seashell-appcvrtfgujikol-l44cy.ondigitalocean.app Open in urlscan Pro
172.66.0.96 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.lowes.comlowes.com/credit
Effective URL:
https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Submission: On October 12 via api (October 12th 2023, 10:29:53 am UTC) from US — Scanned from DE

Summary HTTP 58 Redirects Behaviour Indicators

Summary

This website contacted 21 IPs in 4 countries across 18 domains to perform 58 HTTP transactions. The main IP is 172.66.0.96, located in and belongs to . The main domain is seashell-appcvrtfgujikol-l44cy.ondigitalocean.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 17th 2023. Valid for: a year.

This is the only time seashell-appcvrtfgujikol-l44cy.ondigitalocean.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tech Support Scam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
3	159.69.42.212 159.69.42.212	24940 (HETZNER-AS) (HETZNER-AS)
2	216.58.212.170 216.58.212.170	15169 (GOOGLE) (GOOGLE)
1	78.46.152.77 78.46.152.77	24940 (HETZNER-AS) (HETZNER-AS)
8	142.250.186.40 142.250.186.40	15169 (GOOGLE) (GOOGLE)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	147.135.143.184 147.135.143.184	16276 (OVH) (OVH)
4	216.239.36.178 216.239.36.178	15169 (GOOGLE) (GOOGLE)
1	143.204.98.76 143.204.98.76	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.13.155 142.250.13.155	15169 (GOOGLE) (GOOGLE)
1	142.250.185.234 142.250.185.234	15169 (GOOGLE) (GOOGLE)
2	167.233.8.197 167.233.8.197	24940 (HETZNER-AS) (HETZNER-AS)
1 1	173.239.53.32 173.239.53.32	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1	109.206.182.60 109.206.182.60	50245 (SERVEREL-AS) (SERVEREL-AS)
2 2	94.130.197.240 94.130.197.240	24940 (HETZNER-AS) (HETZNER-AS)
2 2	62.122.168.42 62.122.168.42	50245 (SERVEREL-AS) (SERVEREL-AS)
1 1	119.18.54.70 119.18.54.70	() ()
18	172.66.0.96 172.66.0.96	() ()
1	151.101.130.137 151.101.130.137	() ()
1	2a00:1450:400... 2a00:1450:4001:80f::2008	() ()
1	195.201.57.90 195.201.57.90	() ()
58	21

3 159.69.42.212 (Nuremberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.212.42.69.159.clients.your-server.de

www.lowes.comlowes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.46.152.77 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: dedi4171.your-server.de

static.traffic.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.135.143.184 (Villeurbanne, France)

ASN16276 (OVH, FR)

track.traffic.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.239.36.178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-76.fra50.r.cloudfront.net

static.trafficclub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.13.155 (Oxford, United States)

ASN15169 (GOOGLE, US)
PTR: we-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.233.8.197 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.197.8.233.167.clients.your-server.de

track.vcdc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.239.53.32 (United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

xml-v4.maidenvalve2.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.206.182.60 (United States)

ASN50245 (SERVEREL-AS, US)
PTR: 109.206.182.60.serverel.net

cadrctlnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.130.197.240 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.240.197.130.94.clients.your-server.de

mcpuwpush.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.122.168.42 (United States) 2 redirects

ASN50245 (SERVEREL-AS, US)
PTR: 62.122.168.42.serverel.net

kts.vasstycom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 119.18.54.70 (None, ) 1 redirects

ASN- ()

duulikeme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 172.66.0.96 (None, )

ASN- ()

seashell-appcvrtfgujikol-l44cy.ondigitalocean.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (None, )

ASN- ()

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (None, )

ASN- ()

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.201.57.90 (None, )

ASN- ()

ipwho.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	ondigitalocean.app seashell-appcvrtfgujikol-l44cy.ondigitalocean.app	68 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	248 KB
7	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42 region1.google-analytics.com Failed	21 KB
3	traffic.club static.traffic.club track.traffic.club	50 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49 ajax.googleapis.com — Cisco Umbrella Rank: 405	31 KB
3	comlowes.com www.lowes.comlowes.com	171 KB
2	vasstycom.com 2 redirects kts.vasstycom.com — Cisco Umbrella Rank: 80471	736 B
2	mcpuwpush.com 2 redirects mcpuwpush.com — Cisco Umbrella Rank: 107470	3 KB
2	vcdc.com track.vcdc.com — Cisco Umbrella Rank: 971735	2 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1183	87 KB
2	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214 stats.g.doubleclick.net — Cisco Umbrella Rank: 98	1011 B
1	ipwho.is ipwho.is	997 B
1	jquery.com code.jquery.com	27 KB
1	duulikeme.com 1 redirects duulikeme.com	152 B
1	cadrctlnk.com cadrctlnk.com — Cisco Umbrella Rank: 210748	2 KB
1	maidenvalve2.online 1 redirects xml-v4.maidenvalve2.online	195 B
1	gstatic.com fonts.gstatic.com	25 KB
1	trafficclub.com static.trafficclub.com	3 KB
58	18

	Domain	Requested by
18	seashell-appcvrtfgujikol-l44cy.ondigitalocean.app	cadrctlnk.com seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
9	www.googletagmanager.com	www.lowes.comlowes.com www.google-analytics.com seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
7	www.google-analytics.com	www.lowes.comlowes.com www.google-analytics.com www.googletagmanager.com
3	www.lowes.comlowes.com	www.lowes.comlowes.com
2	kts.vasstycom.com	2 redirects
2	mcpuwpush.com	2 redirects
2	track.vcdc.com	static.trafficclub.com track.vcdc.com
2	track.traffic.club	static.traffic.club static.trafficclub.com
2	maxcdn.bootstrapcdn.com	www.lowes.comlowes.com maxcdn.bootstrapcdn.com
2	fonts.googleapis.com	www.lowes.comlowes.com
1	ipwho.is	seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
1	code.jquery.com	seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
1	duulikeme.com	1 redirects
1	cadrctlnk.com	track.vcdc.com
1	xml-v4.maidenvalve2.online	1 redirects
1	ajax.googleapis.com	static.trafficclub.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	fonts.gstatic.com	fonts.googleapis.com
1	static.trafficclub.com	www.lowes.comlowes.com
1	securepubads.g.doubleclick.net	www.lowes.comlowes.com
1	static.traffic.club	www.lowes.comlowes.com
0	region1.google-analytics.com Failed	www.googletagmanager.com
58	22

This site contains no links.

