18-193-91.us-east-2.compute.amazonaws.com

s.thebrighttag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	libertex.org promo.libertex.org lib.libertex.org api-account.libertex.org tealium-proxy.libertex.org api-geo.libertex.org	524 KB
15	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1027	65 KB
11	criteo.com 5 redirects dynamic.criteo.com — Cisco Umbrella Rank: 3747 gum.criteo.com — Cisco Umbrella Rank: 386 mug.criteo.com — Cisco Umbrella Rank: 2753 sslwidget.criteo.com — Cisco Umbrella Rank: 1808 widget.us.criteo.com — Cisco Umbrella Rank: 19285 dis.criteo.com — Cisco Umbrella Rank: 688	29 KB
9	trustpilot.com widget.trustpilot.com — Cisco Umbrella Rank: 4700	93 KB
4	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 214 secure.adnxs.com — Cisco Umbrella Rank: 381	4 KB
4	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 722	101 KB
4	doubleclick.net 2 redirects 11442981.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 76 cm.g.doubleclick.net — Cisco Umbrella Rank: 210	2 KB
3	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 4674 api.omappapi.com — Cisco Umbrella Rank: 4830	43 KB
3	opmnstr.com a.opmnstr.com — Cisco Umbrella Rank: 19556	27 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 147	92 KB
2	360yield.com 1 redirects ad.360yield.com — Cisco Umbrella Rank: 675	854 B
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 201	2 KB
2	casalemedia.com 1 redirects r.casalemedia.com — Cisco Umbrella Rank: 1378	2 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 271	508 B
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	875 B
2	google.de www.google.de — Cisco Umbrella Rank: 6069 adservice.google.de — Cisco Umbrella Rank: 8720	923 B
2	google.com adservice.google.com — Cisco Umbrella Rank: 68 www.google.com — Cisco Umbrella Rank: 2	1007 B
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4452	2 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 607 script.hotjar.com — Cisco Umbrella Rank: 738	71 KB
2	taboola.com trc.taboola.com — Cisco Umbrella Rank: 682 sync-t1.taboola.com — Cisco Umbrella Rank: 1298	430 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 25	20 KB
1	thebrighttag.com s.thebrighttag.com — Cisco Umbrella Rank: 1761	268 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 586	338 B
1	yieldmo.com sync-criteo.ads.yieldmo.com — Cisco Umbrella Rank: 2291	38 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 4551	525 B
1	twiago.com a.twiago.com — Cisco Umbrella Rank: 26976	153 B
1	tremorhub.com criteo-partners.tremorhub.com — Cisco Umbrella Rank: 2451	407 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 676	579 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 756	145 B
1	mediavine.com exchange.mediavine.com — Cisco Umbrella Rank: 1402	880 B
1	ivitrack.com matching.ivitrack.com — Cisco Umbrella Rank: 2674	274 B
1	omnitagjs.com visitor.omnitagjs.com — Cisco Umbrella Rank: 788	235 B
1	adform.net cm.adform.net — Cisco Umbrella Rank: 1337	162 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 354	140 B
1	teads.tv criteo-sync.teads.tv — Cisco Umbrella Rank: 1967	172 B
1	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 582	163 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 515	35 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 317	239 B
1	media.net contextual.media.net — Cisco Umbrella Rank: 591	978 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 305	34 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	185 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 612	394 B
1	t.co t.co — Cisco Umbrella Rank: 507	378 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 619	15 KB
115	44

	Domain	Requested by
25	promo.libertex.org	promo.libertex.org
15	tags.tiqcdn.com	promo.libertex.org tags.tiqcdn.com
9	widget.trustpilot.com	promo.libertex.org widget.trustpilot.com
5	gum.criteo.com	4 redirects dynamic.criteo.com
4	analytics.tiktok.com	tags.tiqcdn.com analytics.tiktok.com
3	a.opmnstr.com	tags.tiqcdn.com a.opmnstr.com
3	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
2	ad.360yield.com	1 redirects
2	dpm.demdex.net	1 redirects
2	r.casalemedia.com	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	secure.adnxs.com	1 redirects
2	ib.adnxs.com	2 redirects
2	dis.criteo.com
2	x.bidswitch.net	1 redirects
2	a.omappapi.com	a.opmnstr.com
2	dev.visualwebsiteoptimizer.com	tags.tiqcdn.com promo.libertex.org
2	11442981.fls.doubleclick.net	1 redirects tags.tiqcdn.com
2	www.google-analytics.com	tags.tiqcdn.com www.google-analytics.com
1	s.thebrighttag.com
1	beacon.krxd.net
1	sync-criteo.ads.yieldmo.com
1	ad.yieldlab.net
1	a.twiago.com
1	criteo-partners.tremorhub.com
1	simage2.pubmatic.com
1	sync.outbrain.com
1	exchange.mediavine.com
1	matching.ivitrack.com
1	visitor.omnitagjs.com
1	cm.adform.net
1	eb2.3lift.com
1	criteo-sync.teads.tv
1	sync-t1.taboola.com
1	rtb-csync.smartadserver.com
1	match.sharethrough.com
1	pixel.rubiconproject.com
1	contextual.media.net
1	cm.g.doubleclick.net	1 redirects
1	adservice.google.de	adservice.google.com
1	ajax.googleapis.com	a.omappapi.com
1	widget.us.criteo.com	promo.libertex.org
1	sslwidget.criteo.com	1 redirects
1	www.google.de	promo.libertex.org
1	www.google.com	promo.libertex.org
1	adservice.google.com	11442981.fls.doubleclick.net
1	mug.criteo.com	promo.libertex.org
1	api-geo.libertex.org	lib.libertex.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.facebook.com	promo.libertex.org
1	script.hotjar.com	static.hotjar.com
1	api.omappapi.com	a.opmnstr.com
1	analytics.twitter.com	promo.libertex.org
1	t.co	promo.libertex.org
1	tealium-proxy.libertex.org	promo.libertex.org
1	dynamic.criteo.com	tags.tiqcdn.com
1	static.hotjar.com	tags.tiqcdn.com
1	trc.taboola.com	promo.libertex.org
1	static.ads-twitter.com	tags.tiqcdn.com
1	api-account.libertex.org	lib.libertex.org
1	lib.libertex.org	promo.libertex.org
115	61

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
www.tiktok.com
twitter.com
www.youtube.com
www.facebook.com
app.libertex.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-29` - `2023-05-29`	a year	crt.sh
*.trustpilot.com Amazon RSA 2048 M02	`2023-02-02` - `2024-03-02`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M02	`2023-03-01` - `2023-06-16`	4 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-24`	2 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
a.opmnstr.com R3	`2023-02-27` - `2023-05-28`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2022-07-04` - `2023-08-05`	a year	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2023-03-13` - `2024-04-12`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-09` - `2023-06-03`	3 months	crt.sh
tealium-proxy.libertex.org Amazon RSA 2048 M02	`2023-02-09` - `2023-10-05`	8 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
a.omappapi.com R3	`2023-02-27` - `2023-05-28`	3 months	crt.sh
api.opmnstr.com Amazon RSA 2048 M01	`2023-03-01` - `2024-02-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-03-02` - `2023-05-25`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M02	`2023-02-10` - `2023-08-12`	6 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.3lift.com Amazon RSA 2048 M01	`2023-02-10` - `2023-06-11`	4 months	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-05-18` - `2023-06-16`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-21` - `2023-07-21`	a year	crt.sh
itm.ivitrack.com R3	`2023-02-03` - `2023-05-04`	3 months	crt.sh
exchange.mediavine.com Amazon RSA 2048 M01	`2023-02-11` - `2023-08-04`	6 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2022-11-06` - `2023-11-28`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.tremorhub.com Amazon RSA 2048 M01	`2023-02-22` - `2024-03-23`	a year	crt.sh
*.twiago.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-28` - `2023-12-29`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-15`	a year	crt.sh
*.ads.yieldmo.com Amazon RSA 2048 M02	`2023-02-10` - `2023-07-01`	5 months	crt.sh

This page contains 7 frames:

Primary Page: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Frame ID: 72C0B61D74BBB93DCC35CE3ABE8E5E20
Requests: 76 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc
Frame ID: F4E02CDF06ED792E83AFDBF560E02B6B
Requests: 8 HTTP requests in this frame

Frame: https://11442981.fls.doubleclick.net/activityi;dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469
Frame ID: 5CB9AB9A356970E23CA402AE4C0B82B7
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=promo.libertex.org&origin=onetag
Frame ID: 3C48120F14039DA17C1F3BD8515E4170
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469;~oref=https://promo.libertex.org/
Frame ID: 020EA0B89C7AB553552B5E1C6BFC3BA3
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469;~oref=https://promo.libertex.org/
Frame ID: 156ED617325BF0F6EA07D38551F378F3
Requests: 1 HTTP requests in this frame

Frame: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-N25wvB_g1Nr8s7GWbbWisq2mHfBLy8F-V5Iwpg&expires=30
Frame ID: 964265F746B10145ACF834A7050797AE
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Vemos Crypto en tu Futuro

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

115
Requests

90 %
HTTPS

28 %
IPv6

44
Domains

61
Subdomains

55
IPs

10
Countries

1126 kB
Transfer

2618 kB
Size

56
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.instagram.com/libertex_latam/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@libertex_latam

Search URL Search Domain Scan URL

URL: https://twitter.com/libertex_latam

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/LibertexLATAM

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Libertex.LatAm

Search URL Search Domain Scan URL

URL: https://app.libertex.com/
Title: Continuar

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://11442981.fls.doubleclick.net/activityi;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469 HTTP 302
https://11442981.fls.doubleclick.net/activityi;dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469

Request Chain 75

https://gum.criteo.com/sid/json?origin=onetag&domain=libertex.org&sn=ChromeSyncframe&so=0&topUrl=promo.libertex.org&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=KIvVJnxhNTZ0OThINnFJOE9PM2hrSkNSRitKMi9hbGtseXpOWVdLWXU1TUFYcWRUTDVNQ2hocndoTzR1YlQrRktXMVduR0FWUnJjelhGNnNYOFR0Kzd3QitQL0VxV3R2L0FTc1YvZ0ErTEtpMTYyR0d3ampLYmoxZXBJZ0dqMk0rQ3I2S0tzK1lSWUxVMXFPZkprSG5ZWXgrWWh5RGVBL1JPbC9iRTQ2RkdWaGZIVG1JcWlnYnJRZ243K0NYTXowbFg5YTdzei9xRVRJK1lZY1Nxb2JtMklESGZoVUFtRjNUcllVdmkvVXhJL0FUcnNoMHIrRnJYUjA2aHV6Yk4yK3ZzV3pBNXMzNXZBMjhyZU4zeThxQkZiMVcwdz09fA&cppv=2

Request Chain 85

https://sslwidget.criteo.com/event?a=%5B101568%2C61968%2C61966%2C101569%2C61967%2C101570%5D&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Ddis&adce=1&bundle=AVnzxF9qU0NYMktZN2RFVDI5cmRFbjd5SXRlREtMcFI3YXVkMXpEUCUyRmpjcjY2NnF0T2YyZG9WSXlDJTJGOTFLU1MlMkJsSElvSWdxa25DTkRUY3p5VHd1TExUeFAzM1FoaXdLOEhDaGFNbEhqYmlMdjBHb3BEOHRPJTJGRmtaeHBVWml2REJYOExIZGZWeTU0ejBtZ2k3b3EyRzR3UXlYdyUzRCUzRA&tld=libertex.org&dy=1&fu=https%253A%252F%252Fpromo.libertex.org%252Flp%252Fes-lm%252Fcryptominer%252F%253Futm_country%253Dlm&dtycbr=35428 HTTP 302
https://widget.us.criteo.com/event?a=%5B101568%2C61968%2C61966%2C101569%2C61967%2C101570%5D&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Ddis&adce=1&bundle=AVnzxF9qU0NYMktZN2RFVDI5cmRFbjd5SXRlREtMcFI3YXVkMXpEUCUyRmpjcjY2NnF0T2YyZG9WSXlDJTJGOTFLU1MlMkJsSElvSWdxa25DTkRUY3p5VHd1TExUeFAzM1FoaXdLOEhDaGFNbEhqYmlMdjBHb3BEOHRPJTJGRmtaeHBVWml2REJYOExIZGZWeTU0ejBtZ2k3b3EyRzR3UXlYdyUzRCUzRA&tld=libertex.org&dy=1&fu=https%253A%252F%252Fpromo.libertex.org%252Flp%252Fes-lm%252Fcryptominer%252F%253Futm_country%253Dlm&dtycbr=35428

Request Chain 88

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-N25wvB_g1Nr8s7GWbbWisq2mHfBLy8F-V5Iwpg&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-N25wvB_g1Nr8s7GWbbWisq2mHfBLy8F-V5Iwpg&expires=30

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-aKGnax_g1Nr8s7GWbbWisq2mHfAUUp0PM9q5zQ&google_cm&google_hm=ay1hS0duYXhfZzFOcjhzN0dXYmJXaXNxMm1IZkFVVXAwUE05cTV6UQ HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-aKGnax_g1Nr8s7GWbbWisq2mHfAUUp0PM9q5zQ&google_gid=CAESENQ7vhc47O5pMIE7zIBmHSI&google_cver=1&google_ula=913071,0

