stfly.me Open in urlscan Pro
2606:4700:e0::ac40:6916 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://stfly.me/RealsyMega2
Submission: On January 27 via manual (January 27th 2022, 6:08:41 pm UTC) from DE — Scanned from DE

Summary HTTP 57 Redirects Behaviour Indicators

Summary

This website contacted 25 IPs in 6 countries across 18 domains to perform 57 HTTP transactions. The main IP is 2606:4700:e0::ac40:6916, located in United States and belongs to CLOUDFLARENET, US. The main domain is stfly.me. The Cisco Umbrella rank of the primary domain is 293769.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 19th 2021. Valid for: a year.

This is the only time stfly.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2606:4700:e0:... 2606:4700:e0::ac40:6916	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
6	2606:4700:303... 2606:4700:3037::6815:309a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1	23.109.82.250 23.109.82.250	7979 (SERVERS-COM) (SERVERS-COM)
1	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
1	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	139.45.197.181 139.45.197.181	9002 (RETN-AS) (RETN-AS)
2	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400f:80a::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:401... 2a00:1450:401b:810::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::18 2a02:2638::18	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
57	25

7 2606:4700:e0::ac40:6916 (United States)

ASN13335 (CLOUDFLARENET, US)

stfly.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3037::6815:309a (United States)

ASN13335 (CLOUDFLARENET, US)

account.adstripe.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

omchanseyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.82.250 (Netherlands)

ASN7979 (SERVERS-COM, US)

sanggilregard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

toglooman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.181 (United Kingdom)

ASN9002 (RETN-AS, GB)

worldfreshblog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

itsguider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400f:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)

3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:401b:810::2001 (Ireland)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::18 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 124	55 KB
9	criteo.net static.criteo.net — Cisco Umbrella Rank: 645 csm.eu.criteo.net — Cisco Umbrella Rank: 7881	103 KB
7	stfly.me stfly.me — Cisco Umbrella Rank: 293769	65 KB
6	adstripe.net account.adstripe.net — Cisco Umbrella Rank: 598574	91 KB
4	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184	154 KB
3	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14362 ads.eu.criteo.com — Cisco Umbrella Rank: 7925 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 10834	18 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 80 www.google.com — Cisco Umbrella Rank: 13	2 KB
2	itsguider.com itsguider.com — Cisco Umbrella Rank: 638580	5 KB
2	omchanseyr.com omchanseyr.com — Cisco Umbrella Rank: 668371	25 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	38 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8028	792 B
1	worldfreshblog.com worldfreshblog.com
1	gstatic.com fonts.gstatic.com	44 KB
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 9045	539 B
1	toglooman.com toglooman.com — Cisco Umbrella Rank: 24652
1	dozubatan.com dozubatan.com — Cisco Umbrella Rank: 38036
1	sanggilregard.com sanggilregard.com — Cisco Umbrella Rank: 602782	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
57	18

	Domain	Requested by
7	static.criteo.net	ads.eu.criteo.com
7	stfly.me	stfly.me
6	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
6	account.adstripe.net	stfly.me account.adstripe.net
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
4	securepubads.g.doubleclick.net	itsguider.com securepubads.g.doubleclick.net stfly.me
2	csm.eu.criteo.net	ads.eu.criteo.com
2	3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	itsguider.com	account.adstripe.net itsguider.com
2	omchanseyr.com	stfly.me omchanseyr.com
1	cat.fr.eu.criteo.com	ads.eu.criteo.com
1	www.googletagservices.com	3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
1	ads.eu.criteo.com	3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
1	rtb.fr.eu.criteo.com	stfly.me
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	worldfreshblog.com	omchanseyr.com
1	fonts.gstatic.com	fonts.googleapis.com
1	my.rtmark.net	omchanseyr.com
1	toglooman.com	omchanseyr.com
1	dozubatan.com	omchanseyr.com
1	sanggilregard.com	stfly.me
1	fonts.googleapis.com	stfly.me
57	24

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-19` - `2022-05-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
omchanseyr.com R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
sanggilregard.com R3	`2021-12-26` - `2022-03-26`	3 months	crt.sh
dozubatan.com R3	`2021-12-07` - `2022-03-07`	3 months	crt.sh
toglooman.com R3	`2022-01-04` - `2022-04-04`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
worldfreshblog.com R3	`2022-01-18` - `2022-04-18`	3 months	crt.sh
*.itsguider.com R3	`2022-01-12` - `2022-04-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-04`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-25`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://stfly.me/RealsyMega2
Frame ID: DF9B2297EFAFC7510A3C93A1F674772C
Requests: 17 HTTP requests in this frame

Frame: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
Frame ID: DF09559AAC2347BA6B2D2AFFB638C213
Requests: 5 HTTP requests in this frame

Frame: https://itsguider.com/336.php
Frame ID: 6B9240BE8AFDF2322C2DEE1A77D69687
Requests: 10 HTTP requests in this frame

Frame: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 964D11CC200A0FC7F54BBEAF4D65D8DA
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8BC5B47842EF9BB317AED100F95C89D8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 62C7C8E7F4CF30141CCC718183A0FD2C
Requests: 2 HTTP requests in this frame