Subject Issuer	Validity	Valid
sni-support-required-for-valid-ssl sni-support-required-for-valid-ssl	`2018-07-23` - `2028-07-20`	10 years	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
static.traffic.club Encryption Everywhere DV TLS CA - G2	`2023-03-15` - `2024-03-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
track.traffic.club GlobeSSL DV CA	`2022-11-09` - `2023-12-10`	a year	crt.sh
static.trafficclub.com Amazon RSA 2048 M01	`2022-12-12` - `2024-01-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
track.vcdc.com GlobeSSL DV CA	`2023-10-10` - `2024-10-21`	a year	crt.sh
cadrctlnk.com R3	`2023-08-01` - `2023-10-30`	3 months	crt.sh
ondigitalocean.app Cloudflare Inc ECC CA-3	`2023-09-17` - `2024-09-16`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
ipwho.is GoGetSSL ECC DV CA	`2023-04-05` - `2024-04-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Frame ID: AF95A44549E06ACE03D46254F95C751D
Requests: 60 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.lowes.comlowes.com/credit Page URL
https://track.vcdc.com/proceed.php?domain=comlowes.com&hash=cb92e0d97980185d522bb2ac9b374eba&u=eyJk... Page URL
https://track.vcdc.com/beam.php?tcid=&target=aHR0cDovL3htbC12NC5tYWlkZW52YWx2ZTIub25saW5lL2NsaWNrP2... Page URL
http://xml-v4.maidenvalve2.online/click?i=5yNZc3o5aEw_0 HTTP 302
https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021 Page URL
https://mcpuwpush.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoic... HTTP 302
https://mcpuwpush.com/popunder/in/click/?mid=8079290684998042077&pid=0&site=374884&sc=DE&usage_typ... HTTP 302
https://kts.vasstycom.com/in/769/?katds_ep=0Cu3O0AH76cw8jPDvsUZFV2X3s5HyU-L7KLk-fsYPUSfQy4_DEUWzttdTrb... HTTP 302
https://kts.vasstycom.com/in/d/?site=cadrctlnk.com&p=http://cadrctlnk.com&ad_tags=&tds_min_pr=0.036933... HTTP 302
https://duulikeme.com/doulike/index.php HTTP 302
https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

