smartocom.com Open in urlscan Pro
2a02:4780:8:412:0:f5e:f62b:1 Public Scan

Software

nginx /

Resource Hash

0ce9ed082f803d26b33da8023b0b32979e77cac9867bd4f02ca63ae9424e22a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 banner.php Show response
g.cash-ads.com/ 208 B
365 B 130ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner.php?uid=4886&size=4

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

c8a205ef9fff47760593de7adc2444997798423c3357b4ad8738eecc567789b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 banner.php Show response
g.cash-ads.com/ 207 B
364 B 130ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner.php?uid=4886&size=2

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

static.130.40.76.144.clients.your-server.de

Software

nginx /

Resource Hash

d29fd5980685f11ebcae086a65f74439478008176b9c07748d63438f10c2c89f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 banner.php Show response
show.adorion.net/ 212 B
281 B 124ms
35ms Script
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/banner.php?uid=480&e=0&p=1&s=1&size=4&name=
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: bf5c979b2376dae68f84a675172c44abd5ff48a3459268f1e4fb0badaf40d9c5

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
content-type: text/html; charset=UTF-8

GET
H2 200 banner.php Show response
show.adorion.net/ 210 B
280 B 123ms
35ms Script
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/banner.php?uid=480&e=0&p=1&s=1&size=2&name=
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: e5149c6eb49540cd593c399c40ec0099171d0b6f89470be86b32831a36307d77

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
content-type: text/html; charset=UTF-8

GET
H2 200 banner.php Show response
show.adorion.net/ 210 B
279 B 124ms
35ms Script
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/banner.php?uid=480&e=0&p=1&s=1&size=1&name=
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: e982f8c762a6b416671b3c802d9b7f3d32b1864cda6909cb852658c00121ac42

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK flag-icon.min.css
smartocom.com/css/flag-icon-css/css/ 332 B
552 B 30ms
15ms Stylesheet
text/css 2a02:4780:8:412:0:f5e:f62b:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://smartocom.com/css/flag-icon-css/css/flag-icon.min.css
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:f5e:f62b:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 100c7fafe44f80f40c68f01d4ecaf091b60d5950229c7b1c57ea5360c2849eaa

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Tue, 16 Feb 2021 16:47:12 GMT
Server: LiteSpeed
Etag: "14c-602bf710-cab5e38a649dc941;gz"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 172
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H2 200 / Show response
all.obozrevatelcom.info/ 7 KB
5 KB 111ms
37ms Script
application/javascript 144.76.40.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://all.obozrevatelcom.info/?p=NTJhOTRkOWUxOWM5ODdmYTI0MjJmZGYwMmNhNjIwOTJ8NDI0Mzc4fE1vYmlsZUh1bnRlcnx8MTAwMHwxNDYyMDU5&build_ad_code=1&v=2&poid=0

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.76.40.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx /

Resource Hash

6ca2cdc5e69d08a9702562a1a105b3e9455fd139acea208a9d0bdc2bed5a452e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
vary: Accept-Encoding, Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
server: nginx
x-frame-options: DENY
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
referer
x-robots-tag: noindex
public-key-pins-report-only: pin-sha256="9u+jneaI5mdguk/QBWQDE/1Q6qoH5sz6Vf2yyjU0UjE="; pin-sha256="efRXWfSs2jsGspReg4wM6BZec+gy29/uyIFXlD2sg2c="; max-age=31536000; includeSubDomains; report-uri="https://traffstock.net/?mod=ticket_system&do=ticket_create"
expires: Wed, 17 Feb 2021 09:10:18 +0000

GET
H2 200 css
fonts.googleapis.com/ 27 KB
1 KB 19ms
16ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Exo%202:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&subset=cyrillic,latin,latin-ext

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cd3f974071f69cc759e658b509edca2aa4c4cb4e7d216e3383c34a8b7930935d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 21 KB
1 KB 19ms
16ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4956068b2f2c2f14c6dd7fb409b7e5a22ab4a41b45c9ad683bc0f77c5853ffba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 7 KB
795 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%20Condensed:300,300i,700&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aad239117bb404ee640c2785941f72eacb52ddf7a1f7e0740e328659f8b31bb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:59:54 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
670 B 19ms
16ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT%20Sans:400,400i,700,700i&subset=cyrillic,cyrillic-ext,latin,latin-ext

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c88798d5a2b63a8475e89f92fcdba460e120f350ca58257c17a1842decf4fd64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
587 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT%20Sans%20Caption:400,700&subset=cyrillic,cyrillic-ext,latin,latin-ext

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1377106ff17791bb5978bc14af3217c16fb3bb4b4adf75441ad88ba461152b26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
631 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT%20Sans%20Narrow:400,700&subset=cyrillic,cyrillic-ext,latin,latin-ext

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

364a08df75c184fedc4c285d9d5bbe4a9d4e1eb2511155f166f5ba92fce077cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 24 KB
1 KB 24ms
22ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

80d2a1a268a723880928f2f2c2fda12e963381fb97608c0320bc8234b1d2b701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:06:36 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 13 KB
966 B 25ms
23ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%20Condensed:300,300i,400,400i,700,700i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dd50b6a14b386d15dc4c9a46d9eb634b5d282d551d4d032c167ad4965f2f1a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
735 B 25ms
24ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%20Slab:100,300,400,700&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: smartocom.com
URL: http://smartocom.com/css/common.css?ts=1613486833

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

189acf6893645dc3f697decb870090968420ee847e0e65dda96184ea86aed538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://smartocom.com/css/common.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK Cookie set / Show response
www.markocpm.com/ Frame D6C6 515 B
701 B 79ms
60ms Document
text/html 45.93.125.49
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.markocpm.com/
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Server: 45.93.125.49 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed / PHP/7.3.23
Resource Hash: d38c972319042d32ce9e4ad9903c47c07ed14595312d2953c52a4de41cf7c3e0

Request headers

Host: www.markocpm.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://smartocom.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

Connection: Keep-Alive
X-Powered-By: PHP/7.3.23
Set-Cookie: PHPSESSID=b9d674b1862bafe878c3a98eb36ed486; expires=Wed, 24-Feb-2021 09:10:18 GMT; Max-Age=604800; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Wed, 17 Feb 2021 09:10:18 GMT
Server: LiteSpeed

GET
H/1.1 200
OK a239d434bdac8d066fa273ccf550eb6e.png
smartocom.com/gallery_gen/ 1 KB
2 KB 14ms
14ms Image
image/png 2a02:4780:8:412:0:f5e:f62b:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://smartocom.com/gallery_gen/a239d434bdac8d066fa273ccf550eb6e.png
Requested by: Host: smartocom.com
URL: http://smartocom.com/css/1.css?ts=1613486833
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:f5e:f62b:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: dee1764ce79278c7e81c843637f62bb572df465731bc5f1889e72a374abbd716

Request headers

Referer: http://smartocom.com/css/1.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Last-Modified: Sun, 14 Jun 2020 14:47:34 GMT
Server: LiteSpeed
Etag: "5b9-5ee63886-fc168bb706ea11aa;;;"
Content-Type: image/png
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1465
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H2 200 page.php Show response
www.eurosptp.com/ Frame 37C4 7 KB
3 KB 123ms
45ms Document
text/html 213.186.33.19
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eurosptp.com/page.php?name=mariusmm
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.19 , France, ASN16276 (OVH, FR),
Reverse DNS: cluster010.hosting.ovh.net
Software: Apache / PHP/5.4
Resource Hash: 37edc6b24b4c9b15d88463deb804821a83f83da357ef81450404dc0b133795a4

Request headers

:method: GET
:authority: www.eurosptp.com
:scheme: https
:path: /page.php?name=mariusmm
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=iso-8859-1
server: Apache
x-powered-by: PHP/5.4
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
referrer-policy: origin
set-cookie: visbl=1; expires=Wed, 17-Feb-2021 09:10:48 GMT; path=/; SameSite=None;secure; domain=eurosptp.com visite24=1; expires=Thu, 18-Feb-2021 09:10:18 GMT; path=/; SameSite=None;secure; domain=eurosptp.com PROMOTION=751c80345e6bb6bc4d71c11a8329b9b5; expires=Wed, 17-Feb-2021 09:12:48 GMT; path=/; samesite=None;Secure; domain=.eurosptp.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
x-robots-tag: noindex

GET
H2 200 / Show response
g.cash-ads.com/ Frame 06AD 496 B
636 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm24xZKCIBw9wyrxHa%2FXfFI7A%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner.php?uid=4886&size=3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

b4e0e27dc70907c69bec5a8c876c2a2665b21521fdc08e215f5fa4f802457f28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=22N5GE%2BmBqVZA2TP4VHm24xZKCIBw9wyrxHa%2FXfFI7A%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame CA6A 496 B
636 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm28Qa5rklATAyH7uFJOBdZM8%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner.php?uid=4886&size=4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