Frame: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 7E7DFD30CB70E6F9D69589C419071576
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YfLfpgAJXjAIu8N4AA1_v739HN6UaFNTV5zGwQ&u=%7C25jr5olrR%2BPTNpSihPZWkKpafLIBLT6I5IPwRPPGfJU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-j2ATKBjmGv5VLsOcRWASjmv1hm8REGDc0dy11_HTCGGmLCUiSCGcYr4_PLWCi74v-Iy1fIjKPZTjL1a3ScP5CpUYBeRYpRX8lKi_fvFGUrf-4rJ4ECgoOPpHhV0d_U3vpErDD24SPr-4kkpcTNqKuplaCoed-I7oVbOoSrKjYLz4-LqAVPJX9Nzil2Wom2u6dsDpRpfzcAoR5fi24YMAdmfAnPZssvueyKKbS38223Wyg0r81xvQen7kHWp3-DELZCjJgJhOTRjCFKaeNBCy7Hgm9z3GwXp0xAP3CVX4LmLc3OnQwxHU4vKjP88NTewyFr45LsydmJqtMiY6Q2UqDmy5PBxye1Bff56Z2W0dSE9gNVaitNkHfToPDO3RlQWWi7WOL4jSbOLYwDiCWAB_cw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkYRBpt_yYbC8JfiG7_UPv_-1gAPJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTczNjM4MDkyMTkyNDQxMjKgAdW20uoDyAEJqQKL7e1ZnreyPuACAKgDAaoE5gFP0J4fnr_sdFwM1slINDkeWoTAyYu4AKGyJQKj_MzvfVBvqCrTeZpZyngbjdxFzZyU-C6V5aTfbAOe4xCfzoLK8d8Q38QLbo2pH32p1iNdA26-wv1aw6vdFKpDG8fb5DBxwESf57EtM1v59mZnwjoV6Ngi4eedN4e8kdDvTNgcuEt5dY7RRf2viqdUb-Y2Ir_hptbOLGLukB207A89CY6838tL6-25fQPXSx6QSAqgJWiYaiJ8AluCy6nOPYjEKR9EzZXszpjRK2GMrnFC3yWCH2vjvkyVQ7CkjMBQXE3gZAT0RFNM_OAEAYAGrt-ZoLP2it34AaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDUyMjQ4NTE4ODQ3NDQw-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pTOAEikh2XMUE-1UGb-EWqfaxaw%26client%3Dca-pub-7363809219244122%26adurl%3D
Frame ID: EFB55E276E43B62574AFD81C8BCCA9AF
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

57
Requests

100 %
HTTPS

63 %
IPv6

18
Domains

24
Subdomains

25
IPs

6
Countries

605 kB
Transfer

1535 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

57 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request RealsyMega2 Show response
stfly.me/ 2 KB
2 KB 314ms
267ms Document
text/html 2606:4700:e0::ac40:6916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6916 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e4e2aee7a7e6845dc271cd9042c9ad86cb71e24b5b28a3b78a72bd3bfedee35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhW2Tc24O6O%2F4gIbtZ9SsDjyS03jasdshQAd5MpTJNS6fviWUUTpV%2BbIWULnXGOus02wNTjveFsdzhNfRqJ8RQ%2BKRQU6WrHBBHPc0zJ5UIsz4929By1NEVEErL9gFUBo%2BMaaDkyiQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d43ed65afd7920d-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 138ms
48ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 17:02:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 27 Jan 2022 18:08:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 Jan 2022 18:08:37 GMT

GET
H2 200 bootstrap.min.css
stfly.me/customfiles/ 108 KB
18 KB 25ms
24ms Stylesheet
text/css 2606:4700:e0::ac40:6916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/bootstrap.min.css

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6916 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/RealsyMega2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 194447
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1ae1b-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjdMNjnCekiXojx11wL7l79r2PrYxynrYW%2B4yoPuPz0ARS3xkJaEkAglQpvRq2vwvrYa%2BPaH%2F7WuI4PpAPE1E2XuDcqhkrC1KI7mubeW3JyqHRlgGYBx5pb9KxfVrFyjyBVLuXbuoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6d43ed679c1c920d-FRA
expires: Thu, 24 Feb 2022 12:07:50 GMT

GET
H2 200 main.css
stfly.me/customfiles/ 24 KB
5 KB 25ms
25ms Stylesheet
text/css 2606:4700:e0::ac40:6916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/main.css

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6916 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/RealsyMega2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 194447
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"61d1-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JR2IyAgCGYiWzHVg3NiTlSGtZU9sC4D9u15BVucrjC3F2qHiMXeVRHe21vBoZ97%2B8uFlHgkw9IVbHDtjt1Ebk1EG6mZARDMu8bBBK16b8ag01unhOBpDnT4zUnzAawVcxP0X%2BLvxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6d43ed679c1d920d-FRA
expires: Thu, 24 Feb 2022 12:07:50 GMT

GET
H2 200 custom.css
stfly.me/customfiles/ 47 KB
19 KB 26ms
26ms Stylesheet
text/css 2606:4700:e0::ac40:6916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/custom.css

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6916 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/RealsyMega2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 194447
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bddd-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLiPPD4mvsGNhquvCwK9oN3pCb%2FzszSZxDmFBPsoAMA5uuS5WusEmSJzvUr%2FV5HE9iyn8Liaefdcx%2BWEQ9SUXqgrDyNfZK%2FHbTtSEjAeyjJp81hOihiKDhMwx%2Beb8NbMajiDR25bNg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 6d43ed679c1e920d-FRA
expires: Thu, 24 Feb 2022 12:07:50 GMT

GET
H2 200 invisible.js Show response
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 44 KB
16 KB 58ms
57ms Script
text/javascript 2606:4700:e0::ac40:6916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by: Host: stfly.me
URL: https://stfly.me/RealsyMega2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d31be4908b8f3c24f86f861f5f3c2503fd3d9ccd2f87ed5f0f2207662c2acfc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/RealsyMega2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GcPGwyroi%2BKvlBlhDVCsir6FduQHlja4t%2FEFYaSSVApF%2BbtL%2BrjscHpqlOwsIoBTA6P9ynwdbKQVSHFLmMvKwXhCibdw2R2b200p3O5HAIYxEIf6TDtSv1JZzEDvmaZM79SSYLki1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6d43ed679c20920d-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 items.php Show response
account.adstripe.net/display/ 62 KB
12 KB 334ms
127ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Requested by: Host: stfly.me
URL: https://stfly.me/RealsyMega2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d74bcb57a47e19013867b54a22c34d8722e0ee32cf9c6af61a2d207335f6d62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: no-cache
last-modified: Thu, 27 Jan 2022 18:08:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJq8oR5ufunEGQBRI7bTUh13Yvj50KYJyiypED16rnzadB1JMHyjuR1iI00epyCDgFYhQCsazJNMtfCro5Jw4tjKdjlRTW5Oh45PRPoeOSohCSyK1LCn8XNu2OTsED5mzEGolZERKi8ZGLnH4QF7j4u%2BaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 6d43ed6939f715a3-EWR
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 apu.php Show response
omchanseyr.com/ 59 KB
23 KB 113ms
30ms Script
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/apu.php?zoneid=3381289