Request Chain 90

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=176044757658704635

Request Chain 91

https://secure.adnxs.com/setuid?entity=52&code=k-Wt5EOR_g1Nr8s7GWbbWisq2mHfB6iJIX5s8d_A HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-Wt5EOR_g1Nr8s7GWbbWisq2mHfB6iJIX5s8d_A

Request Chain 99

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-QuebnR_g1Nr8s7GWbbWisq2mHfCFYzy7UW9bww HTTP 302
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-QuebnR_g1Nr8s7GWbbWisq2mHfCFYzy7UW9bww&verify=true

Request Chain 102

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-BPyVqx_g1Nr8s7GWbbWisq2mHfA8gzzYqknBiA HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-BPyVqx_g1Nr8s7GWbbWisq2mHfA8gzzYqknBiA&C=1

Request Chain 103

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=9gT8lNclmOvUWRsVXD9syb2ZirB3hH0F HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=9gT8lNclmOvUWRsVXD9syb2ZirB3hH0F

Request Chain 104

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-kW1_zx_g1Nr8s7GWbbWisq2mHfDO7LKYhg46Gg HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-kW1_zx_g1Nr8s7GWbbWisq2mHfDO7LKYhg46Gg

Request Chain 113

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=T3WQ5f7s-vOOOO8O2GiHHow0ZUEzg-wf

Request Chain 114

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP 302
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=kxHYd4t2_K72mpMGuxUqGy5bNWGYf1bZ

115 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
promo.libertex.org/lp/es-lm/cryptominer/ 12 KB
4 KB 197ms
60ms Document
text/html 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 398a30ed1880e1cd45e49f51e73ebe8e4e71e0023d6b22ed04b01ce5ef954202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7a919b11dc3b365f-FRA
content-encoding: br
content-type: text/html
date: Fri, 17 Mar 2023 01:54:03 GMT
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
vary: Accept-Encoding
x-amz-id-2: f6SgY04dnz7tM5rmIQtdYV9nLqxf9R9W1yQcyliUtYIoOt6DitKNbsYtYX5mtynBUyZqg2ETjsc=
x-amz-request-id: R0J12TABSGXNN0H0

GET
H2 200 main.css
promo.libertex.org/lp/es-lm/cryptominer/css/ 44 KB
11 KB 97ms
96ms Stylesheet
text/css 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66a7d4f7044abb2f8c0520db0144b782b69cdc0edd069da6274112c99c909903

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0JEEP2BZSG73632
etag: W/"1f19d6853821c1757290d9405317736b"
vary: Accept-Encoding
content-type: text/css
cf-ray: 7a919b124ca2365f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: O3hMkhPTG6NbFq2Rv4K+WctE590Vbrrb7oJW5MzBDjYSBAAnb8sTA1gV8SN54eLT+r8bV/MJxx4=

GET
H2 200 tp.widget.bootstrap.min.js Show response
widget.trustpilot.com/bootstrap/v5/ 19 KB
6 KB 38ms
7ms Script
application/x-javascript 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-60.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f3496bc7c277d917d35553c46ed1597a86065494cac582e42a3a1d55aedef7fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Mar 2023 00:48:30 GMT
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 3934
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 6124
x-xss-protection: 1; mode=block
last-modified: Mon, 30 May 2022 14:38:02 GMT
server: AmazonS3
etag: "5add60196e5f96a414fb4b9586764e5d"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: H8zKp1dk3gkTu16gq88qmYLAYD0C8VujuJQt22gGFZjIpsphpiSajQ==

GET
H3 200 libertex-logo.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 2 KB
1 KB 89ms
88ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/libertex-logo.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8d996aaef7fdc50c9810ac57a888b1159cf0e6a120de463f97af9b726190b96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0JE6KDMJ45640P8
etag: W/"72bf39af25d30fbfcfc446f05af4a309"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b12e920bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: tRndMbim0DlPx0BucRq6R8s3VO7DK44uFV8hRfXzrYaoHpbE2FsHLzel6oNxypxRkejFfKmIXrE=

GET
H3 200 libertex-logo-mob.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 2 KB
1 KB 92ms
90ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/libertex-logo-mob.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 207c2f634d72abaa19fe4aed2b4db9d497f74136f99c2ee8a7433b85c6787ddd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J1957RNAS0W2SN
etag: W/"c2a75948d3ea441877ad0db97c48de59"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b12e922bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: wwrbD12VQixmwNXFLRM5CmBlk+tEmlj3Jyg6gPKhw0AcqtWiHPu2kZWJjbICIssDagliWZsPclc=

GET
H3 200 hero.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 213 KB
213 KB 93ms
90ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/hero.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b734d672246042ba60ac925eaf67164636d70a86bab1abf30c43438fb77d347d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J7N7056NA1XJBR
etag: "1e62928b61921374fd69944f61aa575e"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e923bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 217991
x-amz-id-2: wcfzyXNgM0M71o6c6HK03IAT9nCPAPYTDOEdRyUKdEYWY4xnAlgXdBsnCeqHd1vpv737NaTu7g4=

GET
H3 200 why1.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 9 KB
9 KB 122ms
119ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/why1.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1cc15b57ec56e9930e95828f0ff9d65045b18b214cf118a73f64199071cafd41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J7Q5PYFT5YVZ0G
etag: "66c584ee597d3251f01d2d269a78fa69"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e925bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9207
x-amz-id-2: lFqZfPiuGqsC8lSKBZBpbHYnMBV2HkfK7Cw4hRkWxZGJcHhFO+Dd3ZOExaItrt7eWxCu7l0A72E=

GET
H3 200 why2.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 13 KB
13 KB 122ms
120ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/why2.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1bca0a61f8ce6859e94b22c592b4b82b48ce40997aff9c6200a1985c4057e89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J2VFYBFY5DA463
etag: "08f312667ca8daac53c401a49c46729f"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e926bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12809
x-amz-id-2: /2UAup1Kh5idA7uJu6K8c8cLdJ/0NNs4IWh/vkFEoLJyAhLKJI6gYz7J+Xk++Wx767PXICjAGEU=

GET
H3 200 why3.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 13 KB
13 KB 122ms
120ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/why3.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4adc276f55e1e84a2f912e31e4dd94f54242b7be8be4be8ccb873cfadd63e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0JEXBYF2932T4BK
etag: "f9f449d1e2a14b5f3d37887fa19fc1a0"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e927bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13144
x-amz-id-2: sLlIjDdCBhM8ypmM0XSrnSXBNePOPulYpWSLqHAvbIW6lBeVlu9AqMRTwyhqzKdLVWYzeO+Dk0I=

GET
H3 200 miner1.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 6 KB
7 KB 125ms
123ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/miner1.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a649e958f5d88e8323873e007aac43e1c238278fc48dba97d96475aa557e31dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J0R5NFMG8RX9D4
etag: "76d76b6c3061ef7db5764c3e9504fbb9"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e929bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6446
x-amz-id-2: 4f2G5wwwBO52UjtmXuK2Wx40SyTPj87wGCgw+TBhk8g8iMjQmj+XvrglIgHKjDwFrUpWS8v9eUg=

GET
H3 200 miner2.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 11 KB
12 KB 74ms
72ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/miner2.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa43073d3bea10c7d362f7c588b9355711218aea39736e5b189d7abc89ac4d07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J64Z3H66ZKW4NQ
etag: "8441c77e2e1d07e1b45ab449bca4dcc0"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e92abb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11747
x-amz-id-2: BnHhz2NnppOT8lzcJ3IXlrUzbyp7XlnCjwrof2B8KdNMVEGUvcwUgRFQLE+bgVrkyJ0o3R+WDvk=

GET
H3 200 miner3.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 5 KB
6 KB 90ms
87ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/miner3.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee3d7a3b9e134f13b898d2f6ba407e2d797e1e846d86e3a1c17b64f05569236c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J234MJVWKY4CB8
etag: "de922ddcb3304e9b59a1552ab309d1c1"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e92cbb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5429
x-amz-id-2: 6+UEkVrk3iOalkX9w3FkU60eO5jZ2eTLEqEC7TuZHfrla12JPTBQ9EWyJcpm2R5MVAklBNJ6H/U=

GET
H3 200 join.png
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 22 KB
23 KB 127ms
124ms Image
image/png 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/join.png
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54a898a4a6eed430489e568943b411780f28ba4d843a9756dc9f2f6d6d0a798a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J7VTVE881MCDQ9
etag: "8acd63032a472500dde279354f9c3b06"
vary: Accept-Encoding
content-type: image/png
cf-ray: 7a919b12e92dbb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22930
x-amz-id-2: qmaQ5pOkY/m6H79Kvl1oyYGyk7tl0pX4qaQ6dVHxaXEj6JEInHohUdHk875ZeBfhGZEQFUPWPVE=

GET
H3 200 bottom-logo.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 5 KB
2 KB 60ms
58ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/bottom-logo.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6026b0d6d8b2e685102c0d737801eb53fae04e658c87fc17e6794cccd2f55bf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J2XEADJDYWJR4F
etag: W/"3cc8eb23c5cbdd869283b97831f9401c"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b12e92ebb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 2ByQTZihTQ3ZbgqC4USLgurW6sKsk9im9QyyrbR2+CivMDvYo/u3CLbVxKIQt2Zy1RYOwTv393g=

GET
H2 200 landing-api.min.2.2.2.js Show response
lib.libertex.org/landing/js/ 74 KB
24 KB 148ms
105ms Script
application/javascript 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lib.libertex.org/landing/js/landing-api.min.2.2.2.js
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: facf08c34d30087f6e5280647dbfedc416da8be80594547d3e3ff23fe2ab28e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 25 Nov 2021 10:54:30 GMT
server: cloudflare
x-amz-request-id: R0J8FFRHQEGFW1C9
etag: W/"882bba95952c9d849e36f426d7379554"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 7a919b12cd28365f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 0ReNVvJUR6zpiqghSjYxo7kqpL7d7VvpL2dDZO7w6TAUrb/XCjxKjzaQa6AdU4riODP+gaz4RVs=

GET
H3 200 interface.js Show response
promo.libertex.org/lp/es-lm/cryptominer/js/ 3 KB
1 KB 77ms
77ms Script
application/javascript 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/js/interface.js
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460d588d068264d104737e3ee1847ed3235fe0182d113e2100d452c5ef458edc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J6KGER0SVDQTT7
etag: W/"b5a56745eb4dce86ba94f69c0d8f5eb0"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 7a919b12e91dbb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: jKNkEallMsrmPaOiuEIt6ycj+ak+LgMcph7I8zRhBRmcUsFDq/URyxaaY7Ykpumf+rC1owpht3U=

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 198 KB
30 KB 54ms
8ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6916caa27ed9415578e20a90d40163590023ffa5d6f0bb78c7e4deb254d45fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: AmYil16P0S9UhHcDNQ2gQ.a31DyOFhfc
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:51:44 GMT
last-modified: Wed, 15 Mar 2023 13:28:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 146
x-amz-server-side-encryption: AES256
etag: W/"151f49f67df0f64cd2c699b70fec1415"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: QZ5haWR2seNSxMnkTtNe0jEISBHysA738-O1VdcfP53RvjULXLSWKw==

GET
H3 200 herp-bg.jpg
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 18 KB
19 KB 126ms
125ms Image
image/jpeg 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/herp-bg.jpg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e0fafc9b119fd349264c2847aec0c0e6d21654049a7f99d7727075be163fafa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J2RZ84HF8NDF5M
etag: "9fe1f0a2cb55a935830976fdb8dec4ed"
vary: Accept-Encoding
content-type: image/jpeg
cf-ray: 7a919b12e92fbb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18789
x-amz-id-2: XkwsQx2UrY89gHftfSbBrH5M/fehdXcSRGyXgTddwWaifLhiQrKlqJX8tnw8mZEbsE1eGkG7zkQ=

GET
H3 200 plus.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 253 B
504 B 127ms
126ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/plus.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba39f6b007a5a321955fafd442d2828b0c48e31a12da0728d5ff776b5e7209e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J2SGHXGQDJZ8FA
etag: W/"9e4c950bcfd03558254a319a416a4eb8"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b12e930bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: hhqyY3YLE+YWKV0cewbIzbMz18n9nuJ+VNGeJ4fUQXor+gRN8eQmbVnbS74Nru/Ck/fXCzBTiLY=

GET
H3 200 join-bg.jpg
promo.libertex.org/lp/es-lm/cryptominer/img/content/ 15 KB
15 KB 127ms
126ms Image
image/jpeg 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/content/join-bg.jpg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7c56d672b5cae5f936dddc190ea85542c6a68e59d9a4dd1be596ce8eb2a8e3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J0N9P308X3KGFB
etag: "a25dc8506ac5e40ae9dc1fca8f3aea44"
vary: Accept-Encoding
content-type: image/jpeg
cf-ray: 7a919b12e931bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15127
x-amz-id-2: xByLebfl+vECrwumynhldSs7CHelsQtbAvvFSnIfbW2h447WKHxKyNhfMMOafNJA80+rPJ64l+M=