2ecac34d56f0fa886cb8092a5e6a3ae11be7109f4198863a76e1c849329514bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=22N5GE%2BmBqVZA2TP4VHm28Qa5rklATAyH7uFJOBdZM8%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 19D1 496 B
636 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm21VsULFAueByfgeb1JmlMb8%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner.php?uid=4886&size=2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

static.130.40.76.144.clients.your-server.de

Software

nginx /

Resource Hash

41ea496809dc4ccff2f16d432eaacbc090fc2cb62b5db237669b792229d9846c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=22N5GE%2BmBqVZA2TP4VHm21VsULFAueByfgeb1JmlMb8%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 in4.php Show response
show.adorion.net/ Frame 893D 7 KB
7 KB 42ms
41ms Document
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/banner.php?uid=480&e=0&p=1&s=1&size=4&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: 19107b63d293491e7aee20ac006ed73d083d31a657a92633ab04b5e623143e99

Request headers

:method: GET
:authority: show.adorion.net
:scheme: https
:path: /in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8

GET
H2 200 in4.php Show response
show.adorion.net/ Frame 9AD1 7 KB
7 KB 44ms
44ms Document
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/banner.php?uid=480&e=0&p=1&s=1&size=2&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: 0d0dfc838c3394275de3a3b97afd8a17fe40a2446403f06c25ad6d28d4dcdc77

Request headers

:method: GET
:authority: show.adorion.net
:scheme: https
:path: /in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8

GET
H2 200 in4.php Show response
show.adorion.net/ Frame 4A9E 3 KB
3 KB 45ms
45ms Document
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/banner.php?uid=480&e=0&p=1&s=1&size=1&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: b307e794b16f9e50973e57c56c5446f7d67de9b2901584be60841dddd9127823

Request headers

:method: GET
:authority: show.adorion.net
:scheme: https
:path: /in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK / Show response
www.medcpm.com/ Frame E999 5 KB
2 KB 36ms
21ms Document
text/html 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed / PHP/7.3.23
Resource Hash: b974588a7e9908a29bd2f127ff43bfdc99069998f5546f74c169c12222130ba9

Request headers

Host: www.medcpm.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://smartocom.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

Connection: Keep-Alive
X-Powered-By: PHP/7.3.23
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 17 Feb 2021 09:10:18 GMT
Content-Length: 1517
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Wed, 17 Feb 2021 09:10:18 GMT
Server: LiteSpeed

GET
H2 200 / Show response
smartocpm.com/ Frame BF25 920 B
700 B 83ms
29ms Document
text/html 2a02:4780:8:412:0:38b3:3326:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: https://smartocpm.com/
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:4780:8:412:0:38b3:3326:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed / PHP/7.4.11
Resource Hash: e22c3ce7d96f5939d19c3c98bb98e61f17c3877fb085638ada5102e39bf543cb

Request headers

:method: GET
:authority: smartocpm.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://smartocom.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

x-powered-by: PHP/7.4.11
set-cookie: PHPSESSID=2b9f372aa6af00454939c675965fd70c; expires=Wed, 24-Feb-2021 09:10:18 GMT; Max-Age=604800; path=/; HttpOnly; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-length: 275
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Feb 2021 09:10:18 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000

GET
H/1.1 200
OK 813305 Show response
wx.cm/ptp/ Frame 79B7 2 KB
1 KB 1425ms
1407ms Document
text/html 185.61.152.55
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: http://wx.cm/ptp/813305
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Server: 185.61.152.55 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host37.registrar-servers.com
Software: Apache / PHP/7.2.34
Resource Hash: dafe6b118ae7dbd4f0d86658d3f743e2c9d924a60c8315713cad9cd5b749906b

Request headers

Host: wx.cm
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://smartocom.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 915
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ad.php Show response
ad2bitcoin.com/ Frame 5D41 1 KB
2 KB 366ms
134ms Document
text/html 23.95.12.219
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.219 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-219-host.colocrossing.com
Software: Apache /
Resource Hash: 73128eb6e45e0dbb01f75050d6f9a03e35f9d199f460a8bc6a263e5660fc805b

Request headers

Host: ad2bitcoin.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://smartocom.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

Date: Wed, 17 Feb 2021 09:10:15 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ptp.php Show response
traffic2bitcoin.com/ Frame B6F6 687 B
858 B 364ms
132ms Document
text/html 23.95.12.219
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.219 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-219-host.colocrossing.com
Software: Apache /
Resource Hash: fa38583abebc982806b78153cfd21c84b0578ec04e6b76ccb7bf028bffcd25f7

Request headers

Host: traffic2bitcoin.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://smartocom.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://smartocom.com/

Response headers

Date: Wed, 17 Feb 2021 09:10:15 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 / Show response
all.obozrevatelcom.info/ 34 B
723 B 41ms
41ms Script
text/javascript 144.76.40.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://all.obozrevatelcom.info/?p=MjMwNmMxNmYyMzAyOTgxMDk1YTIxZGY5ZTBhMTU5Yjl8NDI0Mzc4fE1vYmlsZUh1bnRlcnx8MTAwMHw3NDI4MzI2NQ==&v=2&r=&poid=0&is_click_needed=1&alin=0&callback=__JSONP74283265__0

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.76.40.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx /

Resource Hash

da760736759bc6b500abefcf66374740c23206c4f05edc44ccd9d1e8b11499d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: http://smartocom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report
vary: Accept-Encoding, Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
server: nginx
x-frame-options: DENY
strict-transport-security: max-age=31536000
content-type: text/javascript;charset=UTF-8
cache-control: no-cache, must-revalidate
referer
x-robots-tag: noindex
public-key-pins-report-only: pin-sha256="9u+jneaI5mdguk/QBWQDE/1Q6qoH5sz6Vf2yyjU0UjE="; pin-sha256="efRXWfSs2jsGspReg4wM6BZec+gy29/uyIFXlD2sg2c="; max-age=31536000; includeSubDomains; report-uri="https://traffstock.net/?mod=ticket_system&do=ticket_create"
expires: Wed, 17 Feb 2021 09:10:18 +0000

GET
H/1.1 200
OK 93ccffb97b0100589693b4c4c2a7a41a.png
smartocom.com/gallery_gen/ 929 B
1 KB 14ms
14ms Image
image/png 2a02:4780:8:412:0:f5e:f62b:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://smartocom.com/gallery_gen/93ccffb97b0100589693b4c4c2a7a41a.png
Requested by: Host: smartocom.com
URL: http://smartocom.com/css/1.css?ts=1613486833
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:f5e:f62b:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 483d06e21da196fc6b323559684ce48a5870a9ccfc758b8d75d95976127ef856

Request headers

Referer: http://smartocom.com/css/1.css?ts=1613486833
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Last-Modified: Sun, 14 Jun 2020 14:47:34 GMT
Server: LiteSpeed
Etag: "3a1-5ee63886-185d69cfff41ce00;;;"
Content-Type: image/png
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 929
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://smartocom.com
Referer: https://fonts.googleapis.com/css?family=Open%20Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 22:00:39 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 558579
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Thu, 10 Feb 2022 22:00:39 GMT

GET
H2

200

show.php Show response
cpm-ad.com/serve/ Frame 118A
Redirect Chain

http://cpm-ad.com/serve/show.php?a=5280&b=160x600
https://cpm-ad.com/serve/show.php?a=5280&b=160x600

3 KB
1 KB

307ms
293ms

Document
text/html

2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Requested by: Host: www.markocpm.com
URL: http://www.markocpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e9d843cc33875f7df198095a7019c5eaeeda26a050a471d58aee817c19962073

Request headers

:method: GET
:authority: cpm-ad.com
:scheme: https
:path: /serve/show.php?a=5280&b=160x600
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.markocpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.markocpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc743d9657ef1e19eda39ad0b4997f4d41613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.cpm-ad.com; HttpOnly; SameSite=Lax; Secure __cf_bm=aae0b48beb80fc59a10c07cab69a198df8b1e101-1613553018-1800-AS8HRtcu0SlEwaR21xld4/huwDhGVf0VGcxXgZLx2OM69Ya1b3VVUrzJMdQU2cRCnfTYsG6kWAU5TMTfQ/X++vo=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.cpm-ad.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3e2400003128b412b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=l%2FGr0PCS5ZRCD44OQz2T%2B9juqZjnN%2FXKNt6ih6LSF6zZIyFRJOXlGGN2YrTF88nxcknE80Ovr4O1GOI1k4JICCwQyfrX0%2BqSuH3eIfM591R1pwMwSBKU"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd0c073128-FRA
content-encoding: br

Redirect headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 17 Feb 2021 10:10:18 GMT
Location: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
cf-request-id: 0850da3e050000d729d805a000000001
Set-Cookie: __cf_bm=1c6d946c3d8b96fd9a6e3bf106299e3686938d55-1613553018-1800-AaPtgGS8uWzuNbtnwQjtRs4cT9KmYN0E5PzB34leGkqlCxokNzdv4e6WlCNHWc8/baKyT2CxdWAoaA5pgurt10s=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.cpm-ad.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hFHp7pjXZy117BHTkf0SV8Tjd1%2BwzzpWhQUCk%2FZshmTLC6zpPUzc5eceaValX0uqS0PDMEsi%2FY7O8y2iyFa4U5RIRS7bNzTmavqRz5JswBml6LCRS0jU"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 622e5fdcdf25d729-FRA

GET
H2

200

show.php Show response
cpm-ad.com/serve/ Frame EB03
Redirect Chain

http://cpm-ad.com/serve/show.php?a=5280&b=300x250
https://cpm-ad.com/serve/show.php?a=5280&b=300x250