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c83ca3b19aa2a303c89e68342540e16e0d90947ce3e89da0f963e6e70df017f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: 1cab0fc7f19a1c07e95f39db37c16756
pragma: no-cache
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK 30732 Show response
sanggilregard.com/1clkn/ 6 B
1 KB 88ms
20ms Script
application/javascript 23.109.82.250
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://sanggilregard.com/1clkn/30732

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

23.109.82.250 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 27 Jan 2022 18:08:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H2 200 rocket-loader.min.js Show response
stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 9ms
9ms Script
application/javascript 2606:4700:e0::ac40:6916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6916 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/RealsyMega2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Jan 2022 15:58:45 GMT
server: cloudflare
etag: W/"61e83535-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=suPfNqkuUT415pW9PEHM%2BWEoMjgogT9s2SLpshHe6LgFbnnBJSrCBAbnN2MA1ckfLalK%2B1Q4TptpWzVYK6OZ3a5R%2FtVl1%2BUm5fJzVKlPfBz%2B5cxHBFbQvAyKIvcHhon%2BAhk2Giyl5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d43ed67ac22920d-FRA
vary: Accept-Encoding
expires: Sat, 29 Jan 2022 18:08:37 GMT

GET
H2 403 4495548
dozubatan.com/400/ 0
0 54ms
13ms Script
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://dozubatan.com/400/4495548
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-trace-id: 9502fd09605d7c1fd31d3edf967973d2
pragma: no-cache
date: Thu, 27 Jan 2022 18:08:37 GMT
server: nginx
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 22
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 404 1
toglooman.com/ 0
0 49ms
13ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/1?z=3968308
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-trace-id: dc383039c3631eb239260e7755efff1c
date: Thu, 27 Jan 2022 18:08:37 GMT
x-sc: 4KdnrdofxFOHMlcU
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin
access-control-expose-headers: X-Sc
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 7

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
539 B 48ms
12ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=7d7d09644de3404d938251ca0dc13cc1

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

0895ce2dc2fc97c93d9e55bf5ceef39fdfa59d0a4792015800cf90cd1bae0750

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 121ms
36ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://stfly.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 13:52:02 GMT
x-content-type-options: nosniff
age: 533795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 21 Jan 2023 13:52:02 GMT

GET
H2 200 modernizr.min.js Show response
stfly.me/customfiles/ 1 KB
1 KB 19ms
18ms Script
application/javascript 2606:4700:e0::ac40:6916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/modernizr.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6916 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/RealsyMega2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 194446
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f6-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5lIs7T%2FIAkv7snm4xZurq1Pge5wwR2raax2qQuFMxApYBBdGnG0J3t0fo48FFQZk8paGfzpzL%2FRmD1xE79njft1XmQCwoetUSunQZWXmnF6SKmKIFTTBRRTVOpGsiuLmk8DJ%2B1A0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 6d43ed68ae18920d-FRA
expires: Thu, 24 Feb 2022 12:07:51 GMT

GET
H2 200 / Show response
omchanseyr.com/ 2 KB
2 KB 16ms
15ms Fetch
application/json 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/?rb=mLe1QYWJqd0ie3zGwgCjU06pX7HxxK5AnlilwQ-RkfreuMGngZAX_ysJfWIZY2Sxc2QG6eJVVHyiWA74ADcPVdfD0vHBP-8tOFeiBv8mFFYBJZTYGI_NABdlhTQ4M8Z6f9Ci5EphrCOllBB4ctrNHHx3-xF6v-3TFlEa54Oy--XUVLjB9yWIdSosx8L-APpZDYucdMlF_sHLob68CIHCaJy_xrrYepXdBRxgUY3bN5QTjg5Csw7SivDbR0P6Y3maOUqqJegMIpkrjgAiXvkV-Q%3D%3D&request_ab2=0&zoneid=3381289&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=0&pl=https%3A%2F%2Fstfly.me%2FRealsyMega2&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.355.0&bs=36411b77-eec1-43a1-889d-abb48ab8cdb3&userId=7d7d09644de3404d938251ca0dc13cc1&m=link

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d8d3d008578dcef20081369fff244614d342fcfbeec3111b8b069b62b580dc7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: f0af4cbcba6ce97643047ffc75a7c86d
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://stfly.me
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 204
No Content favicon.ico
worldfreshblog.com/ 0
0 64ms
12ms Fetch 139.45.197.181
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://worldfreshblog.com/favicon.ico

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

139.45.197.181 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=60
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 27 Jan 2022 18:08:37 GMT
X-Content-Type-Options: nosniff
Server: nginx
Connection: keep-alive
Strict-Transport-Security: max-age=60

GET
H2 200 index.php Show response
account.adstripe.net/display/ Frame DF09 7 KB
2 KB 133ms
133ms Document
text/html 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff0a2aad62972fe8f9ded071fe81e9d4ec9bf605b65d748815032fbf8e56ba0a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g71OXDUxW1sEI5D9yEkeU4YYnIebJKnqvD8BhKNiAhZXzL1iKiVyYGJZwl2QGP69PR%2BQrvUjQ6k%2B3j7Xq9JcuhhXZ3tPXJVwXjORbI2UNDel6emd3Mwg9%2B4S7bxBvCMRwFklkZxzAMR9iOlmUCIHQSI47w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d43ed6a1b7815a3-EWR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 jquery.min.js Show response
account.adstripe.net/display/js/ Frame DF09 243 KB
74 KB 47ms
47ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/js/jquery.min.js
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
age: 3413
etag: W/"3cd47-5c028f0d0e4c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UHuIlhZ44PqiBUQ2j%2Bz7fBb6msilcr8dFAXKVflgojnUq4bLyAWv1MKdLFPo5ZKB%2FAx03ecd%2FvCqP5fq5wlLEfc5Ok0Db0AhV24VCMulnQBQXz9qTdE4h3IkdVwhw1psKVXfbOqp8zh4whvr8GY9D%2Fi%2F2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d43ed6adc5b0c85-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 data.png
account.adstripe.net/images/ Frame DF09 931 B
1 KB 37ms
37ms Image
image/png 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/images/data.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3413
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 931
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
etag: "3a3-5c028f0d0e4c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GYowC88FojroaLf%2BR6ertO1c1oZg%2BNQVPvFBZMzpT7jYa9%2FDK0eBb10jbrCLMNmmaR%2BgLDr9wWpwUd3tGgBc9%2BGoRV0gHmwQQUYn6814zg3KdSw0xtjzYSUjIYV%2BkBw%2B08hx2QUSYbZqmDa8v5jqHYn6XA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6d43ed6adc5e0c85-AMS

