r-ext.oferting.org Open in urlscan Pro
54.246.109.21 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.tramontosender.com/ga/click/2-282777428-21-182672-357841-667396-58f1530a48-keaedb639d
Effective URL:
https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_t...
Submission: On August 02 via manual (August 2nd 2023, 5:43:22 pm UTC) from US — Scanned from DE

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 6 countries across 16 domains to perform 35 HTTP transactions. The main IP is 54.246.109.21, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is r-ext.oferting.org.
TLS certificate: Issued by R3 on July 3rd 2023. Valid for: 3 months.

This is the only time r-ext.oferting.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.81.231.80 45.81.231.80	212745 (MAILCOMMERCE) (MAILCOMMERCE)
1 1	54.246.129.40 54.246.129.40	16509 (AMAZON-02) (AMAZON-02)
3	54.246.109.21 54.246.109.21	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:223... 2600:9000:223c:4800:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
6	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 1	2600:1f18:730... 2600:1f18:730:b120:b457:20c8:7c01:8144	14618 (AMAZON-AES) (AMAZON-AES)
1	35.173.43.49 35.173.43.49	14618 (AMAZON-AES) (AMAZON-AES)
2 3	34.233.146.50 34.233.146.50	14618 (AMAZON-AES) (AMAZON-AES)
4	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (AMOBEE) (AMOBEE)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	3.120.71.129 3.120.71.129	16509 (AMAZON-02) (AMAZON-02)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	2.23.197.190 2.23.197.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	50.31.142.127 50.31.142.127	23352 (SERVERCEN...) (SERVERCENTRAL)
1	2600:1f18:ed:... 2600:1f18:ed:550f:cd9f:a47:7d97:2012	14618 (AMAZON-AES) (AMAZON-AES)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
35	18

1 45.81.231.80 (Germany) 1 redirects

ASN212745 (MAILCOMMERCE, DE)
PTR: smtp9-79.tramontosender.com

click.tramontosender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.129.40 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-129-40.eu-west-1.compute.amazonaws.com

go.oferting.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.246.109.21 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-109-21.eu-west-1.compute.amazonaws.com

r-ext.oferting.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223c:4800:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b120:b457:20c8:7c01:8144 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.173.43.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-173-43-49.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.233.146.50 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-146-50.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.71.129 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-71-129.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.23.197.190 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-197-190.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.31.142.127 (Itasca, United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:ed:550f:cd9f:a47:7d97:2012 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	liadm.com 3 redirects b-code.liadm.com — Cisco Umbrella Rank: 2962 rp.liadm.com — Cisco Umbrella Rank: 1598 rp4.liadm.com — Cisco Umbrella Rank: 6638 i.liadm.com — Cisco Umbrella Rank: 644 i6.liadm.com — Cisco Umbrella Rank: 2201	23 KB
6	facebook.net connect.facebook.net — Cisco Umbrella Rank: 170	478 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	301 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 58 region1.google-analytics.com — Cisco Umbrella Rank: 1914	21 KB
4	oferting.org 1 redirects go.oferting.org r-ext.oferting.org trac.oferting.org Failed	55 KB
3	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 861 trc.taboola.com — Cisco Umbrella Rank: 616 trc-events.taboola.com — Cisco Umbrella Rank: 1861	20 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	194 KB
2	addthis.com 1 redirects x.dlx.addthis.com — Cisco Umbrella Rank: 1555	1 KB
1	zemanta.com 1 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 564	291 B
1	mathtag.com sync.mathtag.com — Cisco Umbrella Rank: 1028	443 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 379	265 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 350	146 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 623	363 B
1	turn.com 1 redirects d.turn.com — Cisco Umbrella Rank: 1504	416 B
1	tramontosender.com 1 redirects click.tramontosender.com	621 B
0	rlcdn.com Failed idsync.rlcdn.com Failed
35	16

	Domain	Requested by
6	connect.facebook.net	r-ext.oferting.org connect.facebook.net
4	www.facebook.com	r-ext.oferting.org
3	i.liadm.com	2 redirects b-code.liadm.com
3	www.google-analytics.com	r-ext.oferting.org
3	www.googletagmanager.com	r-ext.oferting.org
3	r-ext.oferting.org	r-ext.oferting.org
2	x.dlx.addthis.com	1 redirects i.liadm.com
2	b-code.liadm.com	r-ext.oferting.org b-code.liadm.com
1	trc-events.taboola.com	cdn.taboola.com
1	i6.liadm.com	i.liadm.com
1	b1sync.zemanta.com	1 redirects
1	sync.mathtag.com	i.liadm.com
1	match.adsrvr.org	i.liadm.com
1	x.bidswitch.net	i.liadm.com
1	dis.criteo.com	i.liadm.com
1	d.turn.com	1 redirects
1	trc.taboola.com	cdn.taboola.com
1	rp4.liadm.com	r-ext.oferting.org
1	rp.liadm.com	1 redirects
1	cdn.taboola.com	r-ext.oferting.org
1	region1.google-analytics.com	www.googletagmanager.com
1	go.oferting.org	1 redirects
1	click.tramontosender.com	1 redirects
0	trac.oferting.org Failed
0	idsync.rlcdn.com Failed	i.liadm.com
35	25

This site contains no links.