3 KB
2 KB

295ms
291ms

Document
text/html

2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Requested by: Host: www.markocpm.com
URL: http://www.markocpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 423f74cd5b420e0770d8a3648345f0bb79c330bd59781b1c80b863118162cf4a

Request headers

:method: GET
:authority: cpm-ad.com
:scheme: https
:path: /serve/show.php?a=5280&b=300x250
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.markocpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.markocpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc743d9657ef1e19eda39ad0b4997f4d41613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.cpm-ad.com; HttpOnly; SameSite=Lax; Secure __cf_bm=3a033707e160a5ea67fec791f3dcf2ce01935770-1613553018-1800-Aa0FmcDrJ9bzGcwrQh5LlWl7sDDXU6F1K7JEd2KagJT7LTU6FmNsKdA3nlTMPwthQET/F5cMMOXu8Vmyvm05Pl8=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.cpm-ad.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3e24000031286a1a4000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=D%2FPRH4KZh%2FLx%2FJAjBxlMs6f1g51%2FqqSSKMGw7MWEc2eE%2B13WMEohGx2gY6MiXDX3k1p4cg8Qz612Z3%2BIo7mclwo%2BIrVeMpzQaTDltJa64u%2BMnV1I9h7l"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd0c063128-FRA
content-encoding: br

Redirect headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 17 Feb 2021 10:10:18 GMT
Location: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
cf-request-id: 0850da3e0500003237a4ae5000000001
Set-Cookie: __cf_bm=889989f2a85102fd08938edf6cbd8d27435bbea3-1613553018-1800-AT/225vIkPIwySkWXVwZIQZbX4WFy2nakz08jM52Xt5nVI73BJ8TS4zEcxGgKOwqEBLjvZkugMYnCA0MoBA1d+U=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.cpm-ad.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=G2qBjAwefnbce2Vjy%2BLB2Dmd%2FpWza%2FJgRMVXfpLqpyRILMD5wdSdB1Os%2BQ%2BlLyHspyQqVW6xmHLqLGZ%2FiIQE62BSC0mpGeZXNx5Vx4by43ibQmU0k9kf"}],"max_age":604800,"group":"cf-nel"}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 622e5fdcdd183237-FRA

GET
H2

200

show.php Show response
cpm-ad.com/serve/ Frame 0C2A
Redirect Chain

http://cpm-ad.com/serve/show.php?a=5280&b=728x90
https://cpm-ad.com/serve/show.php?a=5280&b=728x90

3 KB
1 KB

308ms
292ms

Document
text/html

2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Requested by: Host: www.markocpm.com
URL: http://www.markocpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e5788534ad69247911efd557ec3672093a378bfa075489d88190aa936ac2b276

Request headers

:method: GET
:authority: cpm-ad.com
:scheme: https
:path: /serve/show.php?a=5280&b=728x90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.markocpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.markocpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc743d9657ef1e19eda39ad0b4997f4d41613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.cpm-ad.com; HttpOnly; SameSite=Lax; Secure __cf_bm=7f08e090a73c553b8c0c23c27fd4bdff2d50c404-1613553018-1800-AX8NERNNJBhUGiQsv1ZG9taB67EB0S7c6KjzIWfRjoLWwzj3/quOg2e+6t+661TQhSNfikrxjSBlfrFQkdm77nU=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.cpm-ad.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3e24000031286aaf4000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LnfQ2QiZ1Oc3I7tsOYvExNq31li78x3%2FfVsW6v6czjnoP6Ejo7YvvK1p%2BviQVRWz%2FWj6OIii3AaOyZcKROfINsHOsJXod5km8LVpnXFAuhvdcWVF20pV"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd0c043128-FRA
content-encoding: br

Redirect headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 17 Feb 2021 10:10:18 GMT
Location: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
cf-request-id: 0850da3e0600004e2062a28000000001
Set-Cookie: __cf_bm=e675bdf60a795d112135e022fcaba316f15160dd-1613553018-1800-AU4/esuF+HfuznPJ7Xg0x40F6y/03QC4gILw0OXediK/DIEjzeBmWDTMnV+zDJ2h692wX+TXYqD642YlIDwP8UM=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.cpm-ad.com; HttpOnly; SameSite=None
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oYuDe42V5QkkFjpyfoXWpvdOIeKBLkJXNaGEfbrgiBkutfL866vzA5KrapKr2HFfD82HbHlwrV1dc%2F36SStFCWT9vRV%2B3MjMp%2FFXNuQvraPOSo%2B8jLVb"}],"max_age":604800}
NEL: {"max_age":604800,"report_to":"cf-nel"}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 622e5fdcd9184e20-FRA

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 06AD 5 KB
5 KB 42ms
42ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm24xZKCIBw9wyrxHa%2FXfFI7A%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm24xZKCIBw9wyrxHa%2FXfFI7A%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame CA6A 5 KB
5 KB 43ms
43ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm28Qa5rklATAyH7uFJOBdZM8%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm28Qa5rklATAyH7uFJOBdZM8%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H/1.1 200
OK bootstrap.min.css
www.medcpm.com/css/ Frame E999 119 KB
20 KB 15ms
14ms Stylesheet
text/css 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/css/bootstrap.min.css
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 87a14ba01ebdf4b9d3b4fed187910e139b1adf70498299abbef8d0475c632f88

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sun, 20 Jan 2019 11:34:54 GMT
Server: LiteSpeed
Etag: "1dd2b-5c445cde-74179370ca7623f2;gz"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 20056
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK jquery-1.11.3.min.js Show response
www.medcpm.com/js/ Frame E999 94 KB
33 KB 43ms
14ms Script
application/x-javascript 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/js/jquery-1.11.3.min.js
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sun, 20 Jan 2019 11:34:54 GMT
Server: LiteSpeed
Etag: "176d5-5c445cde-e1cc762862f3783c;gz"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 33401
Expires: Wed, 24 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK bootstrap.min.js Show response
www.medcpm.com/js/ Frame E999 36 KB
10 KB 54ms
22ms Script
application/x-javascript 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/js/bootstrap.min.js
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 6611a18fe4ffa925cb7990e0da1733054357b80786e0622c65b8c445638011e2

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sun, 20 Jan 2019 11:34:54 GMT
Server: LiteSpeed
Etag: "90f3-5c445cde-dbc5de7a6c135bd7;gz"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 9846
Expires: Wed, 24 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK main.js Show response
www.medcpm.com/js/ Frame E999 17 KB
5 KB 55ms
22ms Script
application/x-javascript 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/js/main.js?v=20190120113454
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 26ba2542eb936b980fea2f581cd3a3c2e27172ff7b1f99e705c0b861fbcea5b4

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sun, 20 Jan 2019 11:34:54 GMT
Server: LiteSpeed
Etag: "45a4-5c445cde-70b0a585fee3ccca;gz"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public, max-age=604800
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 4829
Expires: Wed, 24 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK font-awesome.min.css
www.medcpm.com/css/font-awesome/ Frame E999 30 KB
7 KB 29ms
14ms Stylesheet
text/css 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/css/font-awesome/font-awesome.min.css?v=4.7.0
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sun, 20 Jan 2019 11:34:54 GMT
Server: LiteSpeed
Etag: "7918-5c445cde-7b1dfb6be631041b;gz"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6989
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK site.css
www.medcpm.com/css/ Frame E999 32 KB
7 KB 29ms
14ms Stylesheet
text/css 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/css/site.css?v=20190120113454
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 3d70deceb61602216e9e486f962924e9b9786589af48954e19f5287cf3ba3adb

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sun, 20 Jan 2019 11:34:54 GMT
Server: LiteSpeed
Etag: "8055-5c445cde-1de779bb7941c90c;gz"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6326
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK common.css
www.medcpm.com/css/ Frame E999 38 KB
3 KB 30ms
15ms Stylesheet
text/css 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/css/common.css?ts=1608379455
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 98bc74b4277b93620d5c907c32702cd9f9fb8434409f0df125aa8b67b015ddde

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sat, 19 Dec 2020 14:04:14 GMT
Server: LiteSpeed
Etag: "99b2-5fde085e-9630b6dcd6c39e46;gz"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 2431
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK 1.css
www.medcpm.com/css/ Frame E999 8 KB
2 KB 29ms
14ms Stylesheet
text/css 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/css/1.css?ts=1608379455
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 9dc619427e1721f7d9bd13eb45ddec7cbd7da19a4b0d080f4a650739b0306c39

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sat, 19 Dec 2020 14:04:14 GMT
Server: LiteSpeed
Etag: "201a-5fde085e-66b73dab322ebca7;gz"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1350
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK flag-icon.min.css
www.medcpm.com/css/flag-icon-css/css/ Frame E999 332 B
552 B 30ms
15ms Stylesheet
text/css 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL: http://www.medcpm.com/css/flag-icon-css/css/flag-icon.min.css
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 100c7fafe44f80f40c68f01d4ecaf091b60d5950229c7b1c57ea5360c2849eaa