GET
H3 200 1-icon-1635666360.png
account.adstripe.net/upload/credit/ Frame DF09 546 B
1 KB 44ms
44ms Image
image/png 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/upload/credit/1-icon-1635666360.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3413
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 546
last-modified: Sun, 31 Oct 2021 07:46:00 GMT
server: cloudflare
etag: "222-5cfa1405bde00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sD0BWpQZ3b6IhAxZd8teiztehTE4%2BFAX4HhQxr9nK92u1lVo8mPAkIcDfGECHclqjzADFrtTRPpa1l7U9eu8CKM7Xm8Znu4oTSj2bvoZFzRO%2FzsXsETFF0usbMbEKGfqPndA035sxqxchcDSw3B52iU6%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6d43ed6b0cb30c85-AMS

GET
H2 200 336.php Show response
itsguider.com/ Frame 6B92 908 B
1015 B 343ms
298ms Document
text/html 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/336.php
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0101ce28449e7a4b1442d7f5381bcc968a88025d75b09855caeb6ded28e743a2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0
expires: Thu, 27 Jan 2022 18:08:37 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F40YltixzOZSIRBPpDIv7nXxcxUfTpSo9jz534xNYcEZsMpXpaKNq7JAbOqBGrz1ZVKPe72zYi7tN5riE5aRFeyHxmIP6Md3tQZAIp8lTSXJxIPq33iuIh6bck2F%2BzezkAFLvOLD6O2kxZa8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d43ed6ba823693a-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 index.php Show response
account.adstripe.net/track/ Frame DF09 132 B
622 B 216ms
216ms Script
application/javascript 2606:4700:3037::6815:309a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/track/index.php?page=click/data/0|1|1|1|21|1|2|2|0|1|0.00055|0.00055|0|0/33459e4b5239dcdfe61e7ea9b400ffe6/1643306927/DE/
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:309a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cb5b5cabf4ad2904b60a9278a7a6235f3370ece69dfeee0c86fa3011c37b3ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=f6f4145e72e28327395c8670c670a791&time=1643306917&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9SZWFsc3lNZWdhMg==&page_title=&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:37 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JyiFHX%2BKW0m%2BE6jJEuc0wvXnL3qq1FDJMOrr11n0BZqCDkJItpUBPzKVFz9ASul1Eaf%2BHjlFwIYdeoj6ZiahMUO%2FWvVRZvVHowQgBjPEAK8i%2FjZy%2BKWpuLOo9yc3%2Bg8%2Bfcgd3UVWiIxNjyJasasuDWx4OQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6d43ed6b7d6d0c85-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 rocket-loader.min.js Show response
itsguider.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 6B92 12 KB
4 KB 40ms
14ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://itsguider.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: itsguider.com
URL: https://itsguider.com/336.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/336.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 19 Jan 2022 15:52:06 GMT
server: cloudflare
etag: W/"61e833a6-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VhtZ2HT%2FGad8lNRPK6PuZEsZ02l%2BQ0EVIEfXfCqtERWfVbmXhOyVpJXL%2BsOB4wRZBZ%2F0B5yh3ng%2FOmdeePNd4sMvJqKbjmuat0cDbszrL60mkX7Qaab%2FTAre8GOPeUqJ2m3Y3eFT2f3WUEvj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d43ed6ddd6b5be5-FRA
vary: Accept-Encoding
expires: Sat, 29 Jan 2022 18:08:38 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 6B92 79 KB
27 KB 199ms
92ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: itsguider.com
URL: https://itsguider.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

148030f212eb7a6d8f6c498beeb77a366ce8c9a3254111476c8923ddf40c55cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27134
x-xss-protection: 0
server: sffe
etag: "1114 / 675 of 1000 / last-modified: 1643303763"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 27 Jan 2022 18:08:38 GMT

GET
H3 200 pubads_impl_2022012504.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 6B92 351 KB
118 KB 86ms
38ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

86f6444eafceacae485c6aadbd60d9659319859369ba5b9d4d0a1bc09eb5d098

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 13:14:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17650
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121040
x-xss-protection: 0
last-modified: Tue, 25 Jan 2022 15:13:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Jan 2023 13:14:28 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 6B92 107 B
792 B 160ms
48ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 Jan 2022 18:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 6B92 107 B
549 B 137ms
49ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 Jan 2022 18:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 6B92 21 KB
9 KB 391ms
391ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2595558818809462&correlator=139826555654595&output=ldjh&impl=fifs&eid=31061815%2C31064556&vrg=2022012504&ptt=17&sc=1&sfv=1-0-38&ecs=20220127&iu_parts=360613911%2Citsguider.com_RedMas2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&cdm=itsguider.com&bc=31&abxe=1&dt=1643306917834&lmt=1643306917&dlt=1643306917276&idt=526&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=336&ish=280&oid=2&adxs=0&adys=0&adks=1993164461&ucis=fqvmj47fhdpe&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&nhd=2&url=https%3A%2F%2Fitsguider.com%2F336.php&ref=https%3A%2F%2Faccount.adstripe.net%2F&top=https%3A%2F%2Faccount.adstripe.net%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=336x280&msz=336x280&ga_vid=67190459.1643306918&ga_sid=1643306918&ga_hid=1794846241&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

480e1e24a459ce49b3c28ecd17641c94029c1f797ca56d706468be37c1d2331b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9145
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsguider.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6B92 12 KB
9 KB 145ms
54ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022012504&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9d395bf477beae50d440a37cc9ebae675d5503a2d51482a8362dabfc04591ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 27 Jan 2022 18:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9137
x-xss-protection: 0