GET
DATA 200
OK truncated
/ 279 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: efb4386474d27a0ab69f21348cc6f6d3817ea83dbb8382bdb947cb5b4a857306

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 mont-semibold.woff2
promo.libertex.org/lp/es-lm/cryptominer/fonts/mont/mont-semibold/ 42 KB
43 KB 59ms
59ms Font
binary/octet-stream 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/fonts/mont/mont-semibold/mont-semibold.woff2
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e377670313d0df5aea0827e47e513ec1faf566945296b9e50b2eca7c1e048527

Request headers

Referer: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Origin: https://promo.libertex.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J5KWA6B9ZE9PR3
etag: "a22974a265089b8d96a0b9969289e444"
vary: Accept-Encoding
content-type: binary/octet-stream
cf-ray: 7a919b12e932bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43364
x-amz-id-2: Aq3Vxb6axGD5hl97K48DAtKrJwsSg2ujlU0U8rek97Cj6SDcSsTAtxtn2ba1BXDBfzSXwWyJWKY=

GET
H3 200 mont-bold.woff2
promo.libertex.org/lp/es-lm/cryptominer/fonts/mont/mont-bold/ 42 KB
42 KB 73ms
72ms Font
binary/octet-stream 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/fonts/mont/mont-bold/mont-bold.woff2
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d9e0e4b6636bab12f4f0e583c231a6504e0d243c57774554c1397a43ab292c5

Request headers

Referer: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Origin: https://promo.libertex.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0JEE4HHR6TT80DN
etag: "22d74a57af7e4c8524c6cb27cb37cfca"
vary: Accept-Encoding
content-type: binary/octet-stream
cf-ray: 7a919b12e934bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42992
x-amz-id-2: wS1pfdEs9Q8ezG8CsBxOg8SXtO+ofW0pNUbUoYW3FYGsXR7yX2tZSN638r39dzKRd8m9e6jqRF0=

GET
H3 200 mont-regular.woff2
promo.libertex.org/lp/es-lm/cryptominer/fonts/mont/mont-regular/ 41 KB
41 KB 130ms
130ms Font
binary/octet-stream 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/fonts/mont/mont-regular/mont-regular.woff2
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51b613344f05c6eb7fab6733e8ec2d10a2a0b2ec981e1c4647416d60eac72a81

Request headers

Referer: https://promo.libertex.org/lp/es-lm/cryptominer/css/main.css
Origin: https://promo.libertex.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J98BQA12BAASVB
etag: "bdcff66d9e4d966e3a3e9627056046ff"
vary: Accept-Encoding
content-type: binary/octet-stream
cf-ray: 7a919b12e936bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42020
x-amz-id-2: lQyooswPMJ3hUusdU4TusUo2kdTjInIe9iFV+d2O8n+X+pmZPVGtAeRp2MWDiVZ8DcXSyZGN4Eg=

GET
H3 200 instagram.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 2 KB
1 KB 117ms
116ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/instagram.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0ed094938010c59d84ad0a2b511cad9c6a7c932b5b9c278a818247fa374d43c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J9KDXE85AEZEBA
etag: W/"5d6faf973fc4a56a706d8a9775b4ee9f"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b130945bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: PdGGgW2C/C4IRMwlyrtoeaI2lZgQ5h1nashevSuc3pu2QD1p95+rxMCIxmibWGORefcCySgshhE=

GET
H3 200 tiktok.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 502 B
644 B 118ms
116ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/tiktok.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1e538805a70b6a9a1354ab8f8faea11eb48f668b14c6d2a62ee7670fadb23f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J7NQV9V7XY34Y6
etag: W/"0f05b2dfb886ae1de90b0dbf58e1e7bc"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b130947bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: +k90i/P/sg2Dm/R1x2wqfVjYggIWxFpC0rPtfow3U81E94Ke0KlDMvpxTPUxP7zcB15POlDP/kg=

GET
H3 200 twitter.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 545 B
638 B 118ms
117ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/twitter.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 872725ab6b75dd0925eb710226bf897dcccdefd630fcc954f3e73482ffebd750

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J0W7MQEESRXAKG
etag: W/"93cb9468732f6452334135f44080d206"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b130949bb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: OkMKwg2SHOw9mSVfPHIb/rcPWVccJIlTpmkXEpZh+9zXvx66HIe8EUcmIhsSJdOjDbC8X3FsL0w=

GET
H3 200 youtube.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 630 B
680 B 119ms
118ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/youtube.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08509a4fede4c03053224282a6674e035fd2db88534102f7fedb8e11b1d48aa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0JE111KXPB9ZKBZ
etag: W/"f950efcf23d132f1d03cd7a420ca44df"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b13094abb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: 0MRfqbH1KGsq4dufQ/2cm9andzmMoUjp5Qw2a5plbFefPduUX2QlW9WFmnyShpQnqxYFVf+3kME=

GET
H3 200 fb.svg
promo.libertex.org/lp/es-lm/cryptominer/img/svg/ 688 B
681 B 119ms
118ms Image
image/svg+xml 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promo.libertex.org/lp/es-lm/cryptominer/img/svg/fb.svg
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a113ab6cc8a7250b61cec8260394039a2f7b8dbfc10c4819ef4b9d42910e37ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Wed, 15 Mar 2023 12:03:06 GMT
server: cloudflare
x-amz-request-id: R0J6D1W9B5JFVP51
etag: W/"ae5ab6fb3513e19c11ef1a9adae6ea6d"
vary: Accept-Encoding
content-type: image/svg+xml
cf-ray: 7a919b13094bbb9e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: WvckXTT2Rj8ynZY55myaGlb+tnCSOzz5jH7x77v4JO3/81gO3fyFNxvlMyH59RgzNEDyh5oRMcE=

GET
H2 200 1d748c70657620f9a1eb00240cb4bc6c72fed247 Show response
api-account.libertex.org/v1/init/ 4 KB
2 KB 301ms
216ms XHR
application/json 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-account.libertex.org/v1/init/1d748c70657620f9a1eb00240cb4bc6c72fed247?sdk=javascript&v=1679018043510
Requested by: Host: lib.libertex.org
URL: https://lib.libertex.org/landing/js/landing-api.min.2.2.2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 614297c60bfbff53402a037bf213a400949f868262ae6a410e2ffba16a56da0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
cf-ray: 7a919b147a1437f2-FRA
access-control-allow-headers: X-Forwarded-For
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/ Frame F4E0 8 KB
3 KB 11ms
10ms Document
text/html 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-60.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

85856354a51b4bbd2fb9d9b290bb98355b86fb4a9a91e9ee58afe6dcf2d4ce84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo.libertex.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 71348
cache-control: max-age=86400
content-encoding: gzip
content-length: 2109
content-type: text/html
date: Thu, 16 Mar 2023 06:04:56 GMT
etag: "991f71c8583c65f71143c6e83300ea2e"
last-modified: Tue, 04 Oct 2022 10:32:17 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
x-amz-cf-id: G_K32tsE42S8igDUYYp-vBtWnOWTyhnT3Gu4h7-P8ITX_YGcuv0hcQ==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 utag.505.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 20 KB
5 KB 13ms
12ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.505.js?utv=ut4.46.202102051128
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 19ac3e6d88621d17d25c7328e96294010e7cf251177b0889788c702fe7695560

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: y3ee0z0XijktwQxDZqdQFG6YAb7DsZ01
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:18 GMT
last-modified: Wed, 15 Mar 2023 13:28:31 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 256
x-amz-server-side-encryption: AES256
etag: W/"4e92f65bec90438793beb3caa0cfe1b4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: BhPsijChiZWUkT3ljNqCC3y_vN3GyIxBk25wQWjddOsywk2dq1IjZQ==

GET
H2 200 utag.484.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 1 KB
1 KB 13ms
11ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.484.js?utv=ut4.46.201611111701
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1ad35a1e22850c367135754b2204a9c5e2ef26aa72df2da4d1e082a479104078

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: BJbyIBAF8VKFaCA7iEcKSE_dxe_fDhpk
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:19 GMT
last-modified: Wed, 15 Mar 2023 13:28:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 104
x-amz-server-side-encryption: AES256
etag: W/"1e999e2242a4a5b7f6a0ebef741d0257"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: RCfsFMb8hlZC29bDeua69FomoCqlM1deiWsIRFqnx4B8A2h6Aec8fg==

GET
H2 200 utag.503.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 9 KB
3 KB 15ms
13ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.503.js?utv=ut4.46.202111081405
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 598040c6a1a93b5e1363849a2bc28037bbf0bedba6959e7de45f634a26f84c07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: uKmRDaJnyAXM98uhGIiQQ46u43pM4TpR
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:20 GMT
last-modified: Wed, 15 Mar 2023 13:28:30 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 104
x-amz-server-side-encryption: AES256
etag: W/"5a11f463a0bcf07b8170e369cddabbcd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 9KPGeHPDrBQ3WnAqI4sWNsrJC-8m-xVWuyVTmFJDUAy4gflEY0kmNg==

GET
H2 200 utag.596.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 7 KB
2 KB 18ms
16ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.596.js?utv=ut4.46.201907011259
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96407784027005ef2d06ff62da38035d0102512299eb1c75f92e1e94ad1ec9a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: lec83I88YFOIzyWw44rb.OgqqWSkk71_
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:51:47 GMT
last-modified: Wed, 15 Mar 2023 13:28:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 142
x-amz-server-side-encryption: AES256
etag: W/"d1c89ebc1be5146f08890481ba4c8dfc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ZTRrePQEqM0EaOAZoRppJAxetSebsf3MMVtIoVROmSMUJ-8mbguM_g==

GET
H2 200 utag.541.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 3 KB
2 KB 19ms
17ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.541.js?utv=ut4.46.202110191449
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 686eae8618dbda16f40762d171a6162b2bbf607ffb162af43a3c14c1ff27d070

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: noUjRdSTbYDIXMR3.D8Vq7ULRHyo2yaj
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:19 GMT
last-modified: Wed, 15 Mar 2023 13:28:28 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 255
x-amz-server-side-encryption: AES256
etag: W/"feebbe5b25944a9e0c62a162cae27c8b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: _igzhJgE32JPdNKBHZDWf5-fOco4YejXCNXCeX12eTh-hAEEJTqf5A==

GET
H2 200 utag.548.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 10 KB
3 KB 19ms
17ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.548.js?utv=ut4.46.201804170814
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f25b70045da9c2612329226b425d7aa898eb2cdfd6ae8aa308d9e143cd49f8e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: KADtThYtPY2F6XE2giHZk4i5Vr1f2wUL
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:19 GMT
last-modified: Wed, 15 Mar 2023 13:28:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 256
x-amz-server-side-encryption: AES256
etag: W/"72ca5c4e6d184a223e789f70e8bd2904"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: lSl5fnUEb3Pf_6mfsSwBAJsSkozm-67MAuyKcsCXCIR-sEpFP2RAFA==

GET
H2 200 utag.607.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 4 KB
2 KB 19ms
17ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.607.js?utv=ut4.46.202201100844
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 14a24aadb74b89821d28aae36752b158c634255a341f8f176d400a1c10704e8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: dRgJYhB541mH6fcxbklMh_JUEONoYdyk
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:51:47 GMT
last-modified: Wed, 15 Mar 2023 13:28:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 184
x-amz-server-side-encryption: AES256
etag: W/"387aa2557f26fccaba6d4cc7729ee733"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: mmaRjeEeRyNk_Dhpyz-uxtw7A6GoaEzj08YRAeXszvq56TaLRDsKEA==

GET
H2 200 utag.654.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 3 KB
2 KB 20ms
18ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.654.js?utv=ut4.46.202010010807
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cde6f92f76606e8f3b1b8a3603259055a100d1b23ca23d399c537d2d7b6313e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: lfhRxOhDM6JsNTC6hP2wwNri5EnEKZKW
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:19 GMT
last-modified: Wed, 15 Mar 2023 13:28:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 256
x-amz-server-side-encryption: AES256
etag: W/"c9f82fd68cb56c68f7e177b282241e93"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: m03wU5OxUpk8g8_Ceugm4Z-8due9ZVWOfH3JwGommg0xPgpFx5RzFQ==

GET
H2 200 utag.657.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 7 KB
3 KB 19ms
18ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.657.js?utv=ut4.46.202301261304
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0ab3a41bbc2f4945e9386a48b633c0d7d27b4ffe35791df906370664a883646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: 45glRVufnVe6kpd9.pxGBG.x90tz4vag
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:19 GMT
last-modified: Wed, 15 Mar 2023 13:28:28 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 218
x-amz-server-side-encryption: AES256
etag: W/"c3dbf1e12f6ed49ac29f82edf92b4764"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: L7lAPQ975UJ58FxcUt4-ft1uldobZiiWrpolqbLeuPf6Y8px1IYfbg==

GET
H2 200 utag.692.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 4 KB
2 KB 20ms
19ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.692.js?utv=ut4.46.202110210846
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9b097e918167b52525410a34929c2d1d5ee51ca498c64e67c2ca4cd8a7409fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: _n.J9vhkU2tvhj_CGicSEui7qV6Hexn5
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:51:54 GMT
last-modified: Wed, 15 Mar 2023 13:28:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 218
x-amz-server-side-encryption: AES256
etag: W/"79d8dff5dbfa5d404a626cf67dffa396"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: skAb-qfqbHt2o1cj-KUi8bYXEaujyufx8xdwdj2HaT-7XO3RBYFryg==