58
Requests

88 %
HTTPS

13 %
IPv6

18
Domains

22
Subdomains

21
IPs

4
Countries

738 kB
Transfer

1545 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.lowes.comlowes.com/credit Page URL
https://track.vcdc.com/proceed.php?domain=comlowes.com&hash=cb92e0d97980185d522bb2ac9b374eba&u=eyJkb21haW4iOiJjb21sb3dlcy5jb20iLCJkb21haW5faWQiOiIxNzMyNjYyIiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNzEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxMjgiLCJ0YXJnZXQiOiJodHRwOlwvXC94bWwtdjQubWFpZGVudmFsdmUyLm9ubGluZVwvY2xpY2s/aT01eU5aYzNvNWFFd18wIiwiaXBfYWRkcmVzcyI6IjE3Ni4xMTUuMjM3Ljc0IiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOiIwLjAwMDA3In0= Page URL
https://track.vcdc.com/beam.php?tcid=&target=aHR0cDovL3htbC12NC5tYWlkZW52YWx2ZTIub25saW5lL2NsaWNrP2k9NXlOWmMzbzVhRXdfMA==&hash=8df8d3dd68c1b880a1d274ed9636dbb6&m=MTcx Page URL
http://xml-v4.maidenvalve2.online/click?i=5yNZc3o5aEw_0 HTTP 302
https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021 Page URL
https://mcpuwpush.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxMTg3Njc4MDIxIiwic3NwIjozNzU4LCJzcG90X2lkIjozNzQ4ODQsInJjaGFuZ2UiOmZhbHNlfX1dLCJzaXRlIjp7ImlkIjoiMzc0ODg0IiwicGFnZSI6Imh0dHBzOi8vY2FkcmN0bG5rLmNvbS9pbi9wLz9zcG90X2lkPTM3NDg4NCZjYXQ9MjUmc3ViX2lkPTExODc2NzgwMjEiLCJjYXQiOlsiSUFCMjUiXX0sImRldmljZSI6eyJ3IjoxNjAwLCJoIjoxMjAwfSwidXNlciI6eyJpZCI6IjM3NDdwcWNmOThuaThzcDF0ZjZ3cmQifSwiZXh0Ijp7ImR0IjoxNjk3MTA2NTg4NjM4fX0= HTTP 302
https://mcpuwpush.com/popunder/in/click/?mid=8079290684998042077&pid=0&site=374884&sc=DE&usage_type=DCH&subid=1187678021&sid=0&cid=14701&price=0&is_cpm=1&cpm=0.0369334091683219&ecpm=0.033&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=cadrctlnk.com&hostname=auc-popunder-hz-0&site_id=0&spot_id=374884&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=http%3A%2F%2Ftcimp.zog.link%2Fin%2Fwin%3Fkatds_ep%3Dyujc_hfa6mMHxw_fcF_uyK9NO7Kqni5Wa88DcqKcsWkUU33UQZmgjLemcxStxAmj3XQTLVnPAEu8lVrTajkBCNpBWi7P6ka--8ieIGnc6OOgE_zg_uycK0FN0mzzfJ05K7D39zLQknSBOkj5dtgRlr0eS8vlB-Vf8q9IsC_uOMnqoXt2im5YQDZURey_Hgq7GEjwmJF91WOpM2Pyei1bxlMFrgsRsnF2FJMuQ1mjsqaqN_wgwl4Po3r20cSgzoPFN607j9N5q-Bjnmlczk9Hol_2vQnsW6KIoi0ce3Lt6QQ8dKFiOvsfr2YV0vflrlo_1TBphyRFnzhLiy4vI0VbcaU5ENgFoQ&pop_winurl=&ip=176.115.237.74&testab=&px_id=374884&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.03357582651665627&placement_type_id=7&skin_test=&verify_hash=622cc6be6b5dd0b15f554170e98c25e8&score=407.7036836910328&durl=&ml=&tag_ab=&original_bid=1.80625&user_fp=0&v2=0&pop_type=0&space_id=1095&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.0028995&url=https%3A%2F%2Fkts.vasstycom.com%2Fin%2F769%2F%3Fkatds_ep%3D0Cu3O0AH76cw8jPDvsUZFV2X3s5HyU-L7KLk-fsYPUSfQy4_DEUWzttdTrbS_epSA7HrUrtfPyHWz-oa9Gga6KLzHgDlbB1VnDDF-lP0TuLeeYkgUhVxPI7Omi6yLKRF13NdzS9f8wRiRaMa6y0TOajjyI2p8Opd8UMtyb0bIsfMzS-pOXrI8htv2b_GErchO_JSVO0O6GiDGZkW1XLxcrAmTwDGCSXh1TSLXVdZmFBetdLE3T66tzaYX1iKbJTBnoI6ulvFZxu5h2l86ZbZRrJqv9H0PEVqcUO3m_HJvzk3pfa8T1DWapAU04YGLok3OPTiMmGDdNF01bIs7J95bkRSciPRYwC_ydE2h8CpopA_HAQXq8zpzo4WAyopva89lU15138_r-JPxeYWt1hIkKSfxsvfJ7tp_bHxmm-CuSOzHnj4xm38yeiFb6X0kZrUhlAknWpF3ZU66spKQm3N6GNikj-ay0dv8sSHt0ydBrRDLlNWClAwHWkppDeKqnlJsdkxNiucAP9GG55YTf5QS3UtZ-nynK-HK8Ge9twvVB8oO_3Rm2r4v3d-KSWt14q0frIsjW2dmLCtuLkglH7w5sEY3_k79MniEwAiLvKuTctZzam4mrKxuVWR0PTEriJaub7UevZNya2U_PjmDxN9yLQk_SVJaxp_Z-0TdgWPHUKuCu9ZaCTXXb0bT24Tjbt9xZSrp8NGia-hTDGkHrPQv8vkQGrPiszzM6QMkawkItYXACSSNj71TjsLdqQ0QhNEgPCqlASdZ7wvcjBmdhcqyicxxH0R-sYDgbe_XKzX8JnARelOQGf5DSR_S7vMzuB3BN-vUB3mnvor-sMHNxVHVdOkBzNaHNOIuSkBkQIl-HQ6SGLBk-c0CZVib2y_-DAffjPyYSzW1w0W9UZAoQix1GP4aUQONDzURLRVJcOxyfNNnSMYm7-17ThJQyiZiGuYmlsx7uwH8bY-JFucJ9R6h5s8D9J99qK7KEvUICGgqAVpfx4jY0V4Pnl3VzsMWMEz4HGADXqPAG43yIBk-9PdFy-isv6V226YKtpbZmtOvJAFPJu9XyZ1qCvFfSOxRjUoqzrbVx1xBF0uo0s%26bid%3D0.0369334091683219&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=1&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=164610&scroll_percent=0&empty_clicks=0&aid=2022&comeback=&capping=0&session_time=0&click_x=0&click_y=0&high_freq_clicks=0&dev_console_activity=0 HTTP 302
https://kts.vasstycom.com/in/769/?katds_ep=0Cu3O0AH76cw8jPDvsUZFV2X3s5HyU-L7KLk-fsYPUSfQy4_DEUWzttdTrbS_epSA7HrUrtfPyHWz-oa9Gga6KLzHgDlbB1VnDDF-lP0TuLeeYkgUhVxPI7Omi6yLKRF13NdzS9f8wRiRaMa6y0TOajjyI2p8Opd8UMtyb0bIsfMzS-pOXrI8htv2b_GErchO_JSVO0O6GiDGZkW1XLxcrAmTwDGCSXh1TSLXVdZmFBetdLE3T66tzaYX1iKbJTBnoI6ulvFZxu5h2l86ZbZRrJqv9H0PEVqcUO3m_HJvzk3pfa8T1DWapAU04YGLok3OPTiMmGDdNF01bIs7J95bkRSciPRYwC_ydE2h8CpopA_HAQXq8zpzo4WAyopva89lU15138_r-JPxeYWt1hIkKSfxsvfJ7tp_bHxmm-CuSOzHnj4xm38yeiFb6X0kZrUhlAknWpF3ZU66spKQm3N6GNikj-ay0dv8sSHt0ydBrRDLlNWClAwHWkppDeKqnlJsdkxNiucAP9GG55YTf5QS3UtZ-nynK-HK8Ge9twvVB8oO_3Rm2r4v3d-KSWt14q0frIsjW2dmLCtuLkglH7w5sEY3_k79MniEwAiLvKuTctZzam4mrKxuVWR0PTEriJaub7UevZNya2U_PjmDxN9yLQk_SVJaxp_Z-0TdgWPHUKuCu9ZaCTXXb0bT24Tjbt9xZSrp8NGia-hTDGkHrPQv8vkQGrPiszzM6QMkawkItYXACSSNj71TjsLdqQ0QhNEgPCqlASdZ7wvcjBmdhcqyicxxH0R-sYDgbe_XKzX8JnARelOQGf5DSR_S7vMzuB3BN-vUB3mnvor-sMHNxVHVdOkBzNaHNOIuSkBkQIl-HQ6SGLBk-c0CZVib2y_-DAffjPyYSzW1w0W9UZAoQix1GP4aUQONDzURLRVJcOxyfNNnSMYm7-17ThJQyiZiGuYmlsx7uwH8bY-JFucJ9R6h5s8D9J99qK7KEvUICGgqAVpfx4jY0V4Pnl3VzsMWMEz4HGADXqPAG43yIBk-9PdFy-isv6V226YKtpbZmtOvJAFPJu9XyZ1qCvFfSOxRjUoqzrbVx1xBF0uo0s&bid=0.0369334091683219 HTTP 302
https://kts.vasstycom.com/in/d/?site=cadrctlnk.com&p=http://cadrctlnk.com&ad_tags=&tds_min_pr=0.0369334091683219&ic=IAB25&auid=8079290684998042077&related_score=100&bidding_price=1.80625&fromtc=36&ad_sub=536679142&tt=100&ts=0&sid=550&cid=164610&sp=0.0369334091683219&tcbc_b=0.0369334091683219&utm1=tcb&utm2=1322730372-100&utm3=550-164610-&utm4=63-12273210-0&click_id=2700e1eb-2f7d-4496-9023-4a9d8a98c750&user_id=10951352387998083061&idzone=3 HTTP 302
https://duulikeme.com/doulike/index.php HTTP 302
https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

http://xml-v4.maidenvalve2.online/click?i=5yNZc3o5aEw_0 HTTP 302
https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021

58 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 credit Show response
www.lowes.comlowes.com/ 9 KB
4 KB 160ms
49ms Document
text/html 159.69.42.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.69.42.212 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.212.42.69.159.clients.your-server.de

Software

openresty /

Resource Hash

69758b74d4aca288e58c2536acd3313fd59356da245b7dedf9ed0ab4d99d3007

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=utf8
date: Thu, 12 Oct 2023 10:24:39 GMT
server: openresty
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 1 KB
838 B 348ms
19ms Stylesheet
text/css 216.58.212.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f10.1e100.net

Software

ESF /

Resource Hash

2e120707b7a0de913a32da3e779b975bd342672ca68c9aa373029f38c90cfb56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 12 Oct 2023 10:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 12 Oct 2023 09:20:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 12 Oct 2023 10:29:46 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
481 B 348ms
19ms Stylesheet
text/css 216.58.212.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Neucha|Cabin+Sketch