GET
H2 200 container.html Show response
3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 964D 6 KB
4 KB 187ms
47ms Document
text/html 2a00:1450:400f:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400f:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 27 Jan 2022 18:08:38 GMT
expires: Fri, 27 Jan 2023 18:08:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6B92 17 KB
7 KB 185ms
65ms Script
text/javascript 2a00:1450:401b:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:401b:810::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 27 Jan 2022 18:08:38 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8BC5 13 KB
5 KB 108ms
43ms Document
text/html 2a00:1450:401b:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:401b:810::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Jan 2022 17:35:17 GMT
expires: Fri, 27 Jan 2023 17:35:17 GMT
cache-control: public, max-age=31536000
age: 2002
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 62C7 783 B
1 KB 134ms
50ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8cd328a63ec4ed6acc9340f8fa2e82ac6375024334fc51d1d28ccccfeb2c3c83

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LopZk7JnaDSRsWclgXNoYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 27 Jan 2022 18:08:39 GMT
date: Thu, 27 Jan 2022 18:08:39 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-LopZk7JnaDSRsWclgXNoYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7E7D 6 KB
3 KB 79ms
34ms Document
text/html 2a00:1450:400f:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022012504.js?31064556

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400f:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Jan 2022 18:08:38 GMT
expires: Fri, 27 Jan 2023 18:08:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 mfFJ-W--rqivV8WG4WyPQ8vKEq2pdH_2ou3EKTspk_8.js Show response
pagead2.googlesyndication.com/bg/ Frame 8BC5 35 KB
13 KB 85ms
39ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mfFJ-W--rqivV8WG4WyPQ8vKEq2pdH_2ou3EKTspk_8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99f149f96fbeaea8af57c586e16c8f43cbca12ada9747ff6a2edc4293b2993ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 16:37:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5480
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13575
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 27 Jan 2023 16:37:19 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 7E7D 0
0 80ms
80ms Fetch
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CFrWypt_yYbC8JfiG7_UPv_-1gAPJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTczNjM4MDkyMTkyNDQxMjKgAdW20uoDyAEJqQKL7e1ZnreyPuACAKgDAaoE4wFP0J4fnr_sdFwM1slINDkeWoTAyYu4AKGyJQKj_MzvfVBvqCrTeZpZyngbjdxFzZyU-C6V5aTfbAOe4xCfzoLK8d8Q38QLbo2pH32p1iNdA26-wv1aw6vdFKpDG8fb5DBxwESf57EtM1v59mZnwjoV6Ngi4eedN4e8kdDvTNgcuEt5dY7RRf2viqdUb-Y2Ir_hptbOLGLukB207A89CY6838tL6-25fQPXSx6QSAqgJWiYaiJ8AluCy6nOPYiGKz7WShpw3SdNP8Jck9e61jGIqWHNps4hi40Cfn9OcFVlzoDn--AEAYAGrt-ZoLP2it34AaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDUyMjQ4NTE4ODQ3NDQwgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTczNjM4MDkyMTkyNDQxMjIYv-If&sigh=goas8McE4_g&uach_m=[UACH]&cid=CAQSGwCNIrLMB3RteGWCGEkiA-7tYcJ4Nc0a3JtasBgB
Requested by: Host: stfly.me
URL: https://stfly.me/RealsyMega2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s12-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 7E7D 0
0 58ms
18ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UP2jErikCdACmAKdg2ICAgAAACmyPLXwssNiEKXf8mH1jgcEhbGC5_z9PQAS&wp=YfLfpgAJXjAIu8N4AA1_v739HN6UaFNTV5zGwQ

Requested by

Host: stfly.me
URL: https://stfly.me/RealsyMega2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
server: Kestrel
server-processing-duration-in-ticks: 241698
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame EFB5 46 KB
18 KB 65ms
31ms Document
text/html 2a02:2638::18
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YfLfpgAJXjAIu8N4AA1_v739HN6UaFNTV5zGwQ&u=%7C25jr5olrR%2BPTNpSihPZWkKpafLIBLT6I5IPwRPPGfJU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-j2ATKBjmGv5VLsOcRWASjmv1hm8REGDc0dy11_HTCGGmLCUiSCGcYr4_PLWCi74v-Iy1fIjKPZTjL1a3ScP5CpUYBeRYpRX8lKi_fvFGUrf-4rJ4ECgoOPpHhV0d_U3vpErDD24SPr-4kkpcTNqKuplaCoed-I7oVbOoSrKjYLz4-LqAVPJX9Nzil2Wom2u6dsDpRpfzcAoR5fi24YMAdmfAnPZssvueyKKbS38223Wyg0r81xvQen7kHWp3-DELZCjJgJhOTRjCFKaeNBCy7Hgm9z3GwXp0xAP3CVX4LmLc3OnQwxHU4vKjP88NTewyFr45LsydmJqtMiY6Q2UqDmy5PBxye1Bff56Z2W0dSE9gNVaitNkHfToPDO3RlQWWi7WOL4jSbOLYwDiCWAB_cw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkYRBpt_yYbC8JfiG7_UPv_-1gAPJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTczNjM4MDkyMTkyNDQxMjKgAdW20uoDyAEJqQKL7e1ZnreyPuACAKgDAaoE5gFP0J4fnr_sdFwM1slINDkeWoTAyYu4AKGyJQKj_MzvfVBvqCrTeZpZyngbjdxFzZyU-C6V5aTfbAOe4xCfzoLK8d8Q38QLbo2pH32p1iNdA26-wv1aw6vdFKpDG8fb5DBxwESf57EtM1v59mZnwjoV6Ngi4eedN4e8kdDvTNgcuEt5dY7RRf2viqdUb-Y2Ir_hptbOLGLukB207A89CY6838tL6-25fQPXSx6QSAqgJWiYaiJ8AluCy6nOPYjEKR9EzZXszpjRK2GMrnFC3yWCH2vjvkyVQ7CkjMBQXE3gZAT0RFNM_OAEAYAGrt-ZoLP2it34AaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDUyMjQ4NTE4ODQ3NDQw-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pTOAEikh2XMUE-1UGb-EWqfaxaw%26client%3Dca-pub-7363809219244122%26adurl%3D