Subject Issuer	Validity	Valid
r-ext.oferting.net R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
*.liadm.com Amazon RSA 2048 M02	`2023-02-28` - `2024-01-30`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh

This page contains 2 frames:

Frame: https://trac.oferting.org/of/?extclickid=_*extclickid*&emn_i=616&emn_a=3499&emn_c=398215&emn_rt=0&ol=B&emn_p=&emn_cat=10021963-9747032&term=&emn_t=9747032&ref_offer=10021963&hs=1043323120&go=https%3A%2F%2Ftrk.giordanovini.it%2Fclick%3Fpid%3D53%26offer_id%3D42%26sub2%3Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Frame ID: 2903939FC21DFC5A1C331999EA8F9F47
Requests: 27 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-00xy?s=&cim=&ps=true&ls=true&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: FBDC2E7C7444C2B3CFE846EFA6B4001C
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

World -- we are redirecting you to Giordanowines's website

Page URL History Show full URLs

https://click.tramontosender.com/ga/click/2-282777428-21-182672-357841-667396-58f1530a48-keaedb639d HTTP 302
https://go.oferting.org/1pske?vars=_vextclickid%3D_*extclickid* HTTP 302
https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

83 %
HTTPS

41 %
IPv6

16
Domains

25
Subdomains

18
IPs

6
Countries

790 kB
Transfer

2489 kB
Size

21
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.tramontosender.com/ga/click/2-282777428-21-182672-357841-667396-58f1530a48-keaedb639d HTTP 302
https://go.oferting.org/1pske?vars=_vextclickid%3D_*extclickid* HTTP 302
https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://rp.liadm.com/j?dtstmp=1690998198431&aid=a-00xy&se=e30&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&tna=v2.7.8&pu=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&wpn=lc-bundle&c=PHRpdGxlPldvcmxkIC0tIHdlIGFyZSByZWRpcmVjdGluZyB5b3UgdG8gR2lvcmRhbm93aW5lcydzIHdlYnNpdGU8L3RpdGxlPg HTTP 302
https://rp4.liadm.com/j?dtstmp=1690998198431&aid=a-00xy&se=e30&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&tna=v2.7.8&pu=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_%2Aextclickid%2A%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&wpn=lc-bundle&c=PHRpdGxlPldvcmxkIC0tIHdlIGFyZSByZWRpcmVjdGluZyB5b3UgdG8gR2lvcmRhbm93aW5lcydzIHdlYnNpdGU8L3RpdGxlPg&i6=MmEwMDpjOTg6MjAzMDphMDA0OjE6OjEz&n3pc=true

Request Chain 23

https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=576eef4f-a270-4c70-9661-e75f655c0bc2 HTTP 302
https://p.rfihub.com/cm?pub=39342&in=1&userid=c74df620-21ae-4290-8c5e-768ce6e923f4%3A1690998199.855356&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dc74df620-21ae-4290-8c5e-768ce6e923f4%253A1690998199.855356%26_%3D1690998199.8588254&cb=1690998199.8588622 HTTP 302
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5142336724501146200&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3Dc74df620-21ae-4290-8c5e-768ce6e923f4%253A1690998199.855356%26_%3D1690998199.8588254 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=c74df620-21ae-4290-8c5e-768ce6e923f4%3A1690998199.855356&_=1690998199.8588254

Request Chain 24

https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!%7BTURN_UUID%7D HTTP 302
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=3075039520027769699 HTTP 303
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@

Request Chain 28

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=576eef4f-a270-4c70-9661-e75f655c0bc2 HTTP 302
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=576eef4f-a270-4c70-9661-e75f655c0bc2&rd=Y

Request Chain 29

https://b1sync.zemanta.com/usersync/liveintent/?cb=//i.liadm.com/s/35004?bidder_id%3D98254%26bidder_uuid%3D__ZUID__ HTTP 302
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid= HTTP 303
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

35 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
r-ext.oferting.org/r/
Redirect Chain

https://click.tramontosender.com/ga/click/2-282777428-21-182672-357841-667396-58f1530a48-keaedb639d
https://go.oferting.org/1pske?vars=_vextclickid%3D_*extclickid*
https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2...