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f10.1e100.net

Software

ESF /

Resource Hash

e0ae0198f37f94156d1037964e86bdf5c7ff409da9c9de789ab72cb0cedc4d6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 12 Oct 2023 10:29:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 12 Oct 2023 10:29:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 12 Oct 2023 10:29:46 GMT

GET
H2 200 feed.js Show response
static.traffic.club/ 13 KB
14 KB 67ms
19ms Script
application/javascript 78.46.152.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static.traffic.club/feed.js
Requested by: Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 78.46.152.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: dedi4171.your-server.de
Software: Apache /
Resource Hash: 23bec1376312be873fdff35109bd4f2499f0fb8ee7742b3caf8eef22e9b96ae8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:45 GMT
last-modified: Thu, 16 Feb 2023 09:01:25 GMT
server: Apache
accept-ranges: bytes
etag: "35a1-5f4cd71024340"
content-length: 13729
content-type: application/javascript

GET
H2 200 banner_ads.js Show response
www.lowes.comlowes.com/ 111 B
326 B 22ms
22ms Script
application/javascript 159.69.42.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lowes.comlowes.com/banner_ads.js
Requested by: Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.69.42.212 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.212.42.69.159.clients.your-server.de
Software: openresty /
Resource Hash: 4aa355b64f75bc8293836eb2ca7ff4a0d7230f361c2e9b1b2d7394ac7c540f90

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/credit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: public
date: Thu, 12 Oct 2023 10:24:39 GMT
last-modified: Thu, 26 Sep 2019 08:13:05 GMT
server: openresty
etag: "5d8c7311-6f"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 111
expires: Sat, 11 Nov 2023 10:24:39 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
85 KB 359ms
28ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-LTZ10XBX1X

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

49fcc5873edc15b3580667a9e62a481a07747d995b7609ce7bc849b42c416ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86936
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 12 Oct 2023 10:29:46 GMT

GET
H2 200 glade.js Show response
securepubads.g.doubleclick.net/static/ 281 B
660 B 363ms
10ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/static/glade.js

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

sffe /

Resource Hash

f26e40109b0475bacea3fc2fcad5a91f2003e11c4bbe736141982da246ac155e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 21:57:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 477127
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 214
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 15:14:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Oct 2023 21:57:39 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/ 20 KB
5 KB 343ms
18ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723, 617
age: 14614856
cdn-cachedat: 2021-07-24 09:40:41
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 2b50aaedc481ac5a56e54a88a5b8c43a
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 814ea9e2ef89371f-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK feed.php Show response
track.traffic.club/ 35 KB
36 KB 973ms
509ms XHR
text/html 147.135.143.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://track.traffic.club/feed.php?direct=g4tcd&mid=171&f=171&keyword=comlowes.com&domain=www.lowes.comlowes.com

Requested by

Host: static.traffic.club
URL: https://static.traffic.club/feed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.135.143.184 Villeurbanne, France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

93cf803bce2a42d0819ffc8c28dd95712ffc8e7d26431ce12ae105daa3a89974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:47 GMT
content-encoding: none
x-content-type-options: nosniff
server: nginx
x-iplb-request-id: B073ED4A:9123_93878FB8:01BB_6527CA9A_1DDA7:B218
x-iplb-instance: 45835
content-type: text/html; charset=utf8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 36117
x-xss-protection: 1; mode=block

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 341ms
9ms Script
text/javascript 216.239.36.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.36.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 12 Oct 2023 09:49:42 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2404
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 12 Oct 2023 11:49:42 GMT

GET
H2 200 rtb.min.js Show response
static.trafficclub.com/ 7 KB
3 KB 372ms
10ms Script
application/javascript 143.204.98.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.trafficclub.com/rtb.min.js
Requested by: Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-76.fra50.r.cloudfront.net
Software: Apache /
Resource Hash: 6249d2dcfb60c3c54da30e6a64dec8ae78f54483af7549354a8c7679796dd89c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 04:58:32 GMT
content-encoding: gzip
via: 1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 14:33:40 GMT
server: Apache
x-amz-cf-pop: FRA50-C1
age: 19874
etag: W/"1b66-5ff4596259eb3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: CzwUB2Y6NO9m7wKVS2hPrCgkJW9vb2hHBSA8WlsjfKsZkG7VyYu5-w==

GET
H2 200 summer_ballon.jpg
www.lowes.comlowes.com/assets/images/ 166 KB
166 KB 16ms
16ms Image
image/jpeg 159.69.42.212
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.lowes.comlowes.com/assets/images/summer_ballon.jpg
Requested by: Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.69.42.212 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.212.42.69.159.clients.your-server.de
Software: openresty /
Resource Hash: a91a4a6d81038e8390eb5fd8dd83fb146bac24b5128f25820f321643e7ffd229

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/credit
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: public
date: Thu, 12 Oct 2023 10:24:40 GMT
last-modified: Fri, 27 Jul 2018 05:24:34 GMT
server: openresty
etag: "5b5aac92-2981c"
content-type: image/jpeg
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 170012
expires: Sat, 11 Nov 2023 10:24:40 GMT

GET
H2 200 q5uGsou0JOdh94bfvQlt.woff2
fonts.gstatic.com/s/neucha/v17/ 25 KB
25 KB 336ms
9ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/neucha/v17/q5uGsou0JOdh94bfvQlt.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Neucha|Cabin+Sketch

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

5e0c6ca42b9531a42a7994e3ed907ea9e3a360dcaa6f77847ef587340d21d6ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.lowes.comlowes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 19:23:53 GMT
x-content-type-options: nosniff
age: 486353
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25376
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:40:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Oct 2024 19:23:53 GMT

GET
H3 200 fontawesome-webfont.woff
maxcdn.bootstrapcdn.com/font-awesome/4.1.0/fonts/ 82 KB
82 KB 52ms
34ms Font
font/woff 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/fonts/fontawesome-webfont.woff?v=4.1.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css
Origin: https://www.lowes.comlowes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
cdn-edgestorageid: 860
cdn-cachedat: 08/25/2022 04:48:59
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 83760
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "fdf491ce5ff5b2da02708cd0e9864719"
vary: Accept-Encoding
content-type: font/woff
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 65365b632090c63f2681c1083d649f8b
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 814ea9e34f3392ad-FRA
cdn-requestpullsuccess: True

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
152 B 18ms
17ms XHR
text/plain 216.239.36.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1007815662&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&ul=en-us&de=UTF-8&dt=comlowes.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blocking%20Ads&ea=No&_u=YEBAAEABAAAAACAAI~&jid=1021886817&gjid=1447112109&cid=2078570488.1697106586&tid=UA-43967021-7&_gid=815714048.1697106586&_r=1&_slc=1&cd1=ts_landing_5&cd2=126&cd3=yes&z=89005382