Requested by

Host: 3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
URL: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::18 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

052d7af300d8466328c7db930faec2737a0c539a8cc1a439045045eacd86a19b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/

Response headers

date: Thu, 27 Jan 2022 18:08:38 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=XcusMo58sfCtrDAeSFPMf_L1apDgkVcDgLXtRPx5oQZDANWJixNWjDy8LJJe_WC2fk4v7UPWBD77-kvw2UKHJn9zaqlB2iYph6LYxlm4nTfemQmJmSKDwDBbxDV3mo9UgRq0FIQnoCYzUDyVVpe_Dhlo1BxKXLC4DRaf7i7JwnJk9pa1zqRYlFChfumtgX90o9yLp6dyVnlnAPyG8A0Z5VCL-rtNN-5AzbtBQVr6GDkZGcJEIqScJcsGKYJagQP9BBUaeQ"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 5358492
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 7E7D 2 KB
1 KB 44ms
43ms Script
text/javascript 2a00:1450:401b:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/window_focus_fy2019.js

Requested by

Host: 3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
URL: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:401b:810::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 17:54:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 820
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Feb 2022 17:54:59 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7E7D 123 KB
38 KB 138ms
54ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
URL: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38288
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643200382015849"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 27 Jan 2022 18:08:39 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 7E7D 14 KB
6 KB 43ms
43ms Script
text/javascript 2a00:1450:401b:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
URL: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:401b:810::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fa7f49e3a869a02c248c7c730f895951b3fc2f811e504d3ab30f72c1f74913c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:02:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6123
x-xss-protection: 0
server: cafe
etag: 1875255482418879373
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Feb 2022 18:02:01 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 7E7D 22 KB
7 KB 44ms
44ms Script
text/javascript 2a00:1450:401b:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
URL: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:401b:810::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 17:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2081
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Jan 2023 17:33:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 62C7 0
0 94ms
87ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022012504&jk=2595558818809462&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame EFB5 2 KB
1 KB 48ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YfLfpgAJXjAIu8N4AA1_v739HN6UaFNTV5zGwQ&u=%7C25jr5olrR%2BPTNpSihPZWkKpafLIBLT6I5IPwRPPGfJU%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-j2ATKBjmGv5VLsOcRWASjmv1hm8REGDc0dy11_HTCGGmLCUiSCGcYr4_PLWCi74v-Iy1fIjKPZTjL1a3ScP5CpUYBeRYpRX8lKi_fvFGUrf-4rJ4ECgoOPpHhV0d_U3vpErDD24SPr-4kkpcTNqKuplaCoed-I7oVbOoSrKjYLz4-LqAVPJX9Nzil2Wom2u6dsDpRpfzcAoR5fi24YMAdmfAnPZssvueyKKbS38223Wyg0r81xvQen7kHWp3-DELZCjJgJhOTRjCFKaeNBCy7Hgm9z3GwXp0xAP3CVX4LmLc3OnQwxHU4vKjP88NTewyFr45LsydmJqtMiY6Q2UqDmy5PBxye1Bff56Z2W0dSE9gNVaitNkHfToPDO3RlQWWi7WOL4jSbOLYwDiCWAB_cw&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCkYRBpt_yYbC8JfiG7_UPv_-1gAPJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTczNjM4MDkyMTkyNDQxMjKgAdW20uoDyAEJqQKL7e1ZnreyPuACAKgDAaoE5gFP0J4fnr_sdFwM1slINDkeWoTAyYu4AKGyJQKj_MzvfVBvqCrTeZpZyngbjdxFzZyU-C6V5aTfbAOe4xCfzoLK8d8Q38QLbo2pH32p1iNdA26-wv1aw6vdFKpDG8fb5DBxwESf57EtM1v59mZnwjoV6Ngi4eedN4e8kdDvTNgcuEt5dY7RRf2viqdUb-Y2Ir_hptbOLGLukB207A89CY6838tL6-25fQPXSx6QSAqgJWiYaiJ8AluCy6nOPYjEKR9EzZXszpjRK2GMrnFC3yWCH2vjvkyVQ7CkjMBQXE3gZAT0RFNM_OAEAYAGrt-ZoLP2it34AaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDUyMjQ4NTE4ODQ3NDQw-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0pTOAEikh2XMUE-1UGb-EWqfaxaw%26client%3Dca-pub-7363809219244122%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 22 Jan 2023 18:08:39 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame EFB5 2 KB
1 KB 51ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 22 Jan 2023 18:08:39 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame EFB5 308 B
636 B 47ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 22 Jan 2023 18:08:39 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame EFB5 507 B
835 B 81ms
52ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Sun, 22 Jan 2023 18:08:39 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/m/delivery/ Frame EFB5 43 B
347 B 252ms
18ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=NSD6kNMkz93W0_JHn0BEiXaxRlIzThgZfUx4jwrx5SyKDNTfxqtzQmUfCx1eErcT7MWsF9qeyoVIM0hy-uw_slS_UiPNApuTZ-TmtO6RHKIPkXcgGGBcjCUVx4tjmWSwxWw0uMRXyC5g4fvX7Wd1BOWfNEhWl5t_-rKvSq-4Unok0_GrQ-_7nE10RKkIEnc0E6ijv_pU38TRgmz_eePdIekGeVQj-rUVuFl9JhPMbBNP4jAwbDnzsy0tf0zn8IgvTmrAvGVNa0WPZCEaodr_FNYqJDNPOJkwrFxLOZeZRLodCMg-YkukbvmlqxG8giL8jnd4EPGPJi1fTkmbfnxOtf0kmMaAhY9mGgK51McJSXuwZuLMrUUVcTCXHGkfwzYrW5gPNAC_Q05B7tTA3E6Hsu5eRVBp3D4xPefXGwlDap1Yodcf-cT0qSuiMkKrOmOd3v0foQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jan 2022 18:08:38 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2847475
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 832b82871f3248338680d79981111b80_image_ad_336x280.jpeg
static.criteo.net/design/dt/90764/220105/ Frame EFB5 96 KB
96 KB 49ms
20ms Image
image/jpeg 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/90764/220105/832b82871f3248338680d79981111b80_image_ad_336x280.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