GET
H2 200 utag.705.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 16 KB
6 KB 23ms
21ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.705.js?utv=ut4.46.202205050828
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d762b4cda191b58cf5cf8a9d0ee788f11d8e9997a273cd62c249628878a94e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: PPDN6Vuj5Y.XBC9Axk4cxtynUAcxgmkF
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:19 GMT
last-modified: Wed, 15 Mar 2023 13:28:39 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 256
x-amz-server-side-encryption: AES256
etag: W/"254a7a80352d583c5e29935ea6136317"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ZSLqfwLoUWZBr2xMA84UwGj1AGuTP3GiJ0aFHB8IfJ8R2ktY1LTotw==

GET
H2 200 utag.731.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 7 KB
3 KB 23ms
22ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.731.js?utv=ut4.46.202302031206
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdf57cd1cde162432a9f01e1a1c2e5991839bf1afd3dd1998fc44e52e4b1a552

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: jAR__k0HQRQIHY5VMWUnhrt7sG0emNcI
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:54:03 GMT
last-modified: Wed, 15 Mar 2023 13:28:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 154
x-amz-server-side-encryption: AES256
etag: W/"1e4fee1e738c174f663bc3f8996e4a67"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: mbAg7xDF4DjeNkAnOWKJvnesMYJUYasRuoShzmZ2kLPRTPvZOguMZg==

GET
H2 200 utag.746.js Show response
tags.tiqcdn.com/utag/fxclub/main/prod/ 2 KB
1 KB 22ms
21ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.746.js?utv=ut4.46.202301301117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 59418e8a7ccec4b7a4c8bda9b85da0704826751ed2da824336fa1ad9ade97617

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: _GCm5iIPAl839CBQg.O4axFUwBUVIP56
content-encoding: br
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
date: Fri, 17 Mar 2023 01:52:19 GMT
last-modified: Wed, 15 Mar 2023 13:28:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 256
x-amz-server-side-encryption: AES256
etag: W/"8b0d6cdd54d7a2d45ce6b07ff0653329"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jZqqM6M7YxNWCl2v0cnni400Ugpa7tIoLlzy67S8G07jd0SGgKmC4w==

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/ Frame F4E0 52 KB
16 KB 8ms
8ms Script
application/x-javascript 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-60.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

80cf4d4a0fa7dfd8ce546e188fb709b48200951ce93bfc8d3918510c4818f380

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Mar 2023 09:39:27 GMT
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 58477
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 16226
x-xss-protection: 1; mode=block
last-modified: Tue, 04 Oct 2022 10:32:18 GMT
server: AmazonS3
etag: "be304360d5bd0cba7648033665b08a45"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: vk4Cdg0ZXEURKm3kMMHrfuBiA67doHqLb5UX7hn5xLv80oELkVqFKQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 117ms
35ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Mar 2023 00:14:45 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 5958
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Fri, 17 Mar 2023 02:14:45 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 43ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0fca0294cfaf24a4db0852415eee7bcdea7b9766d59e443fb2d5f0c77eb23363

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 17 Mar 2023 01:54:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27907
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: PBsjfCEtGL6P4qdfHhrb+ZPLmAB93Jhlug3j8Rr1jkfns6PwoKnbE8ymdMHSrkvQvd7WlM5yfc+FvlLVcJUcOA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 46ms
6ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.548.js?utv=ut4.46.201804170814
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-hhn-etou8220060-HHN

GET
H2 204 mark
trc.taboola.com/forexclub-sc/log/3/ 0
331 B 40ms
15ms Image
image/gif 2a04:4e42:600::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/forexclub-sc/log/3/mark?marking-type=visitor&item-url=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
via: 1.1 varnish
x-served-by: cache-fra-eddf8230072-FRA
server: nginx
x-timer: S1679018044.607341,VS0,VE9
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2

200

activityi;dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469 Show response
11442981.fls.doubleclick.net/ Frame 5CB9
Redirect Chain

https://11442981.fls.doubleclick.net/activityi;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469?
https://11442981.fls.doubleclick.net/activityi;dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469?

440 B
399 B

47ms
46ms

Document
text/html

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11442981.fls.doubleclick.net/activityi;dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469?

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

cb718ccd7cff66f7eeff301d4a3922f10946d974b41f6af4ef8238e08a9407e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://promo.libertex.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 224
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Mar 2023 01:54:03 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Mar 2023 01:54:03 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11442981.fls.doubleclick.net/activityi;dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 hotjar-898554.js Show response
static.hotjar.com/c/ 9 KB
4 KB 84ms
38ms Script
application/javascript 18.66.97.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-898554.js?sv=

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.53 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-53.fra56.r.cloudfront.net

Software

Resource Hash

550ef428d144ad5458ddd9861ceafac8b3445edfa2ae421a5990f129b5d07a40

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Fri, 17 Mar 2023 01:54:03 GMT
via: 1.1 e44e0b24e706487eaec6b9e01f2166dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/355b5b0d5652b32331c99b6ad3305da1
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: ODVJ18RU1JK0FzQJhSrvERzbyu0mxVObE2z6-4hThwGr02jTbUynUw==

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 50 KB
19 KB 48ms
7ms Script
application/javascript 2400:52e0:1e00::863:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::863:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-863 /
Resource Hash: 50de719051ac450992625c5ff7b3dc8de4a1b2e83be9a088e9e36ab7452e25be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cdn-edgestorageid: 723
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 03/13/2023 19:11:02
cdn-pullzone: 293267
last-modified: Wed, 22 Feb 2023 04:22:31 GMT
server: BunnyCDN-DE1-863
cdn-fileserver: 542
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63f59887-c840"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 786235331cdbcc4b5cb160efedc3a15b
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 61ms
20ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=677842&u=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&r=0.3883149026445647
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.746.js?utv=ut4.46.202301301117
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 69a9afc84c648ca885f44eae9dd4901388d862ea0a2540be2055787425302018

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: gzip
via: 1.1 google
server: gams1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 3 KB
2 KB 193ms
104ms Script
application/javascript 2.16.186.242
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BVJ114SOLA0CA89TMT5G&lib=ttq
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.242 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-242.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: adedb1ed1f21b3369c3db554035c8badce9eba628bf8c7da152591277af4ce8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: a2d1b323.57dfef3
date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a2-16-186-238.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
x-parent-response-time: 94,2.16.186.238
server-timing: cdn-cache; desc=MISS, edge; dur=87, origin; dur=7, inner; dur=3
content-length: 1150
pragma: no-cache
server: nginx
x-tt-logid: 202303170154033A8ACDA018DF294E3575
x-cache-remote: TCP_MISS from a23-220-104-6.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 7,23.220.104.6
x-tt-trace-host: 01ee7bea097beb989b7db387380a3ff2a6d7e500238e5d1c0fd425e7066518b94bdaf28698c4729f36bb57a025a3997145d1dcb1deb6ff6a1669d50b0785aa9564f46829376e8c8366457380b25a9bae7745e18a2759ba0fc8b430e902e9263c083540b8b4729c414394067f70d7c91b24
expires: Fri, 17 Mar 2023 01:54:03 GMT

GET
H2 200 ld.js Show response
dynamic.criteo.com/js/ld/ 43 KB
15 KB 86ms
27ms Script
application/javascript 2a02:2638::14
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=101568,61968,61966,101569,61967,101570

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::14 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

de74ef7b6de5e969d8abe77b93d58ecb3dbda2c3b478ea4dccd37f2d6a6b79a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
412 B 8ms
7ms Script
application/javascript 2600:9000:223e:3200:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=fxclub/main/202303151326&cb=1679018043591
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/fxclub/main/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:3200:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date: Fri, 17 Mar 2023 01:49:54 GMT
via: 1.1 ce765e91525a836efb6bc0a409334a5e.cloudfront.net (CloudFront)
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 250
x-amz-server-side-encryption: AES256
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 2
x-amz-cf-id: vHSU0FbNgudEbodJzvYP65oJLFSIBsRUvZzDxp84yA7J-IjTHbOG5w==

GET
H2 200 /
tealium-proxy.libertex.org/ 19 B
19 B 119ms
28ms Image
text/plain 52.50.72.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tealium-proxy.libertex.org/?t_profile=main&visitor_id=0186ed46280f00694543cafb85f003073003f06b00b08&client_id=&segment_web=a&product_name=&sf_campaignId=&page_system=promo&page_language=es&page_channel=&product_subcategory=&page_dom_url=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&customer_profile_lifecycle=&customer_profile_network=&customer_profile_network_name=&session_id=1679018043408&customer_profile_is_first_launch_open=&customer_cur_account_type=&customer_cur_account_is_deposit=&customer_cur_account_info_code=&customer_cur_account_id=&customer_cur_account_deposit_total_value=&customer_cur_account_deposit_init_value=&customer_cur_account_count_of_deals_total=&customer_cur_account_balance_available=&customer_accounts_info_code=&customer_email=&customer_profile_broker=&customer_profile_business_unit=&icid_sf=&page_referrer_long=&page_dom_referrer=&page_category=&page_environment=prod&event_date_utc=2023-03-17%2001%3A54&event_date=&event_account_name=&event_account_id=&event_ref=&event_currency=&customer_login=&event_value=&event_id=&event_type=&product_category=&customer_id=&page_path=&page_name=&customer_profile_country=&product_id=&fx_visitor_id=&abtest_experiments_name=&abtest_experiments_bucket=&page_loadingtime=&page_loadingtime_tti=&page_activitytime=&mixlib=undefined&ga_cid=undefined&page_type=&client_browser=Chrome
Requested by: Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.72.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-72-142.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-length: 19
content-type: text/plain; charset=utf-8

GET
H2 200 5406e65db0d04a09e042d5fc Show response
widget.trustpilot.com/trustbox-data/ Frame F4E0 981 B
882 B 8ms
7ms XHR
application/json 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/5406e65db0d04a09e042d5fc?businessUnitId=5a1e8d6b0000ff0005b1ddbc&locale=en-US

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-60.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

c19afb25d4e32c9608a18507ffb2cd44bb713f106778f46860d4ef5b575aa2a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 17 Mar 2023 01:35:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 1104
x-cache: Hit from cloudfront
content-length: 451
x-xss-protection: 1; mode=block
server: Kestrel
etag: "556e6dd34b1aa830cc0200e3010d5692"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
x-amz-cf-id: MI00vrPBVuzMVKTmvSkaEWO7D8tj8UuOiSkMXgzbq6Raa5kdTMgf-w==

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame F4E0 0
321 B 39ms
39ms XHR
text/plain 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-US&styleHeight=24px&styleWidth=100%25&theme=light&fontFamily=Montserrat&textColor=%23000000&url=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F111.0.5563.64%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=5a1e8d6b0000ff0005b1ddbc&widgetId=5406e65db0d04a09e042d5fc

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-60.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: ckVo-fEYKm-aUNGbT_093A0GFta2DUu1w_3lr90R4tLHq36zSavmnA==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxView Show response
widget.trustpilot.com/stats/ Frame F4E0 0
321 B 38ms
38ms XHR
text/plain 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxView?locale=en-US&styleHeight=24px&styleWidth=100%25&theme=light&fontFamily=Montserrat&textColor=%23000000&url=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F111.0.5563.64%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=5a1e8d6b0000ff0005b1ddbc&widgetId=5406e65db0d04a09e042d5fc

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-60.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: H_5rVSSsSzT0xeRtPVaEIsVoIuDs6QLtdwRA_LD7m0M-2DeaiuN62A==
x-xss-protection: 1; mode=block

GET
H2 200 montserrat.css
widget.trustpilot.com/fonts/ Frame F4E0 5 KB
5 KB 7ms
7ms Stylesheet
text/css 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/montserrat.css
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 099dbee82bc5da3a74f1ffe461982b51c3b7b951e23912f677d89091de4bcd15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/5406e65db0d04a09e042d5fc/index.html?templateId=5406e65db0d04a09e042d5fc&businessunitId=5a1e8d6b0000ff0005b1ddbc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 05:31:16 GMT
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 14:37:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 73368
x-amz-server-side-encryption: AES256
etag: "7360fedbb670f7675b8ccc934355c686"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 4924
x-amz-cf-id: ebB43LuJe2xzI2tmzvWYmRWk4dAuLY3oHNxbh1pH6KQtmC7cB6oFhg==

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
widget.trustpilot.com/fonts/montserrat/ Frame F4E0 30 KB
31 KB 8ms
7ms Font
binary/octet-stream 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/montserrat/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/fonts/montserrat.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Request headers

Referer: https://widget.trustpilot.com/fonts/montserrat.css
Origin: https://widget.trustpilot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 00:16:10 GMT
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
last-modified: Thu, 29 Sep 2022 09:49:08 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 5879
x-amz-server-side-encryption: AES256
etag: "ac0d2859ea5f8fd6bcb3c305c08ec184"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
accept-ranges: bytes
content-length: 30928
x-amz-cf-id: 8K5hVuSOEvsyj3MqH5C3htxYBFLh5s606S13iw5C4JS8EuRg9F-Cgg==