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.36.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lowes.comlowes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 12 Oct 2023 10:29:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lowes.comlowes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
83 B 17ms
17ms XHR
text/plain 216.239.36.178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1007815662&t=pageview&_s=1&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&ul=en-us&de=UTF-8&dt=comlowes.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAACAAI~&jid=28517009&gjid=457229798&cid=2078570488.1697106586&tid=UA-43967021-13&_gid=815714048.1697106586&_r=1&_slc=1&z=253628394

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.36.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0c6ca6f16781fc92afde7d0d3d0cf697a5dfe163ea7e3a0c88d3a911e13761cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lowes.comlowes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 12 Oct 2023 10:29:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lowes.comlowes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 10ms
10ms Image
image/gif 216.239.36.178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=1007815662&t=pageview&_s=2&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&ul=en-us&de=UTF-8&dt=comlowes.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=2078570488.1697106586&tid=UA-43967021-7&_gid=815714048.1697106586&cd1=ts_landing_5&cd2=126&cd3=yes&z=193024292

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.36.178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Oct 2023 06:44:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 13487
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 18ms
18ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-LTZ10XBX1X&gtm=45je3ab0&_p=1007815662&cid=2078570488.1697106586&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697106586&sct=1&seg=0&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&dt=comlowes.com&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LTZ10XBX1X
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Oct 2023 10:29:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lowes.comlowes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a
www.googletagmanager.com/ 0
57 B 23ms
20ms Image
text/html 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-LTZ10XBX1X&v=3&t=t&pid=750679807&cv=1&rv=3ab0&tc=14&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAACA&h=Ag&dl=www.lowes.comlowes.com%2Fcredit&tdp=G-LTZ10XBX1X;78811334;0;0;0&z=0

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 204 td
www.googletagmanager.com/ 0
130 B 19ms
17ms Image
image/gif 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=G-LTZ10XBX1X&v=3&t=t&pid=750679807&cv=1&rv=3ab0&tc=14&es=1&e=gtm.init_consent&eid=-1&u=AAAAAAAAAAAAAACA&h=Ag&dl=www.lowes.comlowes.com%2Fcredit&tdp=G-LTZ10XBX1X;78811334;0;0;0&z=0
Requested by: Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.40 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f8.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Oct 2023 10:29:46 GMT
server: Golfe2
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a
www.googletagmanager.com/ 0
49 B 32ms
30ms Image
text/html 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-LTZ10XBX1X&v=3&t=t&pid=750679807&cv=1&rv=3ab0&tc=14&es=1&e=gtm.init&eid=0&u=AAAAAAAAAAAAAACA&h=Ag&tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ogtgooglesignals.1ccdgaregscope.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdconversionmarking.1ogteventcreate.1ccdautoredact.1ccdgalast&ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ogtgooglesignals.2ccdgaregscope.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdconversionmarking.2ogteventcreate.2ccdautoredact.2ccdgalast&z=0

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 a
www.googletagmanager.com/ 0
40 B 32ms
30ms Image
text/html 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-LTZ10XBX1X&v=3&t=t&pid=750679807&cv=1&rv=3ab0&tc=14&es=1&e=gtm.js&eid=1&u=AAAAAAAAAAAAAACA&h=Ag&tr=1gct&ti=1gct&z=0

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 a
www.googletagmanager.com/ 0
40 B 33ms
31ms Image
text/html 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-LTZ10XBX1X&v=3&t=t&pid=750679807&cv=1&rv=3ab0&tc=14&es=1&e=gtag.config&eid=5&u=AAAAAAAAAAAAACCA&h=Ag&epr=1G.2G&z=0

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 a
www.googletagmanager.com/ 0
49 B 33ms
31ms Image
text/html 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-LTZ10XBX1X&v=3&t=t&pid=750679807&cv=1&rv=3ab0&tc=14&es=1&e=*&eid=6&u=AAAAAAAAAAAAACCA&h=Ag&epr=1G.2G&z=0

Requested by

Host: www.lowes.comlowes.com
URL: https://www.lowes.comlowes.com/credit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
351 B 376ms
21ms XHR
text/plain 142.250.13.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-43967021-7&cid=2078570488.1697106586&jid=1021886817&gjid=1447112109&_gid=815714048.1697106586&_u=YEBAAEAAAAAAACAAI~&z=551849620

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.13.155 Oxford, United States, ASN15169 (GOOGLE, US),

Reverse DNS

we-in-f155.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lowes.comlowes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 12 Oct 2023 10:29:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lowes.comlowes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
80 KB 26ms
26ms Script
application/javascript 142.250.186.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K0FNZEWP0D&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

eb245de1799e6d469cd0c95e9dd722bb4682c7076a97af55355e5ecebfbe81ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82125
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 12 Oct 2023 10:29:46 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 24ms
24ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-LTZ10XBX1X&gtm=45je3ab0&_p=1007815662&cid=2078570488.1697106586&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1697106586&sct=1&seg=0&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&dt=comlowes.com&en=screen_view&_ee=1&ep.domain=comlowes.com&ep.template=ts_landing_5&ep.member=126&ep.SSL=yes&_et=3
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LTZ10XBX1X
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Oct 2023 10:29:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lowes.comlowes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.0/ 84 KB
30 KB 337ms
9ms Script
text/javascript 142.250.185.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js

Requested by

Host: static.trafficclub.com
URL: https://static.trafficclub.com/rtb.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f10.1e100.net

Software

sffe /

Resource Hash

8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 10:14:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 519296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30089
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Oct 2024 10:14:50 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 17ms
17ms Ping
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-K0FNZEWP0D&gtm=45je3ab0&_p=1007815662&ul=en-us&sr=1600x1200&cid=2078570488.1697106586&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=ABAI&_s=1&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&dt=comlowes.com&sid=1697106586&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K0FNZEWP0D&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Oct 2023 10:29:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lowes.comlowes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK rtb.php
track.traffic.club/ 450 B
837 B 682ms
638ms XHR
text/html 147.135.143.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://track.traffic.club/rtb.php?hash=e04b2ca08ccde67ed5d0c2ddad3fb452&mid=171&f=171&request=rtb&keyword=%20&domain=www.lowes.comlowes.com

Requested by

Host: static.trafficclub.com
URL: https://static.trafficclub.com/rtb.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.135.143.184 Villeurbanne, France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lowes.comlowes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:47 GMT
content-encoding: none
x-content-type-options: nosniff
server: nginx
x-iplb-request-id: B073ED4A:0722_93878FB8:01BB_6527CA9B_1DF2C:B219
x-iplb-instance: 45835
content-type: text/html; charset=utf8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 450
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 0
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: text/css