7 KB
2 KB

171ms
40ms

Document
text/html

54.246.109.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.246.109.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-109-21.eu-west-1.compute.amazonaws.com
Software: nginx/1.23.3 /
Resource Hash: 74a1fbab185f8ae02843c0980a75b2a784fbec5997ce974c6e52160b440a8ee9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 02 Aug 2023 17:43:18 GMT
Server: nginx/1.23.3
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html
Date: Wed, 02 Aug 2023 17:43:14 GMT
Keep-Alive: timeout=2, max=200
Location: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Server: Apache
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.10-1ubuntu3.48

GET
H2 200 a-00xy.min.js Show response
b-code.liadm.com/ 45 KB
15 KB 69ms
13ms Script
application/javascript 2600:9000:223c:4800:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-00xy.min.js
Requested by: Host: r-ext.oferting.org
URL: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4800:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e788c1605a7a7696de3194346ad97d950ceb2b98fdb473c534362af25ba5d2fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 04:36:29 GMT
content-encoding: gzip
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 47209
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: "public, max-age=86400"
x-amz-cf-id: X47vbQHN7_Eqbgai7HiXvmQTA-Irycc32PfWa_3GyLG9veZABCFyoA==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 54ms
22ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B5QPSJDJ8N

Requested by

Host: r-ext.oferting.org
URL: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3dbb525129ef81dc03cfa88cff5f1d08fbb7c58863e57f5bdf76f3530ec474fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 17:43:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78835
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 02 Aug 2023 17:43:18 GMT

GET
H/1.1 200
OK preload.gif
r-ext.oferting.org/images/ 18 KB
18 KB 146ms
76ms Image
image/gif 54.246.109.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r-ext.oferting.org/images/preload.gif
Requested by: Host: r-ext.oferting.org
URL: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.246.109.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-109-21.eu-west-1.compute.amazonaws.com
Software: nginx/1.23.3 /
Resource Hash: 7929082d8761c3db532e83d1630ad642747808517060e2432056f4050f4ebd9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 02 Aug 2023 17:43:18 GMT
Last-Modified: Tue, 28 Mar 2023 13:38:10 GMT
Server: nginx/1.23.3
ETag: "6422edc2-47ed"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18413

GET
H/1.1 200
OK jquery-3.3.1.min.js Show response
r-ext.oferting.org/js/ 85 KB
34 KB 69ms
68ms Script
application/javascript 54.246.109.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://r-ext.oferting.org/js/jquery-3.3.1.min.js
Requested by: Host: r-ext.oferting.org
URL: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.246.109.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-109-21.eu-west-1.compute.amazonaws.com
Software: nginx/1.23.3 /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 02 Aug 2023 17:43:18 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Mar 2023 13:38:10 GMT
Server: nginx/1.23.3
ETag: W/"6422edc2-1538f"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 59ms
16ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 02 Aug 2023 15:49:45 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6813
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 02 Aug 2023 17:49:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 210 KB
73 KB 55ms
45ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-ML8Z3ZJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2e8d6d4a89d6ad2f8b8e84ec5a2c1fb0490c6b98097702667483bbcea5debd22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 17:43:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75070
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 16:39:41 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Aug 2023 17:43:18 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 112 KB
43 KB 47ms
36ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P5VTTG9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0b47c59b70366296601fb20e179a7ee28f0083dde9fe30e2497ad94a17717c26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 17:43:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44084
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 16:39:41 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 02 Aug 2023 17:43:18 GMT

GET
H2 200 sync-container.js Show response
b-code.liadm.com/ 6 KB
3 KB 10ms
8ms Script
application/javascript 2600:9000:223c:4800:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/sync-container.js
Requested by: Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-00xy.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4800:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 03:01:58 GMT
x-amz-version-id: WIo1DFPCLgnYZuB8yv1dFIDWe1bYBj2G
content-encoding: gzip
last-modified: Tue, 10 May 2022 11:48:07 GMT
server: AmazonS3
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"ae5e94de938b0387eda6df8f20da811a"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=2592000
age: 2126480
x-amz-cf-id: ILXPnUeQy6JGG_sL3-ajxcbKSwAFtKI5kTzNh8B_RHeGU4b3Id9ukQ==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 149ms
16ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-B5QPSJDJ8N&gtm=45je37v0&_p=1694261142&cid=155294981.1690998198&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690998198&sct=1&seg=0&dl=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&dt=World%20--%20we%20are%20redirecting%20you%20to%20Giordanowines%27s%20website&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B5QPSJDJ8N
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Aug 2023 17:43:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r-ext.oferting.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 12ms
11ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1694261142&t=pageview&_s=1&dl=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&ul=en-us&de=UTF-8&dt=World%20--%20we%20are%20redirecting%20you%20to%20Giordanowines%27s%20website&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GAACAABBAAAAAAAIE~&cid=1353176176.1690998198&tid=UA-46029424-1&_gid=1868241320.1690998198&z=1243751135