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
widget.trustpilot.com/fonts/montserrat/ Frame F4E0 30 KB
31 KB 10ms
9ms Font
binary/octet-stream 52.222.236.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/montserrat/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/fonts/montserrat.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Request headers

Referer: https://widget.trustpilot.com/fonts/montserrat.css
Origin: https://widget.trustpilot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 00:16:10 GMT
via: 1.1 934706f40ffde6f857deae8d024c1192.cloudfront.net (CloudFront)
last-modified: Thu, 29 Sep 2022 09:49:08 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 5879
x-amz-server-side-encryption: AES256
etag: "ac0d2859ea5f8fd6bcb3c305c08ec184"
x-cache: Hit from cloudfront
content-type: binary/octet-stream
accept-ranges: bytes
content-length: 30928
x-amz-cf-id: wl_D_ESE1rlqoFez_jsb2pz3CC_5mLUIiUF_Ve_HNLxJl1NHQkkZdQ==

GET
H2 200 503697863149680 Show response
connect.facebook.net/signals/config/ 150 KB
42 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/503697863149680?v=2.9.98&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c7c2d27d0c32f711891d2689ef49bff1d0e80d230bb0c0194876c126411f24d5

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 17 Mar 2023 01:54:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 42372
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: KfOYyX6tf2241YnDHZFzktZqkyIyYja+3+TN7aalzNm84E0z7cQ7/S0SBjJDczNpcl7u5L0nWMWevaM8009EYA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
378 B 146ms
117ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=1dedf484-b03b-4f45-884a-4cfd9754fd44&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=04c8e466-af65-4882-9e7f-97133e2cb8c5&tw_document_href=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzaqg&type=javascript&version=2.3.29

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-response-time: 110
date: Fri, 17 Mar 2023 01:54:02 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 30fe1d9df18812f4
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 85e0f658a7f31f32ad9b93cf67d2d38776f48840354bac00f70371c0def348cd
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 162ms
114ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=1dedf484-b03b-4f45-884a-4cfd9754fd44&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=04c8e466-af65-4882-9e7f-97133e2cb8c5&tw_document_href=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzaqg&type=javascript&version=2.3.29

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-response-time: 107
date: Fri, 17 Mar 2023 01:54:02 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: c8f8bd975eb4063d
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 6e0a914db5fa350c6c018d061b328c4684cb3cfa3751e9368909b22122d50612
content-length: 43

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 18 KB
3 KB 33ms
8ms Stylesheet
text/css 2400:52e0:1e00::863:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::863:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-863 /
Resource Hash: 103f4d3fbc08fff41f2ddb722186887b3d8977d2a7da27e7ed0f2f5752dc339f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cdn-edgestorageid: 755
perma-cache: HIT
cdn-storageserver: DE-51
cdn-cachedat: 03/13/2023 19:11:02
cdn-pullzone: 293267
last-modified: Wed, 22 Feb 2023 04:22:39 GMT
server: BunnyCDN-DE1-863
cdn-fileserver: 569
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63f5988f-464c"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 142149e6ad11afbf2cec32cf37fb0dcc
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 8811 Show response
api.omappapi.com/v2/embed/ 38 KB
9 KB 170ms
100ms XHR
application/json 18.66.112.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/8811?d=promo.libertex.org
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-92.fra56.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 245b79025af5e007e4f67f6f45eae3c21f53f6b367feea8785a74dc588853a4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:17 GMT
content-encoding: gzip
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: FRA56-P5
x-cache-status: HIT
x-cache: Miss from cloudfront
x-optinmonster-account: 2794
x-user-agent: standard--
last-modified: Fri, 27 Jul 2018 09:59:17 GMT
server: Pagely Gateway/1.5.1
etag: W/"6e32ebec9e1bdfe664a4bb7173a77be9"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: VGcAHDeRwmKJgA42og8cnjo-ETOuBfoaoFXk_cSRyOx0TajsI446hQ==
expires: Fri, 17 Mar 2023 01:52:22 GMT

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/eu01/ 35 B
215 B 20ms
20ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/eu01/v.gif?cd=0&a=677842&d=promo.libertex.org&u=D4BE1A94A25F214942C179484C2C24EE6&h=6304a551dfc5e315543501a85be0a087&t=false&r=0.3717284649574475

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gbel2c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gbel2c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H3 200 inferredevents.js Show response
connect.facebook.net/signals/plugins/ 72 KB
21 KB 9ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredevents.js?v=2.9.98

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5849e07d0d6cbb144829b98da75fda4a8eb3fc2b5749d48cc94bb170db54859a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 17 Mar 2023 01:54:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 21972
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: BgLvQOnfyzKiZBk95JRg9u4JCmGeXfkye8hd9wIqY1LwBRbfgZM3hFwiwkRsnWV5Siv2UvQl0mx1J7dLgDk6lA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 modules.b58f4dbb50ff88fc1f15.js Show response
script.hotjar.com/ 262 KB
68 KB 39ms
8ms Script
application/javascript 52.222.236.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.b58f4dbb50ff88fc1f15.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-898554.js?sv=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.63 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-63.fra56.r.cloudfront.net

Software

Resource Hash

833e9ac3fd9706f7c5db171919041e789fa53325a0a390e8600738ebcb524e3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Wed, 15 Mar 2023 16:17:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 3431ec594cac61983aae2d9ffaf23980.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 121016
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 68544
last-modified: Wed, 15 Mar 2023 16:16:09 GMT
etag: "091dc0b7a90675e0aa9a621de17b6353"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ZV-a93YOty6Aao8SO1pGIBWFFNyFm_V-2TJMdp28MpAyxaSnlHhcyg==

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 3C48 15 KB
6 KB 46ms
15ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=promo.libertex.org&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: https://dynamic.criteo.com/js/ld/ld.js?a=101568,61968,61966,101569,61967,101570

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

97d67f8c2575e19d30ae28a32bad7610849e0e56c81ca66e51178124a5c5eed2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://promo.libertex.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 17 Mar 2023 01:54:03 GMT
server: Kestrel
server-processing-duration-in-ticks: 396982
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 43ms
42ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1034107643&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&ul=en-us&de=UTF-8&dt=Vemos%20Crypto%20en%20tu%20Futuro&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACAABBAAAACAAI~&jid=1404970154&gjid=971412912&cid=2069854403.1679018044&tid=UA-49381759-1&_gid=990173544.1679018044&_r=1&_slc=1&cd7=es&z=818621358

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://promo.libertex.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo.libertex.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 24ms
8ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=503697863149680&ev=PageView&dl=https%3A%2F%2Fpromo.libertex.org%2Flp%2Fes-lm%2Fcryptominer%2F%3Futm_country%3Dlm&rl=&if=false&ts=1679018043772&sw=1600&sh=1200&v=2.9.98&r=stable&a=tmtealium&ec=0&o=28&cs_est=true&fbp=fb.1.1679018043770.1489508869&it=1679018043657&coo=false&rqm=GET

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 17 Mar 2023 01:54:03 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
351 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-49381759-1&cid=2069854403.1679018044&jid=1404970154&gjid=971412912&_gid=990173544.1679018044&_u=YGBACAAABAAAACAAI~&z=1481904739

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://promo.libertex.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 17 Mar 2023 01:54:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo.libertex.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all Show response
api-geo.libertex.org/v1/ 82 KB
17 KB 117ms
101ms XHR
application/json 2606:4700::6811:5a0e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-geo.libertex.org/v1/all?locale=es&v=1679018043839

Requested by

Host: lib.libertex.org
URL: https://lib.libertex.org/landing/js/landing-api.min.2.2.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:5a0e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34c3d87538e44010ce4df644e7c4678526e37bd58237ab3fff0e012c5856a5b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
server-timing: cf-q-config;dur=4.9999998736894e-06
cf-ray: 7a919b161b2237f2-FRA
access-control-allow-headers: Accept, Accept-Language, Origin, Content-Type, Content-Language, X-Forwarded-For
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

sid Show response
mug.criteo.com/ Frame 3C48
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=libertex.org&sn=ChromeSyncframe&so=0&topUrl=promo.libertex.org&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=KIvVJnxhNTZ0OThINnFJOE9PM2hrSkNSRitKMi9hbGtseXpOWVdLWXU1TUFYcWRUTDVNQ2hocndoTzR1YlQrRktXMVduR0FWUnJjelhGNnNYOFR0Kzd3QitQL0VxV3R2L0FTc1YvZ0ErTEtpMTYyR0d3ampLYmoxZXBJZ0...

433 B
656 B

83ms
16ms

Fetch
application/json

178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=KIvVJnxhNTZ0OThINnFJOE9PM2hrSkNSRitKMi9hbGtseXpOWVdLWXU1TUFYcWRUTDVNQ2hocndoTzR1YlQrRktXMVduR0FWUnJjelhGNnNYOFR0Kzd3QitQL0VxV3R2L0FTc1YvZ0ErTEtpMTYyR0d3ampLYmoxZXBJZ0dqMk0rQ3I2S0tzK1lSWUxVMXFPZkprSG5ZWXgrWWh5RGVBL1JPbC9iRTQ2RkdWaGZIVG1JcWlnYnJRZ243K0NYTXowbFg5YTdzei9xRVRJK1lZY1Nxb2JtMklESGZoVUFtRjNUcllVdmkvVXhJL0FUcnNoMHIrRnJYUjA2aHV6Yk4yK3ZzV3pBNXMzNXZBMjhyZU4zeThxQkZiMVcwdz09fA&cppv=2

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

8448d68d80179c72c102c0238df15d94a2a133c316acf5617d6733820be6ba41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1544450
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=KIvVJnxhNTZ0OThINnFJOE9PM2hrSkNSRitKMi9hbGtseXpOWVdLWXU1TUFYcWRUTDVNQ2hocndoTzR1YlQrRktXMVduR0FWUnJjelhGNnNYOFR0Kzd3QitQL0VxV3R2L0FTc1YvZ0ErTEtpMTYyR0d3ampLYmoxZXBJZ0dqMk0rQ3I2S0tzK1lSWUxVMXFPZkprSG5ZWXgrWWh5RGVBL1JPbC9iRTQ2RkdWaGZIVG1JcWlnYnJRZ243K0NYTXowbFg5YTdzei9xRVRJK1lZY1Nxb2JtMklESGZoVUFtRjNUcllVdmkvVXhJL0FUcnNoMHIrRnJYUjA2aHV6Yk4yK3ZzV3pBNXMzNXZBMjhyZU4zeThxQkZiMVcwdz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 332868
content-length: 0
expires: 0

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469;~oref=https://promo.libertex.org/ Frame 020E 439 B
599 B 166ms
72ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469;~oref=https://promo.libertex.org/

Requested by

Host: 11442981.fls.doubleclick.net
URL: https://11442981.fls.doubleclick.net/activityi;dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed7287da04c2d547d61dd0b4b36c00d7172462019bdcee43cf92e8c8565e22a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://11442981.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 225
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Mar 2023 01:54:03 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main.MTE3ZGZjMmFkMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 252 KB
67 KB 12ms
11ms Script
application/javascript 2.16.186.242
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTE3ZGZjMmFkMQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BVJ114SOLA0CA89TMT5G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.242 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-242.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 4d9074e3fda26a28e6500d3a1cbaa23bddaecd66d2e6129d850f3cdc40884906

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 57dff11
date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2023022114532982596A89A4F154ED371B
vary: Accept-Encoding
x-cache: TCP_HIT from a2-16-186-238.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 013c8fc40dc5a434ee948d80ce89ebd5b1c3f80aa021e4212fb04ab8903828c53e5025698b1dbeb4b3906831a8c4bcc3da68c228615acafd3b08134d71b10f61b571e6da602259d4d4e0ee61439add026b8c7f2047853a116558a20b1085879c16
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length: 68287