GET
H2 200 proceed.php
track.vcdc.com/ 531 B
716 B 114ms
32ms Document
text/html 167.233.8.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://track.vcdc.com/proceed.php?domain=comlowes.com&hash=cb92e0d97980185d522bb2ac9b374eba&u=eyJkb21haW4iOiJjb21sb3dlcy5jb20iLCJkb21haW5faWQiOiIxNzMyNjYyIiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNzEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxMjgiLCJ0YXJnZXQiOiJodHRwOlwvXC94bWwtdjQubWFpZGVudmFsdmUyLm9ubGluZVwvY2xpY2s/aT01eU5aYzNvNWFFd18wIiwiaXBfYWRkcmVzcyI6IjE3Ni4xMTUuMjM3Ljc0IiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOiIwLjAwMDA3In0=

Requested by

Host: static.trafficclub.com
URL: https://static.trafficclub.com/rtb.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.197.8.233.167.clients.your-server.de

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.lowes.comlowes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, must-revalidate
content-encoding: none
content-length: 531
content-type: text/html; charset=utf8
date: Thu, 12 Oct 2023 10:29:47 GMT
server: nginx
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST collect
www.google-analytics.com/g/ 0
0

GET
H2 200 beam.php
track.vcdc.com/ 894 B
1 KB 82ms
81ms Document
text/html 167.233.8.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://track.vcdc.com/beam.php?tcid=&target=aHR0cDovL3htbC12NC5tYWlkZW52YWx2ZTIub25saW5lL2NsaWNrP2k9NXlOWmMzbzVhRXdfMA==&hash=8df8d3dd68c1b880a1d274ed9636dbb6&m=MTcx

Requested by

Host: track.vcdc.com
URL: https://track.vcdc.com/proceed.php?domain=comlowes.com&hash=cb92e0d97980185d522bb2ac9b374eba&u=eyJkb21haW4iOiJjb21sb3dlcy5jb20iLCJkb21haW5faWQiOiIxNzMyNjYyIiwiZm9sZGVyX2lkIjpudWxsLCJtaWQiOiIxNzEiLCJmaWx0ZXJfaWQiOm51bGwsImFkdmVydGlzZXJfaWQiOiIxMjgiLCJ0YXJnZXQiOiJodHRwOlwvXC94bWwtdjQubWFpZGVudmFsdmUyLm9ubGluZVwvY2xpY2s/aT01eU5aYzNvNWFFd18wIiwiaXBfYWRkcmVzcyI6IjE3Ni4xMTUuMjM3Ljc0IiwidHlwZSI6ImphdmFfcmVkaXJlY3QiLCJiaWQiOiIwLjAwMDA3In0=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.197.8.233.167.clients.your-server.de

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, must-revalidate
content-encoding: none
content-length: 894
content-type: text/html; charset=UTF-8
date: Thu, 12 Oct 2023 10:29:47 GMT
server: nginx
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

/
cadrctlnk.com/in/p/
Redirect Chain

http://xml-v4.maidenvalve2.online/click?i=5yNZc3o5aEw_0
https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021

5 KB
2 KB

381ms
25ms

Document
text/html

109.206.182.60
SERVEREL-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021
Requested by: Host: track.vcdc.com
URL: https://track.vcdc.com/beam.php?tcid=&target=aHR0cDovL3htbC12NC5tYWlkZW52YWx2ZTIub25saW5lL2NsaWNrP2k9NXlOWmMzbzVhRXdfMA==&hash=8df8d3dd68c1b880a1d274ed9636dbb6&m=MTcx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 109.206.182.60 , United States, ASN50245 (SERVEREL-AS, US),
Reverse DNS: 109.206.182.60.serverel.net
Software: nginx/1.20.1 /
Resource Hash

Request headers

Referer: https://track.vcdc.com/beam.php?tcid=&target=aHR0cDovL3htbC12NC5tYWlkZW52YWx2ZTIub25saW5lL2NsaWNrP2k9NXlOWmMzbzVhRXdfMA==&hash=8df8d3dd68c1b880a1d274ed9636dbb6&m=MTcx
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 12 Oct 2023 10:29:48 GMT
pragma: no-cache
server: nginx/1.20.1
vary: Accept-Encoding *

Redirect headers

Age: 0
Cache-Control: no-store
Connection: keep-alive
Content-Length: 0
Location: https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021
Pragma: no-cache

GET
H2

200

Primary Request index.html Show response
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/
Redirect Chain

https://mcpuwpush.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxMDk1LCJ0eXBlIjoicG9wIiwic3BhY2VpZCI6MTA5NSwic3ViaWQiOiIxMTg3Njc4MDIxIiwic3NwIjozNzU4LCJzcG90X2lkIjozNzQ4ODQsInJjaGFu...
https://mcpuwpush.com/popunder/in/click/?mid=8079290684998042077&pid=0&site=374884&sc=DE&usage_type=DCH&subid=1187678021&sid=0&cid=14701&price=0&is_cpm=1&cpm=0.0369334091683219&ecpm=0.033&crid=&crt...
https://kts.vasstycom.com/in/769/?katds_ep=0Cu3O0AH76cw8jPDvsUZFV2X3s5HyU-L7KLk-fsYPUSfQy4_DEUWzttdTrbS_epSA7HrUrtfPyHWz-oa9Gga6KLzHgDlbB1VnDDF-lP0TuLeeYkgUhVxPI7Omi6yLKRF13NdzS9f8wRiRaMa6y0TOajjyI...
https://kts.vasstycom.com/in/d/?site=cadrctlnk.com&p=http://cadrctlnk.com&ad_tags=&tds_min_pr=0.0369334091683219&ic=IAB25&auid=8079290684998042077&related_score=100&bidding_price=1.80625&fromtc=36&...
https://duulikeme.com/doulike/index.php
https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872

36 KB
8 KB

633ms
286ms

Document
text/html

172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Requested by: Host: cadrctlnk.com
URL: https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 99a533eb0bf3ffe23cad18cefde21d4cd44ec8f66b7116dfa4d08bf2ce2c52a0

Request headers

Referer: https://cadrctlnk.com/in/p/?spot_id=374884&cat=25&sub_id=1187678021
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
cf-cache-status: MISS
cf-ray: 814eaa04fb76373b-FRA
content-encoding: br
content-type: text/html
date: Thu, 12 Oct 2023 10:29:51 GMT
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
vary: Accept-Encoding
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 12 Oct 2023 10:29:50 GMT
location: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
server: Apache

GET
H2 200 tapa.css
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 18 KB
4 KB 291ms
290ms Stylesheet
text/css 172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/tapa.css
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 22b2c21cd86ff8e53b784c5e40608872a0666f3682d1331829eb8a643f50b3e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: W/"46b4-11ef9b484c240"
vary: Accept-Encoding
content-type: text/css
cache-control: private
cf-ray: 814eaa06cdc1373b-FRA