Request headers

Referer: http://www.medcpm.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
Last-Modified: Sat, 19 Dec 2020 14:04:14 GMT
Server: LiteSpeed
Etag: "14c-5fde085e-fe7d92175f0be9b3;gz"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 172
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 19D1 5 KB
5 KB 50ms
49ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm21VsULFAueByfgeb1JmlMb8%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm21VsULFAueByfgeb1JmlMb8%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 adorion300x250.png
adorion.net/images/banner/img/ Frame 893D 464 KB
465 KB 120ms
36ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adorion.net/images/banner/img/adorion300x250.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: 4c6894d347bc3572b8af64a442ebc001791861fbf7f33280554dc67497f5b60b

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Mon, 09 Mar 2020 20:45:20 GMT
server: nginx
accept-ranges: bytes
etag: "5e66aae0-73fe5"
content-length: 475109
content-type: image/png

GET
H2 200 bovl.png
show.adorion.net/img/ Frame 893D 992 B
1 KB 38ms
37ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://show.adorion.net/img/bovl.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: bec59c57ee20dfc84e3507a0abd51ef5c8ea11468e6154b98b110edff6ea8a05

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Mon, 09 Mar 2020 20:14:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e66a3a0-3e0"
content-length: 992
content-type: image/png

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 893D 215 B
372 B 47ms
46ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

ea11e769a707830351a55166fae9584c5e3732a39d376834a18413b811b2e0ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 893D 215 B
372 B 47ms
46ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

3fb3709520c5ef3fef8e833f7a9a8d3e1772c4442fbb8840ec3931e5783d0862

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 893D 220 B
377 B 54ms
53ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

c397ffd419492e8f7a0aae28f2350b26219a69eafd1c532760b2017f4a9ec1c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 bovl.png
show.adorion.net/img/ Frame 9AD1 992 B
1 KB 44ms
43ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://show.adorion.net/img/bovl.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: bec59c57ee20dfc84e3507a0abd51ef5c8ea11468e6154b98b110edff6ea8a05

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Mon, 09 Mar 2020 20:14:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e66a3a0-3e0"
content-length: 992
content-type: image/png

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 9AD1 215 B
372 B 47ms
47ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

ea11e769a707830351a55166fae9584c5e3732a39d376834a18413b811b2e0ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 9AD1 215 B
372 B 47ms
47ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

3fb3709520c5ef3fef8e833f7a9a8d3e1772c4442fbb8840ec3931e5783d0862

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 9AD1 220 B
377 B 48ms
47ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

c397ffd419492e8f7a0aae28f2350b26219a69eafd1c532760b2017f4a9ec1c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2

200

/ Show response
get.cryptobrowser.site/pb/6/16224264/ Frame 2DB4
Redirect Chain

https://get.cryptobrowser.site/pb/6/16224264/?t=simple,text,pro,mobile
https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

61 KB
7 KB

32ms
32ms

Document
text/html

2606:4700:20::681a:611
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:611 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b74d1e48b133bfd3195904f342314425a1d6c18824ca80ecbea3205509898f52

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: get.cryptobrowser.site
:scheme: https
:path: /pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=da7ca112d28be77cff4ca3d59d25abcb01613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.cryptobrowser.site; HttpOnly; SameSite=Lax
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cache-control: max-age=3600
cf-cache-status: HIT
age: 4441
cf-request-id: 0850da3f6e0000c857b2395000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Yu0qn5%2F0LHPcBPr%2BQqS3TDT5vpK6iOpxlVBHQj7lewAmDwuY3mg%2F8tu0AljODpSYbk6NrDXDxqXYQhROhetROFhugdktZMSq3n91fuWunH5nUh7uJj8Qrp31%2Bc6DCOaMzxAH"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdf18dac857-AMS
content-encoding: br

Redirect headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=da7ca112d28be77cff4ca3d59d25abcb01613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.cryptobrowser.site; HttpOnly; SameSite=Lax
cache-control: max-age=3600, s-maxage=0
content-language: en
location: ?t=simple%2Ctext%2Cpro%2Cmobile&l=en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cf-cache-status: EXPIRED
cf-request-id: 0850da3e670000c857aaa55000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J66KCJ%2BfFztUjI5mj8Uj6iFlWZppSU0JtGASWo87K19f47LEQ0Yfe4GuCM05xy9a3ICXj4s33mA44gXcZQ500xYtNlxx5qvJ6%2B5ITi0VCNMqJ1CEsNcX%2FhyZEqvVUjsQDWrM"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd7c87c857-AMS

GET
H2 200 bovl.png
show.adorion.net/img/ Frame 4A9E 992 B
1 KB 37ms
37ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://show.adorion.net/img/bovl.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: bec59c57ee20dfc84e3507a0abd51ef5c8ea11468e6154b98b110edff6ea8a05

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Mon, 09 Mar 2020 20:14:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e66a3a0-3e0"
content-length: 992
content-type: image/png

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 4A9E 215 B
372 B 40ms
39ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

ea11e769a707830351a55166fae9584c5e3732a39d376834a18413b811b2e0ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 4A9E 215 B
372 B 41ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

3fb3709520c5ef3fef8e833f7a9a8d3e1772c4442fbb8840ec3931e5783d0862

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 4A9E 220 B
377 B 40ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

c397ffd419492e8f7a0aae28f2350b26219a69eafd1c532760b2017f4a9ec1c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2

200

/ Show response
get.cryptobrowser.site/pb/5/16224264/ Frame 787A
Redirect Chain

https://get.cryptobrowser.site/pb/5/16224264/?t=simple,text,pro,mobile
https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

57 KB
7 KB

27ms
26ms

Document
text/html

2606:4700:20::681a:611
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:611 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f050c721f482414200dac6d63615abafdaf0a0b81a8878714a4a993bfee834f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: get.cryptobrowser.site
:scheme: https
:path: /pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d974afc12845ea8c50bb61a5bc2bfae1e1613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.cryptobrowser.site; HttpOnly; SameSite=Lax
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cache-control: max-age=3600
cf-cache-status: HIT
age: 4441
cf-request-id: 0850da3e940000c857a7996000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qlYZOGytWlqYoI74VV%2Fizyvx9SoI4rP8VUSSvy1GiLgzBwUxA%2FUu7ad3w7JN%2BqBANn3L2COVvPrgDfT3l5j7DPnTOeXmUxR2z23tzIcvZbtatQRVooSX7EnDHFNxw1yHEPvD"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fddbd1bc857-AMS
content-encoding: br

Redirect headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d974afc12845ea8c50bb61a5bc2bfae1e1613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.cryptobrowser.site; HttpOnly; SameSite=Lax
cache-control: max-age=3600, s-maxage=0
content-language: en
location: ?t=simple%2Ctext%2Cpro%2Cmobile&l=en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cf-cache-status: EXPIRED
cf-request-id: 0850da3e670000c857b4a42000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Xu5msu008nyqu70fCMSgbLbKNQwQx0TegR1tatBwuUdG0KzpEbVyOqad0XsZj%2B2GCCV%2BoJPw7ITyEgvNYNRtADBkUv9dPakA4y%2Bt%2FzQmymIFuqXC5XsPZjdNSmaMMQZ%2BQ5pa"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd7c8ac857-AMS

GET
H2 200 / Show response
g.cash-ads.com/ Frame 06AD 1 KB
1 KB 65ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

f3f0407bcfe13a371b9800fe817a6d1532b300db26e54a33a8606695b89b82d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm24xZKCIBw9wyrxHa%2FXfFI7A%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm24xZKCIBw9wyrxHa%2FXfFI7A%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame CA6A 1 KB
1 KB 61ms
42ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

12ccd7a3b676d023fd0c925e0c291a3602f270097ab1d6a10f894b4e186b98b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm28Qa5rklATAyH7uFJOBdZM8%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm28Qa5rklATAyH7uFJOBdZM8%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 show.php Show response
adz2you.net/serve/ Frame F2B7 10 B
831 B 339ms
290ms Document
text/html 2606:4700:3032::6815:1d5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adz2you.net/serve/show.php?a=6780&b=300x250
Requested by: Host: smartocpm.com
URL: https://smartocpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1d5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

:method: GET
:authority: adz2you.net
:scheme: https
:path: /serve/show.php?a=6780&b=300x250
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://smartocpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://smartocpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d67ad6b4f6e430bc07517b7cf80f337a41613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adz2you.net; HttpOnly; SameSite=Lax __cf_bm=823ca15edd4625663f27581ac85c767f1117f7b1-1613553018-1800-Aejz84LmQFnOJFSiSUfAbId4XP84vKvOmUydaigP+cGbOLlYsZuLuK6ePpuzLUwffNipvC/OYXlEbBtnGdpGE1c=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.adz2you.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3e8000004e673aa66000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0f9WIExMgoeR7K%2Furuwq29XcBP7405s3hpspx2HsKDGS0BS55Ir%2FUzwhalBkURcCpo%2Ftokbc49luoHP1s69L40PQVeXouoccbvjN5xPZd9%2FvxwHLeXT3fA%3D%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd9b334e67-FRA
content-encoding: br

GET
H2 200 show.php Show response
adz2you.net/serve/ Frame ECC4 10 B
485 B 340ms
291ms Document
text/html 2606:4700:3032::6815:1d5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adz2you.net/serve/show.php?a=6780&b=468x60
Requested by: Host: smartocpm.com
URL: https://smartocpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1d5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