217e1b04eacd2a5e7a3f034f71830451edc5268fb17f66e234e3bdbb9e0faa47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
last-modified: Wed, 05 Jan 2022 18:27:39 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "61d5e31b-17e02"
strict-transport-security: max-age=31536000; preload;
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 97794
expires: Sun, 22 Jan 2023 18:08:39 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame EFB5 0
127 B 243ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=XcusMo58sfCtrDAeSFPMf_L1apDgkVcDgLXtRPx5oQZDANWJixNWjDy8LJJe_WC2fk4v7UPWBD77-kvw2UKHJn9zaqlB2iYph6LYxlm4nTfemQmJmSKDwDBbxDV3mo9UgRq0FIQnoCYzUDyVVpe_Dhlo1BxKXLC4DRaf7i7JwnJk9pa1zqRYlFChfumtgX90o9yLp6dyVnlnAPyG8A0Z5VCL-rtNN-5AzbtBQVr6GDkZGcJEIqScJcsGKYJagQP9BBUaeQ&sds=2&rev=80217&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 27 Jan 2022 18:08:39 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame EFB5 2 KB
1 KB 27ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 22 Jan 2023 18:08:39 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame EFB5 2 KB
1 KB 36ms
36ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 22 Jan 2023 18:08:39 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8BC5 0
9 B 43ms
43ms Image
text/plain 2a00:1450:401b:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3WuuZA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:401b:810::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 27 Jan 2022 18:08:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6B92 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022012504&jk=2595558818809462&bg=!eHulez_NAAY6OBv_Ojg7ACkAdvg8Wi5yNU6abzI4eLteJBDkiKRtGr_z4yeDTp_AhvMxs_t1dZeHrQIAAABsUgAAAANoAQcKAKN2RMr9ZQIDZT4KTH3SJkDZVnx-nemHoWR9M551j3qGOSgFsFDeRO1GwdV4q1m9_MxIpuLzagDgPuQXf2SovDcSSA7okwVGptXPMAOaUKFH0VTEOhhBOyaHLW8huQaqXYugVZfffnACyAGzn3i3GZ5s9pji7UL7j1Zp7SHNBs3enQjiQ9k_lJXgK2WeYVuE_Ftex-mQku8GywpvDSCA6ZG4uAMKmQLlo3VbA_cKjfOqqoW38NrxYU1hfTJ_jWhgKd7yEjx8C0lTEbwY8sUmzQSYLWUdmNh1MIsofjpVVchSg28WL6Jy5DhQoqhdFzwVgMe6MnWMAJWF4r7mD0D0SAMEjbHJhzVDKr_dxjwB84PEewcUuSlh1XDkMBtD9JzIYo15T6MYpYboXRwJOA0d_TxvBeQlYw2USP8xUIpgrpNXzmNiss4YXdiaaMFC6DDHcICisSOrl8N3kAXDy6hM3d4zTW0jBkZCdLjLUiwZtPL_1YbQURzn06wqhtAkegKplPApRRa4iFeBmRnfQBBdh8rqTPeSWjd8fMWqgDB4DpIPBQBuuyyOn8m2D0Rd2-ggjqlb4NJmgcFsRAk4XFjecJMtzIP6_cQQgUF0i10gBvjmhUZD26Kx_vhpwNCV1cQTJacjBvOMKzydLwmLEmEYCX5_407FfEp_FPsKUwLc1jmVGr_V0g2rMEjLv1CNeKa5tovF37yMmhvcuH50Gj1rWz7bhAU56tLaguLwei7ElV7TZcNht_Eeb-2Ri6j7bKCyhRDyNKm4StGZsOKVks7Q0rW5IDJ6tQPlm11zOc8u4EAzVvslkc_K-py1Rz2HjmXYKASanIn8UykKB1TmYODqDw440ByJoaBFV0gwvVP4RhKF7FztrrGX3oRWnY0xJV6koUot0t3HmPuadFRQ73_Vx7S6L2KhMIyehI_uVf5ft2CPzTvmQAXKWSYqGOulLMrYmQke3y05q-U3Lb5LKqSvr5ZgYIaokfucYpIpAlbZtaOWTATdBneuwVFg4ec2CFeaEYbfdpZEMyvnjoV3d9Q243pax51g23G7VIeDxEWFituWEtM0Y3entJWe1404_XtHi6y5GSFK6HI8Pvx27WUTFD-j6DkaTKm9No4D3JrJGdlG5VfklORxm7UP9_V15sf_-2Soh10tZbIGcGrsT5OxNOhU5pMbG6QBa8Aox1vXNLaEReuwjxIJTipv4lFp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jan 2022 18:08:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 7E7D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 796ef199f51c6f23b1b98a8e250d1d0eb571ffbbc084703f72aea946177ad4aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 all
csm.eu.criteo.net/ Frame EFB5 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 27 Jan 2022 18:08:40 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7E7D 42 B
64 B 118ms
72ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvXkNO8pKMs_c0ORMOEMo_A74oMPC-jmiu7LRwJZYmG-iji8RjGaTvACSy_K57SQExU6pcMYGfqaqCqfZix7CI_&sig=Cg0ArKJSzLDgSZGrK3m8EAE&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220126&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1993164461&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643306918251&rpt=321&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 27 Jan 2022 18:08:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sanggilregard.com/	1970-01-20 00:29:53	Name: GL_UI4 Value: eJw9jUtugzAYhHnTKAV1JA7QI0BCDCyrHqJLZPAPcQN2ZNyg3r5WpXY1n%2Bah8TwvKHL4jyRE%2BMUveG1bxs5le7qcBDtP3TA19dDUxErWdqyqWxzk1ls%2BLGQjPM%2BkyMixH7WgDC8u%2BnNuSu8qQjwYrkSGeHWNJUM6GL1vZIoQkeIrIXm%2FGu00XvmnNgi6xqFUDv0Sgd6KMD8g%2FZBKuF1%2BRFCVeZZ4ON4Xbidt1l6KxEc8Gy4I%2FhueRm5p1uYbqaDtZvUd0Ivo%2F%2Fu%2Ft%2BFelUgEPeTovrW9kvkBeTRJng%3D%3D
sanggilregard.com/	1970-01-20 00:29:53	Name: GL_GI10 Value: eJxljNFqwjAYhWs6u5WJcsAH6AtYiKWbt9vs5s2ufIAQ6l8Jo0n4E2Xd088pyMC7w3fOd5IkEfMphPGYyVVdLmVVyrou5dMS6Z4cxLrBpHUHG3lQVveE%2Bw%2FiXtsBGdPeOAuxafB4yap1O8J43Sz%2BsbM13lAIhLvWxAF4Z22%2FugPHQvfFpzYW%2BV9x0ecn%2FXaQmuCBSsrnqtgSH01LoXh5RW4pquCJdsjfHHvHOhKmV3r%2BzFI8mKA8u%2B8hG2EWTU8%2FzpJyXRcontDomIlf4WRPyg%3D%3D
omchanseyr.com/	1970-01-20 09:14:02	Name: OAID Value: 7d7d09644de3404d938251ca0dc13cc1
omchanseyr.com/	1970-01-20 09:14:02	Name: oaidts Value: 1643306917
toglooman.com/	1970-01-20 09:14:02	Name: scm Value: 1
my.rtmark.net/	1970-01-20 09:14:02	Name: ID Value: 7d7d09644de3404d938251ca0dc13cc1
stfly.me/	1970-01-20 00:28:27	Name: prefetchAd_3381289 Value: true
omchanseyr.com/	1970-01-20 00:38:31	Name: syncedCookie Value: true
stfly.me/	1970-01-20 00:29:49	Name: _data_html Value: 1-1
.doubleclick.net/	1970-01-20 09:50:02	Name: IDE Value: AHWqTUncsw3y4Xe5XbpZGf5t4PJBU9Bqwz_iLQwfyyuF_0KlZnFz_rDR4zI_AeytKuw