GET
H2 200 jquery-1.4.4.min.js Show response
code.jquery.com/ 77 KB
27 KB 346ms
8ms Script
application/javascript 151.101.130.137

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.4.4.min.js
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 1388296
x-cache: HIT, HIT
content-length: 27078
x-served-by: cache-lga21980-LGA, cache-fra-eddf8230067-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1697106592.141504,VS0,VE0
etag: W/"28feccc0-13309"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 4821, 122

GET
H2 200 noir.js Show response
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 82 KB
30 KB 418ms
418ms Script
application/javascript 172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/noir.js
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 46b5242c5eb6b3b71ef2606f2d0d700142ae58b53c6d018e6bf06bab62437e1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: W/"14930-11ef9b484c240"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private
cf-ray: 814eaa06cdc3373b-FRA

GET
H2 200 script.compat.js Show response
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 1 KB
1014 B 174ms
170ms Script
application/javascript 172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/script.compat.js
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a1bc6ee4cc04b8e259bb929bb29d87e8b7eb540f2dc67cbd3bb7dbbe57fd28f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: W/"56d-11ef9b484c240"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private
cf-ray: 814eaa098923373b-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
82 KB 29ms
25ms Script
application/javascript 2a00:1450:4001:80f::2008

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MNTGQ1CSSR

Requested by

Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b737601548cd9afaf8196eb8ad527cb131929648a2e244577a406fa3b178e20a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 12 Oct 2023 10:29:52 GMT

GET
H2 200 f24.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 62 KB
0 430ms
426ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/f24.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "7b710-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa098928373b-FRA
content-length: 505616

GET
H2 200 mnc.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 187 B
466 B 174ms
170ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/mnc.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "bb-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa098929373b-FRA
content-length: 187

GET
H2 200 msmm.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 168 B
446 B 171ms
167ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/msmm.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "a8-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa09892a373b-FRA
content-length: 168

GET
H2 200 set.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 364 B
659 B 182ms
178ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/set.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "16c-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa09892b373b-FRA
content-length: 364

GET
H2 200 vsc.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 722 B
1 KB 172ms
169ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/vsc.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "2d2-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa09892d373b-FRA
content-length: 722

GET
H2 200 bel.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 276 B
571 B 170ms
167ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/bel.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "114-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa09892e373b-FRA
content-length: 276

GET
H2 200 pcm.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 1 KB
2 KB 171ms
169ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/pcm.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: afe332157f4efe355f3181284e99f4331c4d19703ed1678b5316d2933f95e98e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "4f6-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa09892f373b-FRA
content-length: 1270

GET
H2 200 dm.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 332 B
614 B 171ms
168ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/dm.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df9f467d23ee1887edb2123cca10a1a9c4624cdcf7199c64e78a8430031f9f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "14c-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa098931373b-FRA
content-length: 332

GET
H2 200 cs.png
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 3 KB
3 KB 180ms
177ms Image
image/png 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/cs.png
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "a79-11ef9b484c240"
vary: Accept-Encoding
content-type: image/png
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa098932373b-FRA
content-length: 2681

GET
H2 200 re.gif
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 14 KB
15 KB 304ms
302ms Image
image/gif 172.66.0.96

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/re.gif
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: "399f-11ef9b484c240"
vary: Accept-Encoding
content-type: image/gif
cache-control: private
accept-ranges: bytes
cf-ray: 814eaa098938373b-FRA
content-length: 14751

GET
H2 200 nvidia.js Show response
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 2 KB
951 B 156ms
156ms Script
application/javascript 172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/nvidia.js
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 73310aa233204005c5d97ccd8b6c8c06dda83205f1de6571aa798400fb5bedeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: W/"807-11ef9b484c240"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private
cf-ray: 814eaa08f89e373b-FRA

GET
H2 200 jupiter.js Show response
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 503 B
505 B 177ms
177ms Script
application/javascript 172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/jupiter.js
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 200
etag: W/"1f7-11ef9b484c240"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private
cf-ray: 814eaa097915373b-FRA

GET
H/1.1 200
OK / Show response
ipwho.is/ 725 B
997 B 68ms
17ms XHR
application/json 195.201.57.90

General

Check archive.org

Show headers Download Go to

Full URL: https://ipwho.is/?lang=en
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 195.201.57.90 -, , ASN (),
Reverse DNS
Software: ipwhois /
Resource Hash: d89f3124641bd962f837ff6660d52a3610389691ee289d96d7ff5db80e17fb91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 12 Oct 2023 10:29:52 GMT
Server: ipwhois
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Robots-Tag: noindex
Access-Control-Allow-Headers: *

GET
DATA 200
OK truncated
/ 349 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 206 _Fm7-alert.mp3
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 30 KB
0 292ms
291ms Media
audio/mpeg 172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/_Fm7-alert.mp3
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 206
etag: "387a7-11ef9b484c240"
vary: Accept-Encoding
content-type: audio/mpeg
Content-Range: bytes 0-231334/231335
cache-control: private
cf-ray: 814eaa09b96d373b-FRA
Content-Length: 231335

POST collect
region1.google-analytics.com/g/ 0
0

POST event
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/api/ 0
0

GET
H2 404 ai2.mp3
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ 196 B
562 B 166ms
165ms Media
text/html 172.66.0.96

General

Check archive.org

Show headers Download Go to

Full URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ai2.mp3
Requested by: Host: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.0.96 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/index.html?ph0ne=04706-8999-872
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 12 Oct 2023 10:29:52 GMT
cf-cache-status: MISS
server: cloudflare
x-do-app-origin: 43aff603-50b8-476b-929e-e77841588347
x-do-orig-status: 404
vary: Accept-Encoding
content-type: text/html; charset=iso-8859-1
cache-control: private
cf-ray: 814eaa0aca90373b-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/g/collect?v=2&tid=G-LTZ10XBX1X&gtm=45je3ab0&_p=1007815662&cid=2078570488.1697106586&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=3&sid=1697106586&sct=1&seg=0&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&dt=comlowes.com&en=scroll&epn.percent_scrolled=90&_et=8

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/g/collect?v=2&tid=G-LTZ10XBX1X&gtm=45je3ab0&_p=1007815662&cid=2078570488.1697106586&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=4&sid=1697106586&sct=1&seg=0&dl=https%3A%2F%2Fwww.lowes.comlowes.com%2Fcredit&dt=comlowes.com&en=user_engagement&_et=1303

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-MNTGQ1CSSR&gtm=45je3ab0&_p=7924403&cid=1729752720.1697106592&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697106592&sct=1&seg=0&dl=https%3A%2F%2Fseashell-appcvrtfgujikol-l44cy.ondigitalocean.app%2FErWinhotlineEr087%2Findex.html%3Fph0ne%3D04706-8999-872&dr=https%3A%2F%2Fcadrctlnk.com%2F&dt=mayilerumperumalayyanar&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