GET
H2 200 18.d0e9f421.min.js Show response
a.opmnstr.com/app/js/ 1 KB
1 KB 7ms
7ms Script
application/javascript 2400:52e0:1e00::863:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/18.d0e9f421.min.js
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::863:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-863 /
Resource Hash: 3051564cbafe1447ba740ecf8ad781951f9617dedfd13d3718e64f1552b10eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cdn-edgestorageid: 756
perma-cache: HIT
cdn-storageserver: DE-568
cdn-cachedat: 03/13/2023 19:11:03
cdn-pullzone: 293267
last-modified: Wed, 14 Dec 2022 16:27:24 GMT
server: BunnyCDN-DE1-863
cdn-fileserver: 401
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"6399f96c-485"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 237644a406b5b0443d0825bf799a9435
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 5.112e6dc7.min.js Show response
a.opmnstr.com/app/js/ 16 KB
6 KB 8ms
8ms Script
application/javascript 2400:52e0:1e00::863:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/5.112e6dc7.min.js
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::863:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-863 /
Resource Hash: f77582bed375bcc38f36c2b1a15e9deb97f387905b0c087a77448add795cd0c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cdn-edgestorageid: 723
perma-cache: HIT
cdn-storageserver: DE-569
cdn-cachedat: 03/13/2023 19:11:02
cdn-pullzone: 293267
last-modified: Thu, 02 Feb 2023 22:05:53 GMT
server: BunnyCDN-DE1-863
cdn-fileserver: 541
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63dc33c1-3f86"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: f7fe1e537ad0854849d98dd6939499fa
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 legacy-api.min.js Show response
a.omappapi.com/app/js/ 106 KB
31 KB 11ms
11ms Script
application/javascript 2400:52e0:1e00::863:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/legacy-api.min.js
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::863:1 , Slovenia, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-863 /
Resource Hash: 7fd16f7b8b1eb0cd4721280578f80246ed39976369573ef3b86bb4cff8dee4fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: br
cdn-edgestorageid: 1078
perma-cache: HIT
cdn-storageserver: DE-197
cdn-cachedat: 03/13/2023 19:11:03
cdn-pullzone: 293267
last-modified: Mon, 26 Sep 2022 21:28:32 GMT
server: BunnyCDN-DE1-863
cdn-fileserver: 152
cdn-requestpullcode: 200
cdn-proxyver: 1.03
etag: W/"63321980-1a7ad"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 86cfa431bc01c270dd37220a75d704e8
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 identify_cab4d.js Show response
analytics.tiktok.com/i18n/pixel/static/ 114 KB
31 KB 10ms
10ms Script
application/javascript 2.16.186.242
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_cab4d.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTE3ZGZjMmFkMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.242 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-242.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: cef0a3ffb6993fc1ec7b5b67a16377ec1ec0a858b3cabb834033d7458ff0e4bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-akamai-request-id: 57dff1b
date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2023022114532982596A89A4F154ED3773
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a2-16-186-238.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 013c8fc40dc5a434ee948d80ce89ebd5b1c3f80aa021e4212fb04ab8903828c53e5025698b1dbeb4b3906831a8c4bcc3da68c228615acafd3b08134d71b10f61b571e6da602259d4d4e0ee61439add026b8c7f2047853a116558a20b1085879c16
server-timing: cdn-cache; desc=HIT, edge; dur=1, inner; dur=1
content-length: 30986

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
550 B 121ms
121ms Ping
text/plain 2.16.186.242
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTE3ZGZjMmFkMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.242 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-242.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://promo.libertex.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:04 GMT
x-akamai-request-id: 57dff2a
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server: nginx
x-tt-logid: 20230317015403F8283181543B4B031BBE
x-cache: TCP_MISS from a2-16-186-238.deploy.akamaitechnologies.com (AkamaiGHost/11.0.2-47081134) (-)
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 108,2.16.186.238
x-tt-trace-host: 01ee7bea097beb989b7db387380a3ff2a69addb9610d7e643ec85e142416778ce792d737a19478cc89f6346d277439887eff542aa2d54b6ea5676652cc4ae0b824e1123aa59c26cef48ccdc5813de52ae1b87b9f35a93beea2064ab30ba53ff7e3
server-timing: inner; dur=17, cdn-cache; desc=MISS, edge; dur=6, origin; dur=108
content-length: 0
expires: Fri, 17 Mar 2023 01:54:04 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 207ms
46ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-49381759-1&cid=2069854403.1679018044&jid=1404970154&_u=YGBACAAABAAAACAAI~&z=40722120

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 211ms
49ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-49381759-1&cid=2069854403.1679018044&jid=1404970154&_u=YGBACAAABAAAACAAI~&z=40722120

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

event Show response
widget.us.criteo.com/
Redirect Chain

https://sslwidget.criteo.com/event?a=%5B101568%2C61968%2C61966%2C101569%2C61967%2C101570%5D&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Ddis&adce=1&bundle=AVnzxF9qU0NYMktZN2RFVDI5cmRFbjd5SXRlREtMcFI3...
https://widget.us.criteo.com/event?a=%5B101568%2C61968%2C61966%2C101569%2C61967%2C101570%5D&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Ddis&adce=1&bundle=AVnzxF9qU0NYMktZN2RFVDI5cmRFbjd5SXRlREtMcFI3...

38 KB
5 KB

448ms
124ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.us.criteo.com/event?a=%5B101568%2C61968%2C61966%2C101569%2C61967%2C101570%5D&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Ddis&adce=1&bundle=AVnzxF9qU0NYMktZN2RFVDI5cmRFbjd5SXRlREtMcFI3YXVkMXpEUCUyRmpjcjY2NnF0T2YyZG9WSXlDJTJGOTFLU1MlMkJsSElvSWdxa25DTkRUY3p5VHd1TExUeFAzM1FoaXdLOEhDaGFNbEhqYmlMdjBHb3BEOHRPJTJGRmtaeHBVWml2REJYOExIZGZWeTU0ejBtZ2k3b3EyRzR3UXlYdyUzRCUzRA&tld=libertex.org&dy=1&fu=https%253A%252F%252Fpromo.libertex.org%252Flp%252Fes-lm%252Fcryptominer%252F%253Futm_country%253Dlm&dtycbr=35428

Requested by

Host: promo.libertex.org
URL: https://promo.libertex.org/lp/es-lm/cryptominer/?utm_country=lm

Protocol

Server

74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

5f04cd079bf43c18d9d80c171e8e0d3ba9718b3a253d5b3a742d4bc06e765252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 28033912
timing-allow-origin: *
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://widget.us.criteo.com/event?a=%5B101568%2C61968%2C61966%2C101569%2C61967%2C101570%5D&v=5.13.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Ddis&adce=1&bundle=AVnzxF9qU0NYMktZN2RFVDI5cmRFbjd5SXRlREtMcFI3YXVkMXpEUCUyRmpjcjY2NnF0T2YyZG9WSXlDJTJGOTFLU1MlMkJsSElvSWdxa25DTkRUY3p5VHd1TExUeFAzM1FoaXdLOEhDaGFNbEhqYmlMdjBHb3BEOHRPJTJGRmtaeHBVWml2REJYOExIZGZWeTU0ejBtZ2k3b3EyRzR3UXlYdyUzRCUzRA&tld=libertex.org&dy=1&fu=https%253A%252F%252Fpromo.libertex.org%252Flp%252Fes-lm%252Fcryptominer%252F%253Futm_country%253Dlm&dtycbr=35428
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 20253901
timing-allow-origin: *
content-length: 0
expires: 0

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 189ms
38ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/legacy-api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo.libertex.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Thu, 16 Mar 2023 18:27:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Mar 2024 18:27:36 GMT

GET
H2 200 / Show response
adservice.google.de/ddm/fls/i/dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469;~oref=https://promo.libertex.org/ Frame 156E 194 B
515 B 186ms
76ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469;~oref=https://promo.libertex.org/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CO3AxdDt4f0CFfCd_Qcd_wcAuA;src=11442981;type=testb0;cat=pagev0;ord=3961900956679.469;~oref=https://promo.libertex.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Mar 2023 01:54:04 GMT
expires: Fri, 17 Mar 2023 01:54:04 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 9642
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-N25wvB_g1Nr8s7GWbbWisq2mHfBLy8F-V5Iwpg&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-N25wvB_g1Nr8s7GWbbWisq2mHfBLy8F-V5Iwpg&expires=30

43 B
344 B

9ms
9ms

Image
image/gif

18.158.7.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-N25wvB_g1Nr8s7GWbbWisq2mHfBLy8F-V5Iwpg&expires=30
Protocol: H2
Server: 18.158.7.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-7-247.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-N25wvB_g1Nr8s7GWbbWisq2mHfBLy8F-V5Iwpg&expires=30
date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 9642
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-aKGnax_g1Nr8s7GWbbWisq2mHfAUUp0PM9q5zQ&google_cm&google_hm=ay1hS0duYXhfZzFOcjhzN0dXYmJXaXNxMm1IZkFVVXAwU...
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-aKGnax_g1Nr8s7GWbbWisq2mHfAUUp0PM9q5zQ&google_gid=CAESENQ7vhc47O5pMIE7zIBmHSI&google_cver=1&google_ula=913071,0

43 B
370 B

18ms
18ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-aKGnax_g1Nr8s7GWbbWisq2mHfAUUp0PM9q5zQ&google_gid=CAESENQ7vhc47O5pMIE7zIBmHSI&google_cver=1&google_ula=913071,0

Protocol

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:04 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1432758
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:04 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-aKGnax_g1Nr8s7GWbbWisq2mHfAUUp0PM9q5zQ&google_gid=CAESENQ7vhc47O5pMIE7zIBmHSI&google_cver=1&google_ula=913071,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 398
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 9642
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=176044757658704635

43 B
371 B

55ms
16ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=176044757658704635

Protocol

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:03 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1448982
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Fri, 17 Mar 2023 01:54:04 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.184; 185.213.155.184; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d671d28e-66e4-4d97-81ec-fa1d638245aa
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=176044757658704635
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame 9642
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-Wt5EOR_g1Nr8s7GWbbWisq2mHfB6iJIX5s8d_A
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-Wt5EOR_g1Nr8s7GWbbWisq2mHfB6iJIX5s8d_A

43 B
1 KB

7ms
6ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-Wt5EOR_g1Nr8s7GWbbWisq2mHfB6iJIX5s8d_A

Protocol

HTTP/1.1

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 17 Mar 2023 01:54:04 GMT
AN-X-Request-Uuid: 652d29ec-0387-4aea-9036-8518f09d5c4f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.184; 185.213.155.184; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 17 Mar 2023 01:54:04 GMT
AN-X-Request-Uuid: 888a816e-dd47-42d4-b825-9e66f140c80a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-Wt5EOR_g1Nr8s7GWbbWisq2mHfB6iJIX5s8d_A
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.184; 185.213.155.184; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cksync.php
contextual.media.net/ Frame 9642 237 B
978 B 91ms
50ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-ao6dLR_g1Nr8s7GWbbWisq2mHfDqIl4fiHOR-A

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Fri, 17 Mar 2023 01:54:04 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 237
x-mnet-hl2: E
expires: Fri, 17 Mar 2023 01:54:04 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 9642 0
239 B 228ms
8ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-WDQ8Th_g1Nr8s7GWbbWisq2mHfBgaTHSQUZSFA&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 v1
match.sharethrough.com/sync/ Frame 9642 0
35 B 51ms
8ms Image
text/plain 3.67.0.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-dZMWgB_g1Nr8s7GWbbWisq2mHfB5j_HIhgpTWg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.67.0.77 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-0-77.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame 9642 43 B
163 B 201ms
19ms Image
image/gif 185.86.138.154
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-Zz5lsh_g1Nr8s7GWbbWisq2mHfCDgzjiOdqXWg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.154 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 9642 0
99 B 70ms
15ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-TYwU3B_g1Nr8s7GWbbWisq2mHfCDUHo6CP914Q
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13316

GET
H2 200 um
criteo-sync.teads.tv/ Frame 9642 23 B
172 B 75ms
33ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-c_bk2h_g1Nr8s7GWbbWisq2mHfBMGqc4QWikNg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

expires: Fri, 17 Mar 2023 01:54:04 GMT
pragma: no-cache
date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H2 200 xuid
eb2.3lift.com/ Frame 9642 37 B
140 B 33ms
9ms Image
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-Vf2IGB_g1Nr8s7GWbbWisq2mHfAj3W0G6EFmwg&dongle=013b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58301/ Frame 9642
Redirect Chain

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-QuebnR_g1Nr8s7GWbbWisq2mHfCFYzy7UW9bww
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-QuebnR_g1Nr8s7GWbbWisq2mHfCFYzy7UW9bww&verify=true

0
121 B

12ms
11ms

Image
text/plain

3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-QuebnR_g1Nr8s7GWbbWisq2mHfCFYzy7UW9bww&verify=true

Protocol

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-QuebnR_g1Nr8s7GWbbWisq2mHfCFYzy7UW9bww&verify=true
date: Fri, 17 Mar 2023 01:54:04 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 pixel
cm.adform.net/ Frame 9642 43 B
162 B 145ms
24ms Image
image/gif 37.157.2.234
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-l9SR4B_g1Nr8s7GWbbWisq2mHfCJgBnKWZul-w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
last-modified: Thu, 28 Jul 2022 12:09:37 GMT
server: nginx
accept-ranges: bytes
etag: "62e27c81-2b"
content-length: 43
content-type: image/gif

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame 9642 49 B
235 B 59ms
19ms Image
image/gif 185.255.84.153
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-_5V-rh_g1Nr8s7GWbbWisq2mHfBxlM03D65rnw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.153 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:04 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 4
content-length: 49
expires: 0

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame 9642
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-BPyVqx_g1Nr8s7GWbbWisq2mHfA8gzzYqknBiA
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-BPyVqx_g1Nr8s7GWbbWisq2mHfA8gzzYqknBiA&C=1

43 B
766 B

11ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-BPyVqx_g1Nr8s7GWbbWisq2mHfA8gzzYqknBiA&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 17 Mar 2023 01:54:04 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 17 Mar 2023 01:54:04 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=20&external_user_id=k-BPyVqx_g1Nr8s7GWbbWisq2mHfA8gzzYqknBiA&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 9642
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=9gT8lNclmOvUWRsVXD9syb2ZirB3hH0F
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=9gT8lNclmOvUWRsVXD9syb2ZirB3hH0F