:method: GET
:authority: adz2you.net
:scheme: https
:path: /serve/show.php?a=6780&b=468x60
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://smartocpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://smartocpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d67ad6b4f6e430bc07517b7cf80f337a41613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adz2you.net; HttpOnly; SameSite=Lax __cf_bm=665fd081de33bdef96bd181743ef069daf26a46a-1613553018-1800-Af3V0HUQfm0T7M7/cGB/fmGXMWFs8jM9jlJent7bzMo/Yy08i7hMch20JOyFc2VssMwY3ZSvl+s8dW0FFJOfyZM=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.adz2you.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3e8000004e67d3a03000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2jcchewf84Uoc4SgWqOvobsMg%2F7dEDUevPR2QSiRnqP%2BkCPgyKuUG3rIekD7RqfxaKTd2bBTMtldwks9spD2C2VaLx9L1m%2F8f4St9ZYsuPhVDGl8IYztkA%3D%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd9b344e67-FRA
content-encoding: br

GET
H2 200 show.php Show response
adz2you.net/serve/ Frame DB8F 10 B
492 B 328ms
296ms Document
text/html 2606:4700:3032::6815:1d5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adz2you.net/serve/show.php?a=6780&b=125x125
Requested by: Host: smartocpm.com
URL: https://smartocpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1d5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

:method: GET
:authority: adz2you.net
:scheme: https
:path: /serve/show.php?a=6780&b=125x125
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://smartocpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://smartocpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d67ad6b4f6e430bc07517b7cf80f337a41613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adz2you.net; HttpOnly; SameSite=Lax __cf_bm=9b387bb1f9b8b29a31e1ba3409344ba123e34c58-1613553018-1800-AV2x7v+9ydjisvwTzHVY1pHUOpQvfloCyrliera7ZWXu/KNUlWoZlMC2fIZPcwkfkDO7hlwgbXEYV/F79S068lQ=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.adz2you.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3e8000004e67c3988000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qBjxUB1BzI2ZuElKdfj4d%2Br63M4mgv39F2z%2F2QaaBHFnIpXb%2FBjO4qOWzMuB2YbjgbxGYOgNCCsiBIqaVLKF9bHdBHQh%2BR9rndrLMt7%2BcQUcwYe9ZdGaqA%3D%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fdd9b354e67-FRA
content-encoding: br

GET
H2 200 / Show response
g.cash-ads.com/ Frame D496 496 B
636 B 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

aa93e05a627d4fdcaa82997c54308a6112766abf7f4174cf8fddc2c2dd8df82f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 19D1 1 KB
1 KB 42ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

dbaa9ee488990e8cb8b59f352bc64a0715d465af732e62da6ff66fffc28242d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm21VsULFAueByfgeb1JmlMb8%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm21VsULFAueByfgeb1JmlMb8%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 9EAE 500 B
640 B 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

de9f35436632fb8085c1a5df1a8aeb6e63e85cc49746fe64b889aea89b8d19ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 1F22 500 B
640 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

be4c9a80af23f94bf10d5d4859f180cd1ec5ce69214228d4e6a30e286c3c8408

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A3A9 496 B
636 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

aa93e05a627d4fdcaa82997c54308a6112766abf7f4174cf8fddc2c2dd8df82f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame B7FC 500 B
640 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

de9f35436632fb8085c1a5df1a8aeb6e63e85cc49746fe64b889aea89b8d19ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 678D 500 B
640 B 40ms
39ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

be4c9a80af23f94bf10d5d4859f180cd1ec5ce69214228d4e6a30e286c3c8408

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 27 KB
986 B 48ms
33ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Exo%202:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&subset=cyrillic,latin,latin-ext

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cd3f974071f69cc759e658b509edca2aa4c4cb4e7d216e3383c34a8b7930935d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 21 KB
1 KB 46ms
31ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4956068b2f2c2f14c6dd7fb409b7e5a22ab4a41b45c9ad683bc0f77c5853ffba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 7 KB
1 KB 44ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%20Condensed:300,300i,700&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aad239117bb404ee640c2785941f72eacb52ddf7a1f7e0740e328659f8b31bb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:06:30 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 5 KB
642 B 46ms
32ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT%20Sans:400,400i,700,700i&subset=cyrillic,cyrillic-ext,latin,latin-ext

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c88798d5a2b63a8475e89f92fcdba460e120f350ca58257c17a1842decf4fd64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:48:53 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 3 KB
536 B 46ms
32ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT%20Sans%20Caption:400,700&subset=cyrillic,cyrillic-ext,latin,latin-ext

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1377106ff17791bb5978bc14af3217c16fb3bb4b4adf75441ad88ba461152b26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 3 KB
557 B 44ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT%20Sans%20Narrow:400,700&subset=cyrillic,cyrillic-ext,latin,latin-ext

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

364a08df75c184fedc4c285d9d5bbe4a9d4e1eb2511155f166f5ba92fce077cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 24 KB
1 KB 47ms
33ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

80d2a1a268a723880928f2f2c2fda12e963381fb97608c0320bc8234b1d2b701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 13 KB
915 B 44ms
31ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%20Condensed:300,300i,400,400i,700,700i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dd50b6a14b386d15dc4c9a46d9eb634b5d282d551d4d032c167ad4965f2f1a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame E999 8 KB
684 B 54ms
41ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%20Slab:100,300,400,700&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese

Requested by

Host: www.medcpm.com
URL: http://www.medcpm.com/css/common.css?ts=1608379455

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

189acf6893645dc3f697decb870090968420ee847e0e65dda96184ea86aed538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.medcpm.com/css/common.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H2 200 / Show response
g.cash-ads.com/ Frame E34F 496 B
636 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

aa93e05a627d4fdcaa82997c54308a6112766abf7f4174cf8fddc2c2dd8df82f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A3CD 500 B
640 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

de9f35436632fb8085c1a5df1a8aeb6e63e85cc49746fe64b889aea89b8d19ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 903E 500 B
640 B 46ms
43ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

be4c9a80af23f94bf10d5d4859f180cd1ec5ce69214228d4e6a30e286c3c8408

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
cdn.riverhit.com/sdk/slider/ Frame 37C4 62 KB
63 KB 104ms
36ms Script
application/javascript 78.140.182.155
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.riverhit.com/sdk/slider/?zid=1318
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.140.182.155 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 8865e07c9971320854d95fb864c9833d2a3bd99dfc56b4f14d34d4330c396512

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 09:10:18 GMT
etag: eba1903c6bfca88912f87cfe4756fc04
server: nginx/1.16.1
x-time: 1613553018
content-length: 63836
content-type: application/javascript

GET
H2 200 banner.php Show response
g.cash-ads.com/ Frame 37C4 211 B
368 B 40ms
39ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner.php?uid=4071&size=1

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c0aad33f544eabf4f4d82b4c8c6b029ee6d33cd0b755f0980d523fa216e353f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 37C4 221 B
378 B 40ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=fcUxxfaC4tUKD%2F0BY9mTluUw%2B8ORBwU%2FPN0nAZqA9Tc%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

1971756131a5347ef9ce28136e8d4b713d555c673f11938faf7305fac54bfeb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 37C4 220 B
377 B 40ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=jXSKFXQsYIz5cxU8OmNmUb0sZ%2BjRT8WvYKMObwx8F%2FE%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

9d27242f57a00dbc319638ba65d2ae04f4702a352cf15a1ee51faa8dc73e933e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 scri.js Show response
js1.eurosptp.com/ Frame 37C4 56 KB
4 KB 122ms
40ms Script
application/javascript 213.186.33.107
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://js1.eurosptp.com/scri.js?230
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.107 , France, ASN16276 (OVH, FR),
Reverse DNS: full-cdn-01.cluster010.hosting.ovh.net
Software: /
Resource Hash: a87897ac75e1cf4fc0098ca89e2af9708c36106e1e3287890a41fc3e364abefc

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:58:35 GMT
content-encoding: br
last-modified: Sat, 13 Feb 2021 18:57:20 GMT
x-cdn-pop-ip: 137.74.120.32/27
x-cacheable: Matched cache
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 3911
x-request-id: 381223191
expires: Wed, 17 Feb 2021 09:13:35 GMT

GET
H2 200 stylepromotion.css
static.eurosptp.com/css/ Frame 37C4 4 KB
1 KB 122ms
40ms Stylesheet
text/css 213.186.33.107
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.eurosptp.com/css/stylepromotion.css
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.107 , France, ASN16276 (OVH, FR),
Reverse DNS: full-cdn-01.cluster010.hosting.ovh.net
Software: /
Resource Hash: c037d6a64c6d7f82147d3ea8fbac1fa04f5c555987456ff73bb1cf7734676f10

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:56:31 GMT
content-encoding: br
last-modified: Tue, 03 Dec 2019 10:14:56 GMT
x-cdn-pop-ip: 137.74.120.32/27
x-cacheable: Matched cache
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=900
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 1241
x-request-id: 156470348
expires: Wed, 17 Feb 2021 09:11:31 GMT

GET
H2 200 blue.html Show response
www.votreimc.com/ Frame 909E 5 KB
2 KB 34ms
12ms Document
text/html 2606:4700:e2::ac40:8c0a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.votreimc.com/blue.html
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bcf0a6da796d57e37ba4e6ba08bda6bb29922a8bd0baca242bb7283b774f935