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Aug 2023 07:41:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 36109
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
91 B 12ms
11ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1694261142&t=pageview&_s=1&dl=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&ul=en-us&de=UTF-8&dt=World%20--%20we%20are%20redirecting%20you%20to%20Giordanowines%27s%20website&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=4GAACAABBAAAAAAAIE~&cid=666048569.1690998198&tid=UA-2213239-17&_gid=1832907074.1690998198&cd1=9747032&cd4=10021963&cd6=World&cd7=automatic&cd9=B&cd10=616&cd11=massmarket&cd15=3499&z=1076542851

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Aug 2023 07:41:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 36109
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1192092/ 58 KB
18 KB 111ms
10ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1192092/tfa.js
Requested by: Host: r-ext.oferting.org
URL: https://r-ext.oferting.org/r/?utm_source=giordanowines&utm_medium=sopext&utm_campaign=10021963-9747032&orig=automatic&utm_term=generica&rtt=&f=0&c=massmarket&g=&partner=world&redirection=https%3A%2F%2Ftrac.oferting.org%2Fof%2F%3Fextclickid%3D_*extclickid*%26emn_i%3D616%26emn_a%3D3499%26emn_c%3D398215%26emn_rt%3D0%26ol%3DB%26emn_p%3D%26emn_cat%3D10021963-9747032%26term%3D%26emn_t%3D9747032%26ref_offer%3D10021963%26hs%3D1043323120%26go%3Dhttps%253A%252F%252Ftrk.giordanovini.it%252Fclick%253Fpid%253D53%2526offer_id%253D42%2526sub2%253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: abc5c110d2fdbd1ce166af8793f4afea5b7876566f009914ad6f9b79ffb12029

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: y6ZLLXkST4GUQP0TLtK01AkAcPzx78sR
content-encoding: gzip
via: 1.1 varnish
date: Wed, 02 Aug 2023 17:43:18 GMT
x-amz-request-id: SY1GGYZ203KE0442
age: 39
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 18371
x-amz-id-2: lVHNhHDliUoPoUYikao6X2aPPmkW2JLrJfY85aqJ0Zg2tA9URUqaD8OgUSeIVojfV6m7P+ajBeo=
x-served-by: cache-fra-eddf8230056-FRA
last-modified: Mon, 31 Jul 2023 08:53:52 GMT
server: AmazonS3
x-tbl-debug: bestatus=200,beresp=OK
x-timer: S1690998199.507919,VS0,VE1
etag: "c30d5243c417e3ac7c4c51a97c570b90"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 96
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 172 KB
47 KB 105ms
11ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c99ff58c3dc4deb821c87dc9c45aed4af66541ceb1b0f62ec208114ffc37dbf4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 02 Aug 2023 17:43:18 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47198
x-xss-protection: 0
pragma: public
x-fb-debug: mApR/a/HXt0ruuqpKCe2081FvUuMf+Y7+clM8fLd/wVblpQyMTF/LV5lxNxYREre0A4Dj2xb8qUeNDtyplPPfA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1690998198431&aid=a-00xy&se=e30&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&tna=v2.7.8&pu=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_...
https://rp4.liadm.com/j?dtstmp=1690998198431&aid=a-00xy&se=e30&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&tna=v2.7.8&pu=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm...

13 B
552 B

350ms
104ms

XHR
application/json

35.173.43.49
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1690998198431&aid=a-00xy&se=e30&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&tna=v2.7.8&pu=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_%2Aextclickid%2A%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&wpn=lc-bundle&c=PHRpdGxlPldvcmxkIC0tIHdlIGFyZSByZWRpcmVjdGluZyB5b3UgdG8gR2lvcmRhbm93aW5lcydzIHdlYnNpdGU8L3RpdGxlPg&i6=MmEwMDpjOTg6MjAzMDphMDA0OjE6OjEz&n3pc=true

Requested by

Protocol

Server

35.173.43.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-173-43-49.compute-1.amazonaws.com

Software

Resource Hash

efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 17:43:19 GMT
x-pixel-event-id: d2d7fbf3-0106-470d-bf6d-52084d29dcb5
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: DENY
vary: Origin
content-type: application/json
request-time: 0
access-control-allow-origin: null
access-control-allow-credentials: true
trace-id: de89d26b57e2799a
content-length: 13
x-xss-protection: 1; mode=block