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://toglooman.com/1?z=3968308 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://dozubatan.com/400/4495548 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3249dacfb08eb119bf8869cdbdb35321.safeframe.googlesyndication.com
account.adstripe.net
ads.eu.criteo.com
adservice.google.com
adservice.google.de
cat.fr.eu.criteo.com
csm.eu.criteo.net
dozubatan.com
fonts.googleapis.com
fonts.gstatic.com
itsguider.com
my.rtmark.net
omchanseyr.com
pagead2.googlesyndication.com
rtb.fr.eu.criteo.com
sanggilregard.com
securepubads.g.doubleclick.net
static.criteo.net
stfly.me
toglooman.com
tpc.googlesyndication.com
worldfreshblog.com
www.google.com
www.googletagservices.com
139.45.195.8
139.45.197.181
139.45.197.237
139.45.197.238
139.45.197.239
142.250.184.226
178.250.0.160
178.250.0.162
23.109.82.250
2606:4700:3037::6815:309a
2606:4700:e0::ac40:6916
2a00:1450:4001:802::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:811::200a
2a00:1450:4001:828::2002
2a00:1450:400f:80a::2001
2a00:1450:401b:810::2001
2a02:2638:1::3
2a02:2638::18
2a02:2638::2
2a06:98c1:3120::7
0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2
0101ce28449e7a4b1442d7f5381bcc968a88025d75b09855caeb6ded28e743a2
052d7af300d8466328c7db930faec2737a0c539a8cc1a439045045eacd86a19b
0895ce2dc2fc97c93d9e55bf5ceef39fdfa59d0a4792015800cf90cd1bae0750
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0cb5b5cabf4ad2904b60a9278a7a6235f3370ece69dfeee0c86fa3011c37b3ab
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11
148030f212eb7a6d8f6c498beeb77a366ce8c9a3254111476c8923ddf40c55cd
217e1b04eacd2a5e7a3f034f71830451edc5268fb17f66e234e3bdbb9e0faa47
3d74bcb57a47e19013867b54a22c34d8722e0ee32cf9c6af61a2d207335f6d62
480e1e24a459ce49b3c28ecd17641c94029c1f797ca56d706468be37c1d2331b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66219bc99ac30a346552ced8a3a2739c915b441219cfd9cf3dbef943cf7ca7bf
6e4e2aee7a7e6845dc271cd9042c9ad86cb71e24b5b28a3b78a72bd3bfedee35
796ef199f51c6f23b1b98a8e250d1d0eb571ffbbc084703f72aea946177ad4aa
83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf
84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4
85821da273b7d5dc51f8c9ff01bb46fa3461f36aef2977a6c74aa66cc2bd503e
86f6444eafceacae485c6aadbd60d9659319859369ba5b9d4d0a1bc09eb5d098
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25
8cd328a63ec4ed6acc9340f8fa2e82ac6375024334fc51d1d28ccccfeb2c3c83
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
99f149f96fbeaea8af57c586e16c8f43cbca12ada9747ff6a2edc4293b2993ff
9fa7f49e3a869a02c248c7c730f895951b3fc2f811e504d3ab30f72c1f74913c
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9d395bf477beae50d440a37cc9ebae675d5503a2d51482a8362dabfc04591ab
b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
c83ca3b19aa2a303c89e68342540e16e0d90947ce3e89da0f963e6e70df017f6
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d31be4908b8f3c24f86f861f5f3c2503fd3d9ccd2f87ed5f0f2207662c2acfc1
d8d3d008578dcef20081369fff244614d342fcfbeec3111b8b069b62b580dc7b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f
ff0a2aad62972fe8f9ded071fe81e9d4ec9bf605b65d748815032fbf8e56ba0a

stfly.me Open in urlscan Pro 2606:4700:e0::ac40:6916 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

57 Requests

100 %HTTPS

63 %IPv6

18 Domains

24 Subdomains

25 IPs

6 Countries

605 kBTransfer

1535 kBSize

10 Cookies

0 Outgoing links

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

stfly.me Open in urlscan Pro
2606:4700:e0::ac40:6916 Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

100 %
HTTPS

63 %
IPv6

18
Domains

24
Subdomains

25
IPs

6
Countries

605 kB
Transfer

1535 kB
Size

10
Cookies

57 HTTP transactions
1 data transactions