Request headers

:method: GET
:authority: www.votreimc.com
:scheme: https
:path: /blue.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html
set-cookie: __cfduid=dcbc098cf6e6416ec19a0ba23f34024521613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.votreimc.com; HttpOnly; SameSite=Lax
vary: Accept-Encoding
pragma: no-cache
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 220
cf-request-id: 0850da3eac00004e494534f000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=T52EJ4IcLIws5k%2BYwdvxEdDzngdGHGHivgDrAoLa5fHTCsHMN5kKdm2rH6B5NgJ30q5koxwpb0mWxjLL%2BncqvdhB4IALynC04j4%2B0072W%2BOMOeAJQWoJWhTXzbRc"}],"group":"cf-nel"}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e5fdddebd4e49-FRA
content-encoding: br

GET
H2 200 cinema.php Show response
www.interclics.com/ Frame 3B9B 1 KB
718 B 51ms
50ms Document
text/html 213.186.33.19
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.interclics.com/cinema.php
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.19 , France, ASN16276 (OVH, FR),
Reverse DNS: cluster010.hosting.ovh.net
Software: Apache / PHP/7.3
Resource Hash: 0fbc4ffaee6ca8ef604534e8acddf617c738802d6e726eb26b37a5bb33a93c5a

Request headers

:method: GET
:authority: www.interclics.com
:scheme: https
:path: /cinema.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=iso-8859-1
server: Apache
x-powered-by: PHP/7.3
vary: Accept-Encoding
content-encoding: gzip
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame D496 5 KB
5 KB 41ms
40ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 9EAE 5 KB
5 KB 43ms
43ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 19D1 1 KB
1 KB 43ms
43ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 19D1 84 KB
84 KB 50ms
50ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 429F 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 06AD 1 KB
1 KB 52ms
51ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 06AD 84 KB
84 KB 52ms
51ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 320B 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame CA6A 1 KB
1 KB 66ms
64ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame CA6A 84 KB
84 KB 66ms
65ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 2FDE 0
0

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 1F22 5 KB
5 KB 75ms
74ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 b3.gif
g.cash-ads.com/img/ Frame 06AD 6 KB
6 KB 73ms
72ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/b3.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 051fba127f6a21e116bbda80f25abdd56d33b5935957fae87efff06db99a59fb

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:41:35 GMT
server: nginx
etag: "5f5bfd1f-17a6"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 6054
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 06AD 1 KB
1 KB 72ms
72ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm22AUobCQuyLjGqvfqnj7WCo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 b4.gif
g.cash-ads.com/img/ Frame CA6A 7 KB
7 KB 73ms
72ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/b4.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 3ea55da0506080dd1b37018ea8cae2d31ae9cb8acc942b1dbda897ab2504dc96

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:42:27 GMT
server: nginx
etag: "5f5bfd53-1b98"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 7064
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame CA6A 1 KB
1 KB 72ms
72ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm25V1JekZQMTTsNtPFL1kZQY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 b2.gif
g.cash-ads.com/img/ Frame 19D1 7 KB
7 KB 73ms
72ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/b2.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 36ba7545f1bd869f5d3abcc2e0c4e1072a33be1da4934214011a8c4399438e0f

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:38:47 GMT
server: nginx
etag: "5f5bfc77-1cf3"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 7411
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 19D1 1 KB
1 KB 73ms
73ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=22N5GE%2BmBqVZA2TP4VHm241YcrmBtKjxC7fdjMya5TM%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2

200

show.php Show response
adsluna.com/serve/ Frame 8491
Redirect Chain

http://adsluna.com/serve/show.php?a=1589&b=160x600
https://adsluna.com/serve/show.php?a=1589&b=160x600

10 B
840 B

585ms
569ms

Document
text/html

2606:4700:3030::ac43:89a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adsluna.com/serve/show.php?a=1589&b=160x600
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:89a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

:method: GET
:authority: adsluna.com
:scheme: https
:path: /serve/show.php?a=1589&b=160x600
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.medcpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.medcpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc5f5da3b9219f8d8369c58def31677e21613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adsluna.com; HttpOnly; SameSite=Lax; Secure __cf_bm=29dfbc5210fdd6b67398812c160b85d2f2ed0143-1613553019-1800-AVrBo761IUBHftTPDan4hJPTckgZEcYn5Mna15CrTKJotN1We84Newzrul8L8iNkrLbMSIyy9K82lFysrHADKCI=; path=/; expires=Wed, 17-Feb-21 09:40:19 GMT; domain=.adsluna.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3f1000002c017c3e5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FFMxnUx3cSmwbzleUjW6X%2FEquKrEle10MDulQpTxpSFN0fAyo1PrNw%2BTXPArb%2BxrvqSDjK5WS%2BLw%2BvdEMrhQqumucLjWHRJ8q%2FFfTahxGIQ3QbL6ZqDX3Q%3D%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e5fde8aea2c01-FRA
content-encoding: br

Redirect headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 17 Feb 2021 10:10:18 GMT
Location: https://adsluna.com/serve/show.php?a=1589&b=160x600
cf-request-id: 0850da3ef100004a917f345000000001
Set-Cookie: __cf_bm=50aae330810f28a8da9f72d912bb804e0e498c0e-1613553018-1800-AYcNa+fobo+7+GX34LqBqsas+CN84q52lb+eYfNgVp8I5H9HqjMA+OLWEEJ8BBAFj7jOGxWbp6uRRkLhdyFtCgI=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.adsluna.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=13A8Ku8xgHZ9H0ZhB5cq98jJ4B1lyX2gJ5npHc1X1dVSqMZxa4p8NWEnoUiJlrWF4%2FV1awVoVxilcXxqoAyXPAnvkPewmdH1lQvgABzw6FmjyuqjwELXWg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 622e5fde4d434a91-FRA

GET
H/1.1 200
OK a239d434bdac8d066fa273ccf550eb6e.png
www.medcpm.com/gallery_gen/ Frame E999 1 KB
2 KB 16ms
15ms Image
image/png 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.medcpm.com/gallery_gen/a239d434bdac8d066fa273ccf550eb6e.png
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/css/1.css?ts=1608379455
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: dee1764ce79278c7e81c843637f62bb572df465731bc5f1889e72a374abbd716

Request headers

Referer: http://www.medcpm.com/css/1.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Last-Modified: Mon, 01 Jun 2020 11:40:06 GMT
Server: LiteSpeed
Etag: "5b9-5ed4e916-d0d7d5b90bc14e41;;;"
Content-Type: image/png
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1465
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame E999 9 KB
9 KB 36ms
22ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://www.medcpm.com
Referer: https://fonts.googleapis.com/css?family=Open%20Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin,latin-ext,vietnamese
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 146717
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:01 GMT

GET
H2

200

show.php Show response
adsluna.com/serve/ Frame 3290
Redirect Chain

http://adsluna.com/serve/show.php?a=1589&b=728x90
https://adsluna.com/serve/show.php?a=1589&b=728x90

10 B
488 B

577ms
575ms

Document
text/html

2606:4700:3030::ac43:89a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adsluna.com/serve/show.php?a=1589&b=728x90
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:89a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

:method: GET
:authority: adsluna.com
:scheme: https
:path: /serve/show.php?a=1589&b=728x90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.medcpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.medcpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc5f5da3b9219f8d8369c58def31677e21613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adsluna.com; HttpOnly; SameSite=Lax; Secure __cf_bm=3de140b6cc26e69aee564e10d79925da4b3e0b4c-1613553019-1800-Ab1Dm7RZ+eTWXgf2SViWJdKFgF558MVcBpg6MGqYTMh+YjYS1fJS01SvcT1oKaUPMuH2zeHsuPfWjbVfaHRJsfA=; path=/; expires=Wed, 17-Feb-21 09:40:19 GMT; domain=.adsluna.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3f1000002c013f04a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=u5HCLRp1NHU8E1sNwhOu2PctsotE%2BLGE8ClsEHGbYoscEX7l5H3bvjMSE%2FB8E0K5flUcJlUQKCy155%2BeBueXrRNSI%2BE9SCDZnNTwbZWTbVDUT6EUlVpdJg%3D%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e5fde8aeb2c01-FRA
content-encoding: br

Redirect headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 17 Feb 2021 10:10:18 GMT
Location: https://adsluna.com/serve/show.php?a=1589&b=728x90
cf-request-id: 0850da3f0000004a91a60b4000000001
Set-Cookie: __cf_bm=ec53208b6122c837d868d2686d55875d13be3be8-1613553018-1800-AZlIuRpMnNOpRXAnUbzXWnUzhyMAzeZCSS64AlQ1RmS21YbofqoCCtsT40AbM6rdc9wpFkgdmXleWOi8mptCaL8=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.adsluna.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=y2KWMwLSThEAECUvCgJz6OhU40o9d9W3QQt1IKGbdE3sEzMBtw6bryFiq1xY%2FUKcZqnGKJp5uXAJxnlrLC2vrhjLkb5hGdcqKoolmjiyMnfsGg5veZ7bfg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 622e5fde6d724a91-FRA

GET
H2

200

show.php Show response
adsluna.com/serve/ Frame 2FB6
Redirect Chain

http://adsluna.com/serve/show.php?a=1589&b=300x250
https://adsluna.com/serve/show.php?a=1589&b=300x250