Redirect headers

date: Wed, 02 Aug 2023 17:43:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
vary: Origin
location: https://rp4.liadm.com/j?dtstmp=1690998198431&aid=a-00xy&se=e30&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&tna=v2.7.8&pu=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_%2Aextclickid%2A%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&wpn=lc-bundle&c=PHRpdGxlPldvcmxkIC0tIHdlIGFyZSByZWRpcmVjdGluZyB5b3UgdG8gR2lvcmRhbm93aW5lcydzIHdlYnNpdGU8L3RpdGxlPg&i6=MmEwMDpjOTg6MjAzMDphMDA0OjE6OjEz&n3pc=true
access-control-allow-origin: https://r-ext.oferting.org
request-time: 0
access-control-allow-credentials: true
trace-id: c8c2db215f086d38
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 json Show response
trc.taboola.com/1192092/trc/3/ 2 KB
2 KB 41ms
23ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1192092/trc/3/json?tim=1690998198530&data=%7B%22id%22%3A459%2C%22ii%22%3A%22%2Fr%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1690998198521%2C%22cv%22%3A%2220230730-6-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dtaboolaaccount-asuvoravaemailingnetworkcom%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1690998198529%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu%22%2C%22tos%22%3A1%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1192092/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 31d2e239ca28a3b5fd2edf3b1ef11f5623e8d36520bf73f5c2f42a498bdb1dd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-vcl-time-ms: 15
date: Wed, 02 Aug 2023 17:43:18 GMT
content-encoding: gzip
via: 1.1 varnish
x-fastly-to-nlb-rtt: 7276
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-fra-eddf8230056-FRA
server: nginx
x-timer: S1690998199.552903,VS0,VE15
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 292168677891119 Show response
connect.facebook.net/signals/config/ 300 KB
87 KB 92ms
91ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/292168677891119?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e10644b03598952728ced5fec0221321c5c329c83ff23805e946daa8c85f133f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 02 Aug 2023 17:43:18 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: Ca8rmkrUJGsSRfFuzmHBcfNTJklJgxPMrPlAvIt5KKLgtVuMumztTBIbHRU3/l2hWkmLnl+T7ac0xoTap4ObSg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 881065315591403 Show response
connect.facebook.net/signals/config/ 300 KB
86 KB 87ms
87ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/881065315591403?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7ddc5cc30246d8b31516e4adbdd80bc4c0ff2d486b26fb550a08917cd1d17183

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 02 Aug 2023 17:43:18 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: EcAoAOVNpkLhSy5B7rUIdBUwhY3H9wpt2GYckHhMwVd/iawqWXBHy2vpo1ETJfIr7IhGa3Ah3KFVg/Qr8EYQAQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 500100887463371 Show response
connect.facebook.net/signals/config/ 300 KB
86 KB 90ms
90ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/500100887463371?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

40972fc0743b35d487214d86dd8b34b8fe516e7f9d4f0bd26d9b022fd3eac908

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 02 Aug 2023 17:43:18 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: UUnZDQEoa+IHiuM3ynMW2kdRTYZo+An/QggC8HuwtmcmYs9NP2A2O2pXDWyPbTNOnNNLaffNmCDJbmO6woZuKw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 307114406839177 Show response
connect.facebook.net/signals/config/ 300 KB
86 KB 69ms
69ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/307114406839177?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8e637afec35dc31c04895656d664b05e031275fc4867423984055e2e55aa3e02

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 02 Aug 2023 17:43:19 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: qaWhkKRniJUXML1/12EPVJXfSnUcFOa4KyO7BmRDUhGNrAxo3zWg7SyMMyRS8hq3uZrRXvORxg1vJ57sJd3tbw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 650226988813823 Show response
connect.facebook.net/signals/config/ 300 KB
86 KB 81ms
81ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/650226988813823?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c7fdcdc5e1da5644b2bab6217915dc5a7f25965363419af0e4183d30f27aa91f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 02 Aug 2023 17:43:19 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 1HrEKZmY/dLqo3DyDeKIMmhgsWObthydbxGVlNW0daGOdHBwgrzx6D7+2ah3pWu3UQDf/6UKPRqMtRbuCzsptQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK a-00xy Show response
i.liadm.com/s/c/ Frame FBDC 1 KB
1 KB 468ms
120ms Document
text/html 34.233.146.50
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://i.liadm.com/s/c/a-00xy?s=&cim=&ps=true&ls=true&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Requested by

Host: b-code.liadm.com
URL: https://b-code.liadm.com/sync-container.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.233.146.50 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-233-146-50.compute-1.amazonaws.com

Software

Resource Hash

20927b5c7dcff25c2c2d266a44789776d8eab6a5cb2b9ab6d908dc822236ccb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://r-ext.oferting.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 683
Content-Type: text/html; charset=UTF-8
Date: Wed, 02 Aug 2023 17:43:19 GMT
Request-Time: 15
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 30ms
9ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=292168677891119&ev=PageView&dl=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&rl=&if=false&ts=1690998199122&sw=1600&sh=1200&v=2.9.120&r=stable&ec=0&o=30&fbp=fb.1.1690998199121.1699719882&it=1690998198558&coo=false&tm=1&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 02 Aug 2023 17:43:19 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 30ms
9ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=307114406839177&ev=PageView&dl=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&rl=&if=false&ts=1690998199124&sw=1600&sh=1200&v=2.9.120&r=stable&ec=0&o=30&fbp=fb.1.1690998199121.1699719882&it=1690998198558&coo=false&tm=1&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 02 Aug 2023 17:43:19 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET

501709.gif
idsync.rlcdn.com/ Frame FBDC
Redirect Chain

https://live.rezync.com/sync?c=0aa2530f29e4f4a05b5d5d9bb35d60c2&p=93c1662463a616a7155169889dd99651&pid=576eef4f-a270-4c70-9661-e75f655c0bc2
https://p.rfihub.com/cm?pub=39342&in=1&userid=c74df620-21ae-4290-8c5e-768ce6e923f4%3A1690998199.855356&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3Dc74df620-21ae-4290-8c5e-768ce6e9...
https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5142336724501146200&referrer={encSite}&forward=https%3A%2F%2Fidsync.rlcdn.com%2F501709.gif%3Fpartner_uid%3Dc74df620-21ae-4290-8c...
https://idsync.rlcdn.com/501709.gif?partner_uid=c74df620-21ae-4290-8c5e-768ce6e923f4%3A1690998199.855356&_=1690998199.8588254

0
0

GET
H2

200

usersync.aspx
dis.criteo.com/dis/ Frame FBDC
Redirect Chain

https://d.turn.com/r/dd/id/L21rdC8xOTcxL2NpZC8xNzQ5ODczMjc1L3QvMg/url/https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=$!%7BTURN_UUID%7D
https://i.liadm.com/s/53233?bidder_id=183658&bidder_uuid=3075039520027769699
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@

43 B
363 B

87ms
15ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@

Requested by

Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00xy?s=&cim=&ps=true&ls=true&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 02 Aug 2023 17:43:19 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 209184
expires: Wed, 02 Aug 2023 00:00:00 GMT

Redirect headers

Location: https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Date: Wed, 02 Aug 2023 17:43:19 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

GET
H2 200 syncd
x.bidswitch.net/ Frame FBDC 43 B
146 B 315ms
12ms Image
image/gif 3.120.71.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=576eef4f-a270-4c70-9661-e75f655c0bc2&redir=//i.liadm.com/s/52176?bidder_id%3D5298%26bidder_uuid%3D$%7BBSW_UID%7D
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00xy?s=&cim=&ps=true&ls=true&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.71.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-71-129.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 17:43:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame FBDC 70 B
265 B 101ms
32ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1&gdpr=0
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00xy?s=&cim=&ps=true&ls=true&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 02 Aug 2023 17:43:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK img
sync.mathtag.com/sync/ Frame FBDC 43 B
443 B 62ms
18ms Image
image/gif 185.29.134.244
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/sync/img?mt_exid=36&576eef4f-a270-4c70-9661-e75f655c0bc2
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00xy?s=&cim=&ps=true&ls=true&duid=0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.244 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 1031 59fd23a master cdg cdg-pixel-x28 config_version:"1438" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 02 Aug 2023 17:43:19 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x28 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 43
Expires: Wed, 02 Aug 2023 17:43:18 GMT

GET
H2

200

live_intent_sync
x.dlx.addthis.com/e/ Frame FBDC
Redirect Chain

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=576eef4f-a270-4c70-9661-e75f655c0bc2
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=576eef4f-a270-4c70-9661-e75f655c0bc2&rd=Y

43 B
595 B

148ms
148ms

Image
image/gif

2.23.197.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=576eef4f-a270-4c70-9661-e75f655c0bc2&rd=Y

Requested by

Protocol

Server

2.23.197.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-197-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 02 Aug 2023 17:43:20 GMT
pragma: no-cache
date: Wed, 02 Aug 2023 17:43:20 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.dlx.addthis.com/e/live_intent_sync?na_exid=576eef4f-a270-4c70-9661-e75f655c0bc2&rd=Y
pragma: no-cache
date: Wed, 02 Aug 2023 17:43:20 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Wed, 02 Aug 2023 17:43:20 GMT

GET
H/1.1

200
OK

35004
i6.liadm.com/s/ Frame FBDC
Redirect Chain

https://b1sync.zemanta.com/usersync/liveintent/?cb=//i.liadm.com/s/35004?bidder_id%3D98254%26bidder_uuid%3D__ZUID__
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

43 B
548 B

439ms
103ms

Image
image/gif

2600:1f18:ed:550f:cd9f:a47:7d97:2012
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:ed:550f:cd9f:a47:7d97:2012 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Wed, 02 Aug 2023 17:43:20 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
Date: Wed, 02 Aug 2023 17:43:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 1