Domain: seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/api/event

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.lowes.comlowes.com/	1970-01-20 15:25:48	Name: ndsp Value: eyJkb21haW5OYW1lIjoiY29tbG93ZXMuY29tIiwibWVtYmVyIjoiMTI2IiwidGVtcGxhdGUiOiJ0c19sYW5kaW5nXzUiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhXC81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXRcLzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZVwvMTE3LjAuNTkzOC4xNDkgU2FmYXJpXC81MzcuMzYiLCJzZXNzaW9uIjoiODYzMWE1ZmYwMTlmMzc3Y2FiNTk1YTIxOGVmYTQ5N2QiLCJ0aW1lX2luaXQiOjE2OTcxMDYyNzl9
.comlowes.com/	1970-01-20 15:26:32	Name: _gid Value: GA1.2.815714048.1697106586
.comlowes.com/	1970-01-20 15:25:06	Name: _gat_mainCounter Value: 1
.comlowes.com/	1970-01-20 15:25:06	Name: _gat_tcCounter Value: 1
.comlowes.com/	1970-01-21 01:01:06	Name: _ga Value: GA1.1.2078570488.1697106586
.comlowes.com/	1970-01-21 01:01:06	Name: _ga_K0FNZEWP0D Value: GS1.2.1697106586.1.0.1697106586.0.0.0
.comlowes.com/	1970-01-21 01:01:06	Name: _ga_LTZ10XBX1X Value: GS1.1.1697106586.1.0.1697106587.0.0.0
cadrctlnk.com/	1970-01-20 15:26:32	Name: 1095.0 Value: 1
kts.vasstycom.com/	1970-01-20 15:26:32	Name: 769.171297 Value: 1
kts.vasstycom.com/	1970-01-20 15:25:10	Name: 721.171297 Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://seashell-appcvrtfgujikol-l44cy.ondigitalocean.app/ErWinhotlineEr087/ai2.mp3 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cadrctlnk.com
code.jquery.com
duulikeme.com
fonts.googleapis.com
fonts.gstatic.com
ipwho.is
kts.vasstycom.com
maxcdn.bootstrapcdn.com
mcpuwpush.com
region1.google-analytics.com
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
securepubads.g.doubleclick.net
static.traffic.club
static.trafficclub.com
stats.g.doubleclick.net
track.traffic.club
track.vcdc.com
www.google-analytics.com
www.googletagmanager.com
www.lowes.comlowes.com
xml-v4.maidenvalve2.online
region1.google-analytics.com
seashell-appcvrtfgujikol-l44cy.ondigitalocean.app
www.google-analytics.com
104.18.10.207
109.206.182.60
119.18.54.70
142.250.13.155
142.250.185.227
142.250.185.234
142.250.186.40
143.204.98.76
147.135.143.184
151.101.130.137
159.69.42.212
167.233.8.197
172.217.16.130
172.66.0.96
173.239.53.32
195.201.57.90
216.239.36.178
216.58.212.170
2606:4700::6812:acf
2a00:1450:4001:80f::2008
2a00:1450:4001:810::200e
62.122.168.42
78.46.152.77
94.130.197.240
0c6ca6f16781fc92afde7d0d3d0cf697a5dfe163ea7e3a0c88d3a911e13761cd
1ab5ef4e7e196cb1ff39df44e1a0a39f6880b906ef6fd6da3cfdbb92ffd33115
22b2c21cd86ff8e53b784c5e40608872a0666f3682d1331829eb8a643f50b3e4
23bec1376312be873fdff35109bd4f2499f0fb8ee7742b3caf8eef22e9b96ae8
2e120707b7a0de913a32da3e779b975bd342672ca68c9aa373029f38c90cfb56
318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479
31c6dbe9d867436244f38566adad57e3870f4c8489c6804280eb564bfac5c1bd
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
46b5242c5eb6b3b71ef2606f2d0d700142ae58b53c6d018e6bf06bab62437e1b
49fcc5873edc15b3580667a9e62a481a07747d995b7609ce7bc849b42c416ee8
4aa355b64f75bc8293836eb2ca7ff4a0d7230f361c2e9b1b2d7394ac7c540f90
4c1606563842cce5f1788329d4417ae3618b33c6365c56a7122439b6ab45c977
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c
5a1bc6ee4cc04b8e259bb929bb29d87e8b7eb540f2dc67cbd3bb7dbbe57fd28f
5e0c6ca42b9531a42a7994e3ed907ea9e3a360dcaa6f77847ef587340d21d6ac
6249d2dcfb60c3c54da30e6a64dec8ae78f54483af7549354a8c7679796dd89c
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
69758b74d4aca288e58c2536acd3313fd59356da245b7dedf9ed0ab4d99d3007
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73310aa233204005c5d97ccd8b6c8c06dda83205f1de6571aa798400fb5bedeb
7df9f467d23ee1887edb2123cca10a1a9c4624cdcf7199c64e78a8430031f9f5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce
93cf803bce2a42d0819ffc8c28dd95712ffc8e7d26431ce12ae105daa3a89974
99a533eb0bf3ffe23cad18cefde21d4cd44ec8f66b7116dfa4d08bf2ce2c52a0
a91a4a6d81038e8390eb5fd8dd83fb146bac24b5128f25820f321643e7ffd229
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afe332157f4efe355f3181284e99f4331c4d19703ed1678b5316d2933f95e98e
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348
b737601548cd9afaf8196eb8ad527cb131929648a2e244577a406fa3b178e20a
b769324e0921f9f649611113e65f528ebae5e140da8a7e63c5d6ea7bc7a33bc0
c5a324f181af16879b6c4c52b731b23392f2816def159b157c4de620cff1cd41
d89f3124641bd962f837ff6660d52a3610389691ee289d96d7ff5db80e17fb91
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0ae0198f37f94156d1037964e86bdf5c7ff409da9c9de789ab72cb0cedc4d6e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb245de1799e6d469cd0c95e9dd722bb4682c7076a97af55355e5ecebfbe81ca
f26e40109b0475bacea3fc2fcad5a91f2003e11c4bbe736141982da246ac155e

seashell-appcvrtfgujikol-l44cy.ondigitalocean.app Open in urlscan Pro 172.66.0.96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

58 Requests

88 %HTTPS

13 %IPv6

18 Domains

22 Subdomains

21 IPs

4 Countries

738 kBTransfer

1545 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

seashell-appcvrtfgujikol-l44cy.ondigitalocean.app Open in urlscan Pro
172.66.0.96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

88 %
HTTPS

13 %
IPv6

18
Domains

22
Subdomains

21
IPs

4
Countries

738 kB
Transfer

1545 kB
Size

10
Cookies

58 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!