10 B
492 B

567ms
567ms

Document
text/html

2606:4700:3030::ac43:89a0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adsluna.com/serve/show.php?a=1589&b=300x250
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:89a0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

:method: GET
:authority: adsluna.com
:scheme: https
:path: /serve/show.php?a=1589&b=300x250
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.medcpm.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://www.medcpm.com/

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dc5f5da3b9219f8d8369c58def31677e21613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adsluna.com; HttpOnly; SameSite=Lax; Secure __cf_bm=4564c86021819b1adb856d270b95519a91f71b10-1613553019-1800-ATHWXsenNdhM5ButXr0vxi7rQQn3A86Rq3rmQuMEavjTinuDJBQxDnGyHSVGCiz39QQ+AjzAeZR1dIYKcbeB9a4=; path=/; expires=Wed, 17-Feb-21 09:40:19 GMT; domain=.adsluna.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da3f1500002c013b9ad000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ic08qZpM819qQlQUAY%2FZ%2FCGL%2FOL7N%2BH7Y5pyYe8rxkxE7qx8BXvxESGE%2F7aoW4EOkCmQSG8gT1UeeDzKMO4QH03gyiJjiK10eElsPaC3D8GFf62MTxPEKw%3D%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e5fde8af92c01-FRA
content-encoding: br

Redirect headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 17 Feb 2021 10:10:18 GMT
Location: https://adsluna.com/serve/show.php?a=1589&b=300x250
cf-request-id: 0850da3f0500001f39bb352000000001
Set-Cookie: __cf_bm=ab0e3581a1cff61f5d64b77b7b92b250924b4430-1613553018-1800-AZFUqxNmSUj/zyNOx4STBkYZB0LpzfoBILJgSfT2VNsG1CENmTp6b+7sPuuekmR41DtHmEVq/Ar6tVQap0Ub+NQ=; path=/; expires=Wed, 17-Feb-21 09:40:18 GMT; domain=.adsluna.com; HttpOnly; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aAyyOyZjaILBAU%2Fns072QDsRHjHVopd1B9j%2BmqmMICWgEbnZJU8X0qFKs1GmqhpcQq3po3zKx35QkOVtQNfQsj70sa7PvYuhBwFovTk9COMPd4bKy7hWfA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 622e5fde6b781f39-FRA

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame A3A9 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame B7FC 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 678D 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H/1.1 200
OK 93ccffb97b0100589693b4c4c2a7a41a.png
www.medcpm.com/gallery_gen/ Frame E999 929 B
1 KB 17ms
16ms Image
image/png 2a02:4780:8:412:0:3896:761:1
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.medcpm.com/gallery_gen/93ccffb97b0100589693b4c4c2a7a41a.png
Requested by: Host: www.medcpm.com
URL: http://www.medcpm.com/css/1.css?ts=1608379455
Protocol: HTTP/1.1
Server: 2a02:4780:8:412:0:3896:761:1 , Cyprus, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 483d06e21da196fc6b323559684ce48a5870a9ccfc758b8d75d95976127ef856

Request headers

Referer: http://www.medcpm.com/css/1.css?ts=1608379455
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Last-Modified: Mon, 01 Jun 2020 11:40:06 GMT
Server: LiteSpeed
Etag: "3a1-5ed4e916-66e671d7a2037dcc;;;"
Content-Type: image/png
Cache-Control: public, max-age=691200
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 929
Expires: Thu, 25 Feb 2021 09:10:18 GMT

GET
H2 200 / Show response
g.cash-ads.com/ Frame 21E4 496 B
636 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrqUq%2FUB%2BEs0FXV8ejK0n0s%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

ac42e4fb9974854a57ac64f853d9a8631fb988df9c00e33ce6b912d89d84906c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=eXEy8NJS%2BShQmJDiygzwzrqUq%2FUB%2BEs0FXV8ejK0n0s%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 63E9 496 B
636 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznbEb1G%2FZ2rXvcV8PkC0C5Q%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

d61f8dbf81662835a94a10a45876b70bea9c2078af2d5ff819f4f0f14a235ee4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=eXEy8NJS%2BShQmJDiygzwznbEb1G%2FZ2rXvcV8PkC0C5Q%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A1A1 496 B
636 B 40ms
39ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzgh%2BQchYcyo%2BJBHI24qkmcM%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

0bf89f16d39a25256dd1b01a9e8052ebac7e05539fb679605f49209653fbeb77

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=eXEy8NJS%2BShQmJDiygzwzgh%2BQchYcyo%2BJBHI24qkmcM%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 9579903942494ba1b81eb1f8506cf5b9.png
cdn.cryptobrowser.store/media/pb/673/ Frame 787A 8 KB
9 KB 88ms
63ms Image
image/png 2606:4700:3030::6815:45ed
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cryptobrowser.store/media/pb/673/9579903942494ba1b81eb1f8506cf5b9.png

Requested by

Host: get.cryptobrowser.site
URL: https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:45ed , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c11dffd254a0df8bb2f875de7d6feb00df17a84be4301bce67e611007a8b56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"max_age":604800,"report_to":"cf-nel"}
content-length: 8066
cf-request-id: 0850da3f320000dfef8339f000000001
last-modified: Fri, 24 Jul 2020 10:25:08 GMT
server: cloudflare
etag: "5f1ab704-1f82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CKQqDZpCwuhXPj5g10gAUF7fhWL5SpUFBynOirxr4Kbz12O8cN1q9ovzmoguo03ogBWUpJEt8ivl4AMTX%2Fl0xPQ9r7573xgVQtkk721GaPFDHTReYjj9oUV3USbQ0j0LlSNLyA%3D%3D"}],"max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e5fdebc28dfef-FRA

POST
H2 200 / Show response
tr.cryptobrowser.site/api/v2/an/bn/ Frame 787A 0
176 B 358ms
37ms XHR
text/plain 212.8.252.212
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.cryptobrowser.site/api/v2/an/bn/

Requested by

Host: get.cryptobrowser.site
URL: https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

212.8.252.212 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: https://get.cryptobrowser.site
date: Wed, 17 Feb 2021 09:10:19 GMT
access-control-allow-credentials: true
server: nginx
vary: Origin, Accept-Encoding
content-length: 0
strict-transport-security: max-age=15768000

GET
H2 200 / Show response
g.cash-ads.com/ Frame D496 1 KB
1 KB 48ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

f03cecc32fbdad10d53235b26e37f1b86467a38b64b3ef1d5b1395acdef68eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 9EAE 1 KB
1 KB 45ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

77436856c3b00623e740b3f75a8efe5ffeef49105349f4df4944bb5fc16367bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame E34F 5 KB
5 KB 46ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame A3CD 5 KB
5 KB 46ms
38ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

OPTIONS
H2 204 /
tr.cryptobrowser.site/api/v2/an/bn/ Frame 0
0 112ms
35ms Other 212.8.252.212
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.cryptobrowser.site/api/v2/an/bn/

Protocol

Server

212.8.252.212 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://get.cryptobrowser.site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Type,Accept,X-CB-Data
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
strict-transport-security: max-age=15768000

GET
H2 200 reklamstore.js Show response
adserver.reklamstore.com/ Frame 909E 98 KB
30 KB 50ms
14ms Script
application/javascript 2600:9000:2127:1000:1c:4bbb:9180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver.reklamstore.com/reklamstore.js
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:1000:1c:4bbb:9180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24cd469812004e3ff995fa887b040ae0fdd6c07ecd5a1bad176515d8b37694ed

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 05:08:44 GMT
content-encoding: gzip
last-modified: Thu, 22 Oct 2020 13:59:17 GMT
server: AmazonS3
age: 52496
etag: "a161b7159234f83f289cea8299395d87"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f18b0bd4a5b62e5fb49428cc4789689f.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
content-length: 30217
x-amz-cf-id: G8eQ8l_R7Lj2qTPLFXEy3qpZNv0aysZRaLgS4TP5Er7mtlfLP1rXrQ==

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 502ms
396ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=Bvi7KQl1fOrzUhjGKwK6&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__Bvi7KQl1fOrzUhjGKwK6&ref=votreimc.com&_=1613553018650&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: bde26435820032ea6e8c56d74881b70589f349f896645a02143f545d6a8d27fa

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1601ms
1495ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=EQX3RafQqMkYz0Sgt6vi&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__EQX3RafQqMkYz0Sgt6vi&ref=votreimc.com&_=1613553018650&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 14b9875a733070f89bbb150f61b000de1fa84fe750de5b080fd06095a2e494bc

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 480ms
374ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=hSX8ZBFpx83zsNqc1yoZ&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__hSX8ZBFpx83zsNqc1yoZ&ref=votreimc.com&_=1613553018650&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 9ec63a147caff55e43a14dde2ca289febf61339a05d84a55260699ed08c1e993

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 751ms
639ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=WOJLcXMG1pQzbyriblxO&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__WOJLcXMG1pQzbyriblxO&ref=votreimc.com&_=1613553018651&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 9c6d122a97812703dff15e4cd7b3e135b774514e5a0daa84c3ca355143a878d4