GET
H2 204 unip Show response
trc-events.taboola.com/1192092/log/3/ 0
249 B 106ms
14ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1192092/log/3/unip?en=pre_d_eng_tb&tos=1552&scd=0&ssd=1&est=1690998198527&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1690998200080&vi=1690998198521&ri=76ddc9f471054a6ee51946cbe176530e&ref=null&cv=20230730-6-RELEASE&item-url=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&ler=other
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1192092/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: https://r-ext.oferting.org
pragma: no-cache
date: Wed, 02 Aug 2023 17:43:20 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 8ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=292168677891119&ev=Microdata&dl=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&rl=&if=false&ts=1690998200625&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22World%20--%20we%20are%20redirecting%20you%20to%20Giordanowines%27s%20website%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.120&r=stable&ec=1&o=30&fbp=fb.1.1690998199121.1699719882&it=1690998198558&coo=false&es=automatic&tm=3&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 02 Aug 2023 17:43:20 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 7ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=307114406839177&ev=Microdata&dl=https%3A%2F%2Fr-ext.oferting.org%2Fr%2F%3Futm_source%3Dgiordanowines%26utm_medium%3Dsopext%26utm_campaign%3D10021963-9747032%26orig%3Dautomatic%26utm_term%3Dgenerica%26rtt%3D%26f%3D0%26c%3Dmassmarket%26g%3D%26partner%3Dworld%26redirection%3Dhttps%253A%252F%252Ftrac.oferting.org%252Fof%252F%253Fextclickid%253D_*extclickid*%2526emn_i%253D616%2526emn_a%253D3499%2526emn_c%253D398215%2526emn_rt%253D0%2526ol%253DB%2526emn_p%253D%2526emn_cat%253D10021963-9747032%2526term%253D%2526emn_t%253D9747032%2526ref_offer%253D10021963%2526hs%253D1043323120%2526go%253Dhttps%25253A%25252F%25252Ftrk.giordanovini.it%25252Fclick%25253Fpid%25253D53%252526offer_id%25253D42%252526sub2%25253Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu&rl=&if=false&ts=1690998200627&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22World%20--%20we%20are%20redirecting%20you%20to%20Giordanowines%27s%20website%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.120&r=stable&ec=1&o=30&fbp=fb.1.1690998199121.1699719882&it=1690998198558&coo=false&es=automatic&tm=3&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r-ext.oferting.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 02 Aug 2023 17:43:20 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET /
trac.oferting.org/of/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: idsync.rlcdn.com
URL: https://idsync.rlcdn.com/501709.gif?partner_uid=c74df620-21ae-4290-8c5e-768ce6e923f4%3A1690998199.855356&_=1690998199.8588254