42 B
942 B

37ms
33ms

Image
image/gif

54.171.39.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=9gT8lNclmOvUWRsVXD9syb2ZirB3hH0F

Protocol

HTTP/1.1

Server

54.171.39.218 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-39-218.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v046-0be6689a7.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: DBC4HwJPSbQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcscanary-prod-irl1-1-v054-096b5de0a.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: r8jvn9HRQoo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=9gT8lNclmOvUWRsVXD9syb2ZirB3hH0F
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame 9642
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-kW1_zx_g1Nr8s7GWbbWisq2mHfDO7LKYhg46Gg
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-kW1_zx_g1Nr8s7GWbbWisq2mHfDO7LKYhg46Gg

43 B
447 B

44ms
30ms

Image
image/gif

54.220.176.181
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-kW1_zx_g1Nr8s7GWbbWisq2mHfDO7LKYhg46Gg
Protocol: H2
Server: 54.220.176.181 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-220-176-181.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 17 Mar 2023 01:54:04 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-kW1_zx_g1Nr8s7GWbbWisq2mHfDO7LKYhg46Gg
date: Fri, 17 Mar 2023 01:54:04 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 sync
matching.ivitrack.com/ Frame 9642 42 B
274 B 56ms
19ms Image
image/gif 34.117.157.22
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-ijOmSh_g1Nr8s7GWbbWisq2mHfC950doNU7g8Q
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.157.22 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 22.157.117.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:03 GMT
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 push
exchange.mediavine.com/usersync/ Frame 9642 0
880 B 43ms
10ms Image
text/html 3.69.114.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-G2gjMh_g1Nr8s7GWbbWisq2mHfBGeBKklQL6iQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.69.114.229 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-69-114-229.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: private, no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 9642 0
145 B 382ms
93ms Image
text/plain 70.42.32.191
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-3chl3R_g1Nr8s7GWbbWisq2mHfA4DJQNqb5Bsw&initiator=partner
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.191 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Date: Fri, 17 Mar 2023 01:54:05 GMT
Cache-Control: no-cache
X-TraceId: 67aff0d2be7d0c4013a9c71755ec32a1
Content-Length: 0

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 9642 42 B
579 B 78ms
15ms Image
image/gif 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-jWvMjx_g1Nr8s7GWbbWisq2mHfCcWHrbtHqVMA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 sync
criteo-partners.tremorhub.com/ Frame 9642 43 B
407 B 329ms
102ms Image
image/gif 2600:1f18:612b:4216:1721:e587:98b8:3e72
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-partners.tremorhub.com/sync?UICR=k-wZmUGB_g1Nr8s7GWbbWisq2mHfCqNGijPBhwmQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4216:1721:e587:98b8:3e72 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Fri, 17 Mar 2023 01:54:05 GMT
server: Apache-Coyote/1.1
content-type: image/gif

GET
H2 200 getusermatch.php
a.twiago.com/rtb/ Frame 9642 43 B
153 B 85ms
28ms Image
image/gif 85.215.5.31
CRONON-BERLIN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.twiago.com/rtb/getusermatch.php?dataid=6&external_user_id=k-1qnbWR_g1Nr8s7GWbbWisq2mHfDKCyKp6v87ew
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 85.215.5.31 Berlin, Germany, ASN6786 (CRONON-BERLIN-AS, DE),
Reverse DNS
Software: Apache / PHP/7.3.29
Resource Hash: 5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 17 Mar 2023 01:54:04 GMT
server: Apache
x-powered-by: PHP/7.3.29
content-length: 43
content-type: image/gif

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame 9642 0
525 B 67ms
15ms Image
text/plain 23.45.237.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-tRJeeB_g1Nr8s7GWbbWisq2mHfDxYICzQW0epA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.45.237.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-237-121.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 17 Mar 2023 01:54:04 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Thu, 16 Mar 2023 01:54:04 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame 9642 0
38 B 130ms
27ms Image
text/plain 52.49.84.227
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-GhpkmR_g1Nr8s7GWbbWisq2mHfB5wBimViIHqQ&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.84.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-84-227.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date: Fri, 17 Mar 2023 01:54:04 GMT
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 9642
Redirect Chain

https://gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=T3WQ5f7s-vOOOO8O2GiHHow0ZUEzg-wf

0
338 B

112ms
29ms

Image
text/plain

54.75.60.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=T3WQ5f7s-vOOOO8O2GiHHow0ZUEzg-wf
Protocol: H2
Server: 54.75.60.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-75-60-155.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

x-served-by: beacon-n016-dub-prod.krxd.net
date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: private, no-cache, no-store
x-request-time: D=55 t=1679018044
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=T3WQ5f7s-vOOOO8O2GiHHow0ZUEzg-wf
date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 716105
content-length: 0

GET
H2

200

cs
s.thebrighttag.com/ Frame 9642
Redirect Chain

https://gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=kxHYd4t2_K72mpMGuxUqGy5bNWGYf1bZ

35 B
268 B

365ms
113ms

Image
image/gif

3.18.193.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=kxHYd4t2_K72mpMGuxUqGy5bNWGYf1bZ
Protocol: H2
Server: 3.18.193.91 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-18-193-91.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Mar 2023 01:54:05 GMT
x-bt-requestid: 991a9d81-c466-11ed-9431-0000ac1702cf
server: nginx
content-type: image/gif
access-control-allow-origin
p3p: CP=NOI DSP COR NID
cache-control: private, must-revalidate
content-length: 35
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=kxHYd4t2_K72mpMGuxUqGy5bNWGYf1bZ
date: Fri, 17 Mar 2023 01:54:04 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 938122
content-length: 0