Domain: trac.oferting.org
URL: https://trac.oferting.org/of/?extclickid=_*extclickid*&emn_i=616&emn_a=3499&emn_c=398215&emn_rt=0&ol=B&emn_p=&emn_cat=10021963-9747032&term=&emn_t=9747032&ref_offer=10021963&hs=1043323120&go=https%3A%2F%2Ftrk.giordanovini.it%2Fclick%3Fpid%3D53%26offer_id%3D42%26sub2%3Daaaaaiiiiooooooooonnnnnnnnccccccuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
r-ext.oferting.org/r	1970-01-20 13:43:18	Name: _liChk Value: 0.4454755436921505
i.liadm.com/s	1970-01-20 14:26:30	Name: _li_ss Value: CkgKBQgKENcVCgYI3QEQ2RUKBQgGENcVCgYIgQEQ1xUKBgiiARDXFQoJCP____8HEOEVCgUICxDXFQoGCIsBENcVCgYI0gEQ1xU
i6.liadm.com/s	1970-01-20 14:26:30	Name: _li_ss Value: CgA
.oferting.org/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .oferting.org
.oferting.org/	1970-01-20 23:19:18	Name: _lc2_fpi Value: 0d3d1fb3a190--01h6vnhm13f71c1h34bkqswjwz
.oferting.org/	1970-01-20 23:19:18	Name: _ga Value: GA1.1.155294981.1690998198
.oferting.org/	1970-01-20 23:19:18	Name: _ga_B5QPSJDJ8N Value: GS1.1.1690998198.1.0.1690998198.0.0.0
.liadm.com/	1970-01-20 23:19:18	Name: lidid Value: 576eef4f-a270-4c70-9661-e75f655c0bc2
.oferting.org/	1970-01-20 15:52:54	Name: _fbp Value: fb.1.1690998199121.1699719882
.turn.com/	1970-01-20 18:02:30	Name: uid Value: 3075039520027769699
.rezync.com/	1970-01-20 18:02:30	Name: zync-uuid Value: c74df620-21ae-4290-8c5e-768ce6e923f4:1690998199.855356
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_wXBwRGAMAgEwI_t4ACBC2c3TkIKsXJ3vwtrxj5wFbe3JZwqtbJlolaj6ePEY6CSZeRdmSPxA5ky8-w5AAAA
.rfihub.com/	1970-01-20 23:04:54	Name: eud Value: H4sIAAAAAAAA_13IsRGAMAwEsAmoMoc5x4kfP9twwRmIkpJJaagopatgbP2cMBWrR0o3qsTwlA0xEklrs-8VVDIquYZ7c9xl-c5UFfb8_AKQ5xAXWQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3MjE1MDQ0MTMyMBDiM9StynQvqQrLyE7O9_AHAIn6omMlAAAA
.rfihub.com/	1970-01-20 23:04:54	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3MjE1MDQ0MTMyMBDiM9StynQvqQrLyE7O9_AHAIn6omMlAAAA
.addthis.com/	1970-01-20 23:13:32	Name: na_id Value: 2023080217432000054067224064
.addthis.com/	1970-01-20 23:13:32	Name: na_tc Value: Y
.addthis.com/	1970-01-20 23:13:32	Name: uid Value: 64ca95b8d784859c
.addthis.com/	1970-01-20 23:13:32	Name: ouid Value: 64ca95b80001b43c0b169cb968b105321001897a7a64cba9036e
live.rezync.com/	1970-01-20 18:02:30	Name: sd-session-id Value: .eJwNyksOwyAMANG7eB0qPrbBXCaKiCOhNrQK6aZR7l6WozcXzB899qVpOyGfx1cnKK86qkO-oNffrk_IQA59CBw9knUO2VsL9wRde6_vNtd1PCXiug0x3i1q0Is1qZCayKkoq_iwYXYsViQ5kUciCsRw_wGAOCVF.ZMqVuA.riX6gL4ElIjkgMTXRlNfpFcO-hc
.dlx.addthis.com/	1970-01-20 14:26:30	Name: na_sc_x Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b-code.liadm.com
b1sync.zemanta.com
cdn.taboola.com
click.tramontosender.com
connect.facebook.net
d.turn.com
dis.criteo.com
go.oferting.org
i.liadm.com
i6.liadm.com
idsync.rlcdn.com
match.adsrvr.org
r-ext.oferting.org
region1.google-analytics.com
rp.liadm.com
rp4.liadm.com
sync.mathtag.com
trac.oferting.org
trc-events.taboola.com
trc.taboola.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
x.bidswitch.net
x.dlx.addthis.com
idsync.rlcdn.com
trac.oferting.org
141.226.228.48
151.101.129.44
178.250.1.9
185.29.134.244
2.23.197.190
2001:4860:4802:32::36
2001:678:cb4:bbbb::13
2600:1f18:730:b120:b457:20c8:7c01:8144
2600:1f18:ed:550f:cd9f:a47:7d97:2012
2600:9000:223c:4800:8:8845:1500:93a1
2a00:1450:4001:810::2008
2a00:1450:4001:830::200e
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.120.71.129
3.33.220.150
34.233.146.50
35.173.43.49
45.81.231.80
50.31.142.127
54.246.109.21
54.246.129.40
0b47c59b70366296601fb20e179a7ee28f0083dde9fe30e2497ad94a17717c26
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
20927b5c7dcff25c2c2d266a44789776d8eab6a5cb2b9ab6d908dc822236ccb1
2e8d6d4a89d6ad2f8b8e84ec5a2c1fb0490c6b98097702667483bbcea5debd22
31d2e239ca28a3b5fd2edf3b1ef11f5623e8d36520bf73f5c2f42a498bdb1dd7
3dbb525129ef81dc03cfa88cff5f1d08fbb7c58863e57f5bdf76f3530ec474fd
40972fc0743b35d487214d86dd8b34b8fe516e7f9d4f0bd26d9b022fd3eac908
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
74a1fbab185f8ae02843c0980a75b2a784fbec5997ce974c6e52160b440a8ee9
7929082d8761c3db532e83d1630ad642747808517060e2432056f4050f4ebd9a
7ddc5cc30246d8b31516e4adbdd80bc4c0ff2d486b26fb550a08917cd1d17183
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e637afec35dc31c04895656d664b05e031275fc4867423984055e2e55aa3e02
abc5c110d2fdbd1ce166af8793f4afea5b7876566f009914ad6f9b79ffb12029
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c7fdcdc5e1da5644b2bab6217915dc5a7f25965363419af0e4183d30f27aa91f
c99ff58c3dc4deb821c87dc9c45aed4af66541ceb1b0f62ec208114ffc37dbf4
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e10644b03598952728ced5fec0221321c5c329c83ff23805e946daa8c85f133f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e788c1605a7a7696de3194346ad97d950ceb2b98fdb473c534362af25ba5d2fa
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

r-ext.oferting.org Open in urlscan Pro 54.246.109.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

35 Requests

83 %HTTPS

41 %IPv6

16 Domains

25 Subdomains

18 IPs

6 Countries

790 kBTransfer

2489 kBSize

21 Cookies

0 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

r-ext.oferting.org Open in urlscan Pro
54.246.109.21 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

83 %
HTTPS

41 %
IPv6

16
Domains

25
Subdomains

18
IPs

6
Countries

790 kB
Transfer

2489 kB
Size

21
Cookies

35 HTTP transactions
0 data transactions