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

56 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.libertex.org/	1970-01-20 10:23:39	Name: __cf_bm Value: AFeJL1wpnVmHdIGir5_Ezm0WIEhp6LZbev9FeHRMZSU-1679018043-0-Ae6QPpjwLafPBZdhBPYMqpWHqeMZOJu/iTpyIh8wyMiloBBVectgg0fyznPpEYGRrwZqTounNsVAsPK8s9lCwnc=
.libertex.org/	1969-12-31 23:59:59	Name: _cfuvid Value: NwLZ8oze6qkCU.8aaF7K_S7u46QnJCzldQx5A4ifeIs-1679018043230-0-604800000
.libertex.org/	1970-01-20 19:59:38	Name: segment Value: 2
.libertex.org/	1970-01-20 19:09:14	Name: utag_main Value: v_id:0186ed46280f00694543cafb85f003073003f06b00b08$_sn:1$_se:1$_ss:1$_st:1679019843408$ses_id:1679018043408%3Bexp-session$_pn:1%3Bexp-session$_prevpage:undefined%3Bexp-1679021643434
.libertex.org/	1969-12-31 23:59:59	Name: cookie_conversion_utm Value: undefined
.libertex.org/	1970-01-20 19:59:38	Name: segment_web Value: a
.libertex.org/	1969-12-31 23:59:59	Name: icid_sf_cookie Value: undefined
promo.libertex.org/	1970-01-20 19:59:38	Name: _omappvp Value: nSTJAEipiUNA1126zwci7kCYWxnCrlf5vsZhtUT00ZcwqIKi7ddx5ANPgfHA5XN6B8xWrBJHKkvLASiL14xSeSXxlqI9gztt
promo.libertex.org/	1970-01-20 10:23:39	Name: _omappvs Value: 1679018043686
.promo.libertex.org/	1970-01-20 19:10:40	Name: _vwo_uuid_v2 Value: D4BE1A94A25F214942C179484C2C24EE6\|6304a551dfc5e315543501a85be0a087
.libertex.org/	1970-01-20 19:59:38	Name: _ga Value: GA1.2.2069854403.1679018044
.libertex.org/	1970-01-20 10:25:04	Name: _gid Value: GA1.2.990173544.1679018044
.libertex.org/	1970-01-20 10:23:38	Name: _gat_tealium_0 Value: 1
.libertex.org/	1970-01-20 12:33:14	Name: _fbp Value: fb.1.1679018043770.1489508869
.tiktok.com/	1970-01-20 19:45:14	Name: _ttp Value: 2N7bPWtcCytRFd3AkgyNafzwD7i
.libertex.org/	1970-01-20 19:09:14	Name: _hjSessionUser_898554 Value: eyJpZCI6IjNiNDlmNTM4LWQxN2UtNThjOS1iYTIzLTEwOGQ0OTFjNGEzMCIsImNyZWF0ZWQiOjE2NzkwMTgwNDM3OTYsImV4aXN0aW5nIjpmYWxzZX0=
.libertex.org/	1970-01-20 10:23:39	Name: _hjFirstSeen Value: 1
.criteo.com/	1970-01-20 19:45:14	Name: uid Value: 3c4b0dac-01fc-4e89-b4a6-477f72df4844
.libertex.org/	1970-01-20 10:23:38	Name: _hjIncludedInSessionSample_898554 Value: 1
.libertex.org/	1970-01-20 10:23:39	Name: _hjSession_898554 Value: eyJpZCI6IjFjMDM4NjFlLWVhNWMtNGIzZi04NzkyLTk0NjEzMDZlMTdlNyIsImNyZWF0ZWQiOjE2NzkwMTgwNDM4MDUsImluU2FtcGxlIjp0cnVlfQ==
.libertex.org/	1970-01-20 10:23:39	Name: _hjAbsoluteSessionInProgress Value: 0
.t.co/	1970-01-20 19:59:38	Name: muc_ads Value: 515267c9-91c9-4a34-8a75-71f980c760c8
.twitter.com/	1970-01-20 19:59:38	Name: personalization_id Value: "v1_hBgcBfCfSvUJRbi20Wzeag=="
.libertex.org/	1970-01-20 19:45:14	Name: _tt_enable_cookie Value: 1
.libertex.org/	1970-01-20 19:45:14	Name: _ttp Value: FK7nlzOPfuTfbKT4PcB9lCL4vyc
.libertex.org/	1970-01-20 19:53:02	Name: cto_bundle Value: AVnzxF9qU0NYMktZN2RFVDI5cmRFbjd5SXRlREtMcFI3YXVkMXpEUCUyRmpjcjY2NnF0T2YyZG9WSXlDJTJGOTFLU1MlMkJsSElvSWdxa25DTkRUY3p5VHd1TExUeFAzM1FoaXdLOEhDaGFNbEhqYmlMdjBHb3BEOHRPJTJGRmtaeHBVWml2REJYOExIZGZWeTU0ejBtZ2k3b3EyRzR3UXlYdyUzRCUzRA
.adnxs.com/	1970-01-20 12:33:14	Name: anj Value: dTM7k!M4/rCxrEQF']wIg2Il`d:^Gd!]tbPl@/D!9hy6]/Cr.Be:6A'0uLN9^O6Lolh`gO19SwLhr`Ooh/mRhg?:$FkLQ[z?11d)t-f4wbpRzqF1`*baxU+KcB8
.adnxs.com/	1970-01-20 12:33:14	Name: uuid2 Value: 176044757658704635
.bidswitch.net/	1970-01-20 19:09:14	Name: tuuid Value: 047ce49d-8863-4aed-8abe-856e88d4e1f4
.bidswitch.net/	1970-01-20 19:09:14	Name: c Value: 1679018044
.bidswitch.net/	1970-01-20 19:09:14	Name: tuuid_lu Value: 1679018044
.media.net/	1970-01-20 19:09:14	Name: visitor-id Value: 3220196448399222000V10
.media.net/	1970-01-20 11:06:50	Name: data-c-ts Value: 1679018044
.media.net/	1970-01-20 11:06:50	Name: data-c Value: k-ao6dLR_g1Nr8s7GWbbWisq2mHfDqIl4fiHOR-A~~3
.yahoo.com/	1970-01-20 19:09:35	Name: A3 Value: d=AQABBDzIE2QCEB2HC-4BRzAvWM2Lyu1LUqwFEgEBAQEZFWQdZAAAAAAA_eMAAA&S=AQAAAjMQh6tajHUlfxiZ7O_m6rA
.analytics.yahoo.com/	1970-01-20 19:09:14	Name: IDSYNC Value: 18zh~2ak1
.doubleclick.net/	1970-01-20 19:45:14	Name: IDE Value: AHWqTUmQpVKxoZoVfaB3wX9J2g4o1gfxwxyRqzXt2TOH7p0GsxpSQMJ5ZynxvMUJHsg
exchange.mediavine.com/	1970-01-20 10:43:47	Name: mv_tokens Value: %7B%22mv_uuid%22%3A%2298cccba0-c466-11ed-8c71-bf1fbe5cb733%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 10:43:47	Name: mv_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%2298cccba0-c466-11ed-8c71-bf1fbe5cb733%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 10:43:47	Name: am_tokens Value: %7B%22mv_uuid%22%3A%2298cccba0-c466-11ed-8c71-bf1fbe5cb733%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 10:43:47	Name: am_tokens_eu-v1 Value: %7B%22mv_uuid%22%3A%2298cccba0-c466-11ed-8c71-bf1fbe5cb733%22%2C%22version%22%3A%22eu-v1%22%7D
exchange.mediavine.com/	1970-01-20 10:43:47	Name: criteo Value: %7B%22id%22%3A%22k-G2gjMh_g1Nr8s7GWbbWisq2mHfBGeBKklQL6iQ%22%2C%22version%22%3A%22criteo%22%7D
.demdex.net/	1970-01-20 14:42:50	Name: demdex Value: 88838585622411519033017110758519416246
.casalemedia.com/	1970-01-20 19:09:14	Name: CMID Value: ZBPIPI9oY50XZ52n14AErwAA
.casalemedia.com/	1970-01-20 12:33:14	Name: CMPS Value: 2143
.casalemedia.com/	1970-01-20 12:33:14	Name: CMPRO Value: 2143
.360yield.com/	1970-01-20 12:33:14	Name: tuuid Value: 5266e456-cc25-4fd8-b685-3bd705e41dc1
.360yield.com/	1970-01-20 12:33:14	Name: tuuid_lu Value: 1679018044
.dpm.demdex.net/	1970-01-20 14:42:50	Name: dpm Value: 88838585622411519033017110758519416246
.pubmatic.com/	1970-01-20 11:06:50	Name: KRTBCOOKIE_97 Value: 3385-uid:k-jWvMjx_g1Nr8s7GWbbWisq2mHfCcWHrbtHqVMA&KRTB&23144-uid:k-jWvMjx_g1Nr8s7GWbbWisq2mHfCcWHrbtHqVMA&KRTB&23286-uid:k-jWvMjx_g1Nr8s7GWbbWisq2mHfCcWHrbtHqVMA&KRTB&23287-uid:k-jWvMjx_g1Nr8s7GWbbWisq2mHfCcWHrbtHqVMA
.pubmatic.com/	1970-01-20 11:06:50	Name: PugT Value: 1679018044
.360yield.com/	1970-01-20 12:33:14	Name: um Value: !38,NyY-tUPkMM-upBiPFJ57U9-00bEtuav1DZMK-x1l2beeIXI8XRpKzv7oNlZDK3sJ..4VXxyb,1686794044
.360yield.com/	1970-01-20 12:33:14	Name: umeh Value: !38,0,1741226044,-1
.krxd.net/	1970-01-20 14:42:50	Name: _kuid_ Value: PcGe77wJ
.tremorhub.com/	1970-01-20 19:09:34	Name: tvid Value: a29928c4c7c94ebbb008f57055f764ae
.tremorhub.com/	1970-01-20 11:06:50	Name: tv_UICR Value: k-wZmUGB_g1Nr8s7GWbbWisq2mHfCqNGijPBhwmQ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11442981.fls.doubleclick.net
a.omappapi.com
a.opmnstr.com
a.twiago.com
ad.360yield.com
ad.yieldlab.net
adservice.google.com
adservice.google.de
ajax.googleapis.com
analytics.tiktok.com
analytics.twitter.com
api-account.libertex.org
api-geo.libertex.org
api.omappapi.com
beacon.krxd.net
cm.adform.net
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
dev.visualwebsiteoptimizer.com
dis.criteo.com
dpm.demdex.net
dynamic.criteo.com
eb2.3lift.com
exchange.mediavine.com
gum.criteo.com
ib.adnxs.com
lib.libertex.org
match.sharethrough.com
matching.ivitrack.com
mug.criteo.com
pixel.rubiconproject.com
promo.libertex.org
r.casalemedia.com
rtb-csync.smartadserver.com
s.thebrighttag.com
script.hotjar.com
secure.adnxs.com
simage2.pubmatic.com
sslwidget.criteo.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.outbrain.com
t.co
tags.tiqcdn.com
tealium-proxy.libertex.org
trc.taboola.com
ups.analytics.yahoo.com
visitor.omnitagjs.com
widget.trustpilot.com
widget.us.criteo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
x.bidswitch.net
104.111.217.42
104.244.42.195
104.244.42.69
141.226.228.48
142.250.184.194
142.250.184.198
146.75.120.157
178.250.0.163
178.250.1.11
178.250.1.9
18.158.7.247
18.66.112.92
18.66.97.53
185.255.84.153
185.64.189.110
185.80.39.216
185.86.138.154
185.89.210.212
2.16.186.242
2.18.235.93
23.45.237.121
2400:52e0:1e00::863:1
2600:1f18:612b:4216:1721:e587:98b8:3e72
2600:9000:223e:3200:7:2bfb:7c00:93a1
2606:4700::6811:5a0e
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2004
2a00:1450:4001:813::200e
2a00:1450:4001:82b::200a
2a00:1450:4001:830::2003
2a00:1450:400c:c0c::9a
2a02:2638:3::c
2a02:2638::14
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:600::300
3.18.193.91
3.67.0.77
3.69.114.229
3.71.149.231
34.117.157.22
34.96.102.137
37.157.2.234
37.252.171.85
52.222.236.60
52.222.236.63
52.49.84.227
52.50.72.142
54.171.39.218
54.220.176.181
54.75.60.155
69.173.144.139
70.42.32.191
74.119.119.150
76.223.111.18
85.215.5.31
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
08509a4fede4c03053224282a6674e035fd2db88534102f7fedb8e11b1d48aa8
099dbee82bc5da3a74f1ffe461982b51c3b7b951e23912f677d89091de4bcd15
0d9e0e4b6636bab12f4f0e583c231a6504e0d243c57774554c1397a43ab292c5
0fca0294cfaf24a4db0852415eee7bcdea7b9766d59e443fb2d5f0c77eb23363
103f4d3fbc08fff41f2ddb722186887b3d8977d2a7da27e7ed0f2f5752dc339f
11cb2c0e70f91c6a0326cf4a4f9fa1b177c14efba6b56bf7535624b9c7bce990
14a24aadb74b89821d28aae36752b158c634255a341f8f176d400a1c10704e8c
19ac3e6d88621d17d25c7328e96294010e7cf251177b0889788c702fe7695560
1ad35a1e22850c367135754b2204a9c5e2ef26aa72df2da4d1e082a479104078
1cc15b57ec56e9930e95828f0ff9d65045b18b214cf118a73f64199071cafd41
207c2f634d72abaa19fe4aed2b4db9d497f74136f99c2ee8a7433b85c6787ddd
245b79025af5e007e4f67f6f45eae3c21f53f6b367feea8785a74dc588853a4c
2d762b4cda191b58cf5cf8a9d0ee788f11d8e9997a273cd62c249628878a94e2
2e0fafc9b119fd349264c2847aec0c0e6d21654049a7f99d7727075be163fafa
3051564cbafe1447ba740ecf8ad781951f9617dedfd13d3718e64f1552b10eb5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
34c3d87538e44010ce4df644e7c4678526e37bd58237ab3fff0e012c5856a5b4
398a30ed1880e1cd45e49f51e73ebe8e4e71e0023d6b22ed04b01ce5ef954202
460d588d068264d104737e3ee1847ed3235fe0182d113e2100d452c5ef458edc
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d9074e3fda26a28e6500d3a1cbaa23bddaecd66d2e6129d850f3cdc40884906
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50de719051ac450992625c5ff7b3dc8de4a1b2e83be9a088e9e36ab7452e25be
51b613344f05c6eb7fab6733e8ec2d10a2a0b2ec981e1c4647416d60eac72a81
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a898a4a6eed430489e568943b411780f28ba4d843a9756dc9f2f6d6d0a798a
550ef428d144ad5458ddd9861ceafac8b3445edfa2ae421a5990f129b5d07a40
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
5849e07d0d6cbb144829b98da75fda4a8eb3fc2b5749d48cc94bb170db54859a
59418e8a7ccec4b7a4c8bda9b85da0704826751ed2da824336fa1ad9ade97617
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
598040c6a1a93b5e1363849a2bc28037bbf0bedba6959e7de45f634a26f84c07
5f04cd079bf43c18d9d80c171e8e0d3ba9718b3a253d5b3a742d4bc06e765252
6026b0d6d8b2e685102c0d737801eb53fae04e658c87fc17e6794cccd2f55bf2
614297c60bfbff53402a037bf213a400949f868262ae6a410e2ffba16a56da0c
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66a7d4f7044abb2f8c0520db0144b782b69cdc0edd069da6274112c99c909903
686eae8618dbda16f40762d171a6162b2bbf607ffb162af43a3c14c1ff27d070
69a9afc84c648ca885f44eae9dd4901388d862ea0a2540be2055787425302018
7fd16f7b8b1eb0cd4721280578f80246ed39976369573ef3b86bb4cff8dee4fa
80cf4d4a0fa7dfd8ce546e188fb709b48200951ce93bfc8d3918510c4818f380
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
833e9ac3fd9706f7c5db171919041e789fa53325a0a390e8600738ebcb524e3f
8448d68d80179c72c102c0238df15d94a2a133c316acf5617d6733820be6ba41
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85856354a51b4bbd2fb9d9b290bb98355b86fb4a9a91e9ee58afe6dcf2d4ce84
872725ab6b75dd0925eb710226bf897dcccdefd630fcc954f3e73482ffebd750
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
96407784027005ef2d06ff62da38035d0102512299eb1c75f92e1e94ad1ec9a8
97d67f8c2575e19d30ae28a32bad7610849e0e56c81ca66e51178124a5c5eed2
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0ed094938010c59d84ad0a2b511cad9c6a7c932b5b9c278a818247fa374d43c
a113ab6cc8a7250b61cec8260394039a2f7b8dbfc10c4819ef4b9d42910e37ec
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a649e958f5d88e8323873e007aac43e1c238278fc48dba97d96475aa557e31dc
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adedb1ed1f21b3369c3db554035c8badce9eba628bf8c7da152591277af4ce8a
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b734d672246042ba60ac925eaf67164636d70a86bab1abf30c43438fb77d347d
ba39f6b007a5a321955fafd442d2828b0c48e31a12da0728d5ff776b5e7209e0
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd4adc276f55e1e84a2f912e31e4dd94f54242b7be8be4be8ccb873cfadd63e7
bdf57cd1cde162432a9f01e1a1c2e5991839bf1afd3dd1998fc44e52e4b1a552
c0ab3a41bbc2f4945e9386a48b633c0d7d27b4ffe35791df906370664a883646
c19afb25d4e32c9608a18507ffb2cd44bb713f106778f46860d4ef5b575aa2a8
c7c2d27d0c32f711891d2689ef49bff1d0e80d230bb0c0194876c126411f24d5
cb718ccd7cff66f7eeff301d4a3922f10946d974b41f6af4ef8238e08a9407e0
cde6f92f76606e8f3b1b8a3603259055a100d1b23ca23d399c537d2d7b6313e1
cef0a3ffb6993fc1ec7b5b67a16377ec1ec0a858b3cabb834033d7458ff0e4bc
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d7c56d672b5cae5f936dddc190ea85542c6a68e59d9a4dd1be596ce8eb2a8e3b
d8d996aaef7fdc50c9810ac57a888b1159cf0e6a120de463f97af9b726190b96
d9b097e918167b52525410a34929c2d1d5ee51ca498c64e67c2ca4cd8a7409fe
de74ef7b6de5e969d8abe77b93d58ecb3dbda2c3b478ea4dccd37f2d6a6b79a4
e1bca0a61f8ce6859e94b22c592b4b82b48ce40997aff9c6200a1985c4057e89
e377670313d0df5aea0827e47e513ec1faf566945296b9e50b2eca7c1e048527
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6916caa27ed9415578e20a90d40163590023ffa5d6f0bb78c7e4deb254d45fa
ed7287da04c2d547d61dd0b4b36c00d7172462019bdcee43cf92e8c8565e22a8
ee3d7a3b9e134f13b898d2f6ba407e2d797e1e846d86e3a1c17b64f05569236c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb4386474d27a0ab69f21348cc6f6d3817ea83dbb8382bdb947cb5b4a857306
f1e538805a70b6a9a1354ab8f8faea11eb48f668b14c6d2a62ee7670fadb23f8
f25b70045da9c2612329226b425d7aa898eb2cdfd6ae8aa308d9e143cd49f8e5
f3496bc7c277d917d35553c46ed1597a86065494cac582e42a3a1d55aedef7fb
f77582bed375bcc38f36c2b1a15e9deb97f387905b0c087a77448add795cd0c2
fa43073d3bea10c7d362f7c588b9355711218aea39736e5b189d7abc89ac4d07
facf08c34d30087f6e5280647dbfedc416da8be80594547d3e3ff23fe2ab28e6

promo.libertex.org Open in urlscan Pro 2606:4700::6811:5a0e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

115 Requests

90 %HTTPS

28 %IPv6

44 Domains

61 Subdomains

55 IPs

10 Countries

1126 kBTransfer

2618 kBSize

56 Cookies

6 Outgoing links

Redirected requests

115 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

promo.libertex.org Open in urlscan Pro
2606:4700::6811:5a0e Public Scan

Screenshot
Live screenshot

Full Image

115
Requests

90 %
HTTPS

28 %
IPv6

44
Domains

61
Subdomains

55
IPs

10
Countries

1126 kB
Transfer

2618 kB
Size

56
Cookies

115 HTTP transactions
1 data transactions