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 484ms
368ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=BupXT0LpvWbakrePgBIK&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__BupXT0LpvWbakrePgBIK&ref=votreimc.com&_=1613553018651&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: a2ef641687021536b9f3a31999c4013b1c2d35d3126f0be50cf193fb0f4871ff

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1148ms
1029ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=TFAbG2TObSCJJDSxQ7P8&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__TFAbG2TObSCJJDSxQ7P8&ref=votreimc.com&_=1613553018651&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: a1eb63d11507c7e64bbd6bf06ec122e42f54317180b64b2ef9a4d67fba92b67b

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 7 KB
3 KB 1154ms
1154ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=qeL23LtwKxHzQ0mxBCmY&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__qeL23LtwKxHzQ0mxBCmY&ref=votreimc.com&_=1613553018651&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 50f550e353df572de142c5065e7bc43a7abb30e97799f4e02a9a7f15de2f7061

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 957ms
956ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=aghkUOQumOZUMPWFDytH&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__aghkUOQumOZUMPWFDytH&ref=votreimc.com&_=1613553018651&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 61b534f590ec462d3a6cd6dfe7afd2c66956afa7acda5d2eb795cb77665af68c

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 379ms
379ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=JjPnuQW2OOhZH0pFZjzI&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__JjPnuQW2OOhZH0pFZjzI&ref=votreimc.com&_=1613553018651&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 0db3410347fc29099df86ce7c03feabc4a5f9259bcc645817d9db3f321bd2f73

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 903E 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H/1.1 200
OK 1817041 Show response
nicksstevmark.com/get/ Frame 3B9B 7 KB
5 KB 124ms
30ms Script
text/javascript 109.206.162.83
SERVEREL-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://nicksstevmark.com/get/1817041?zoneid=1817041&jp=_clmgiw3bjfsx7jlnvo1zr7&nojs=0&ix=0&t=1&x=801&y=801&wcks=1&wgl=1&cnvs=1

Requested by

Host: www.interclics.com
URL: https://www.interclics.com/cinema.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),

Reverse DNS

83.162.serverel.net

Software

nginx /

Resource Hash

9672422a5098974fdd392742c55ee49ffeab13d9fb888dc15f4f7284cf98b892

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.interclics.com/cinema.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000

GET
H/1.1 200
OK redirect Show response
xml.admidainsight.com/ Frame 299D 0
165 B 331ms
108ms Document
text/plain 173.239.53.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.admidainsight.com/redirect?feed=261405&auth=bFYsP5&subid=yop1&url=www.sex.com&query=sex.com
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.239.53.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.admidainsight.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H/1.1 200
OK redirect Show response
xml.admidainsight.com/ Frame 3F4B 0
165 B 334ms
109ms Document
text/plain 173.239.53.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.admidainsight.com/redirect?feed=261405&auth=bFYsP5&subid=yop1&url=www.sex.com&query=sex.com
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.239.53.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.admidainsight.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H/1.1 200
OK redirect Show response
xml.admidainsight.com/ Frame BBF6 0
165 B 334ms
109ms Document
text/plain 173.239.53.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.admidainsight.com/redirect?feed=261405&auth=bFYsP5&subid=yop1&url=www.sex.com&query=sex.com
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.239.53.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.admidainsight.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H/1.1 200
OK redirect Show response
xml.admidainsight.com/ Frame 7626 0
165 B 336ms
110ms Document
text/plain 173.239.53.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.admidainsight.com/redirect?feed=261405&auth=bFYsP5&subid=yop1&url=www.sex.com&query=sex.com
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.239.53.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.admidainsight.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H/1.1 200
OK redirect Show response
xml.adcannyxml.com/ Frame E4BD 0
165 B 364ms
133ms Document
text/plain 174.137.133.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.adcannyxml.com/redirect?feed=275905&auth=yuqTUS&subid=sex&query=move.com&url=move.com
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.adcannyxml.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H/1.1 200
OK redirect Show response
xml.adcannybid.com/ Frame 6158 0
165 B 588ms
116ms Document
text/plain 174.137.133.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.adcannybid.com/redirect?feed=254623&auth=Cfn18v&subid=money&query=money.fr&url=money.fr
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.adcannybid.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H/1.1 200
OK redirect Show response
xml.adcannyxml.com/ Frame 6C49 0
165 B 340ms
111ms Document
text/plain 174.137.133.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.adcannyxml.com/redirect?feed=254622&auth=wa9VGb&subid=sex&query=p0rno.org&url=p0rno.org
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.adcannyxml.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H/1.1 200
OK redirect Show response
xml.adcannyxml.com/ Frame A09C 0
165 B 373ms
145ms Document
text/plain 174.137.133.18
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://xml.adcannyxml.com/redirect?feed=254622&auth=wa9VGb&subid=sex&query=p0rno.org&url=p0rno.org
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.18 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: xml.adcannyxml.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:19 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache
Age: 0

GET
H2

200

aHR0cDovL3RyYWZmaXgyLmNvbQ==
popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/ Frame C301
Redirect Chain

https://xml.expialidosius.com/redirect?feed=228413&auth=sceEcB&subid=exp&query=&url=facebook.fr
https://mob.kaipirinhaloka.xyz/redirect?feed=165208&auth=ebuQy0&url=facebook.fr&subid=228413_exp&query=
https://new.labtrffc.com/l.php?p=c:yfde_8vmlfewx2r36&d=5fe363bc2c58b35d901a85a2&s=165208&d2=facebook.fr
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

0
0

28ms
27ms

Document
text/html

2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

Requested by

Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

:method: GET
:authority: popmyads.com
:scheme: https
:path: /serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d87fa961b4f359e540e852648556e8ea81613553022; expires=Fri, 19-Mar-21 09:10:22 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax __cf_bm=fb89f6d60e91e649c289444075a2d7ed6ee318b3-1613553022-1800-AZ5eR6fXPzAvdSvlRnweMyYZ5G+wAE3+X0zoN5TOK0tUWC/p4ezbGDpmG4xOs3umvz4P02c/Xdak+1/59nAiDmY=; path=/; expires=Wed, 17-Feb-21 09:40:22 GMT; domain=.popmyads.com; HttpOnly; Secure; SameSite=None
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
cf-request-id: 0850da4e6f0000061c8522b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zO1bRfkyF7DML3DRqkyTfOhA%2BZxnxVHT1vam4sWLZP2A74vaIipqOhg6Zq7Q3zL2WXgWQRqDdNhcu5bpmb6gE%2BBozgKwyAWquDIc8e4z5ZdZGCL3OdAf%2Fo8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5ff71d1c061c-FRA
content-encoding: br

Redirect headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 10ut8s57tx
Raund: 1p
Location: https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

GET
H2

200

aHR0cDovL3RyYWZmaXgyLmNvbQ==
popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/ Frame 4D8A
Redirect Chain

https://xml.expialidosius.com/redirect?feed=228413&auth=sceEcB&subid=exp1&query=&url=aol.com
https://mob.kaipirinhaloka.xyz/redirect?feed=165208&auth=ebuQy0&url=aol.com&subid=228413_exp1&query=
https://new.labtrffc.com/l.php?p=c:yfde_8vmlfewx2r36&d=5fe363bc2c58b35d901a85a2&s=165208&d2=aol.com
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

0
0

30ms
30ms

Document
text/html

2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

Requested by

Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

:method: GET
:authority: popmyads.com
:scheme: https
:path: /serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=fb89f6d60e91e649c289444075a2d7ed6ee318b3-1613553022-1800-AZ5eR6fXPzAvdSvlRnweMyYZ5G+wAE3+X0zoN5TOK0tUWC/p4ezbGDpmG4xOs3umvz4P02c/Xdak+1/59nAiDmY=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d87fa961b4f359e540e852648556e8ea81613553022; expires=Fri, 19-Mar-21 09:10:22 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
cf-request-id: 0850da4ea20000061cda330000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9VW8uq42uQiozPXppJhvqVVLu2gWcK8HpplhVdeGmYTWw0%2BuAcQaL0lyI0ExZ2%2FS%2FAybPjLtyQ48kyDhgTCwvsmrHC%2FEWQWlZjepO2OLYUyS2r7EzgEtV1A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5ff76dad061c-FRA
content-encoding: br

Redirect headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 10ut8s57tx
Raund: 1p
Location: https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

GET
H2

200

aHR0cDovL3RyYWZmaXgyLmNvbQ==
popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/ Frame ABFF
Redirect Chain

https://xml.expialidosius.com/redirect?feed=243245&auth=sceEcB&subid=exp&query=&url=bourse.com
https://mob.kaipirinhaloka.xyz/redirect?feed=165208&auth=ebuQy0&url=bourse.com&subid=243245_exp&query=
https://new.labtrffc.com/l.php?p=c:yfde_8vmlfewx2r36&d=5fe363bc2c58b35d901a85a2&s=165208&d2=bourse.com
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

0
0

28ms
27ms

Document
text/html

2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

Requested by

Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

:method: GET
:authority: popmyads.com
:scheme: https
:path: /serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=fb89f6d60e91e649c289444075a2d7ed6ee318b3-1613553022-1800-AZ5eR6fXPzAvdSvlRnweMyYZ5G+wAE3+X0zoN5TOK0tUWC/p4ezbGDpmG4xOs3umvz4P02c/Xdak+1/59nAiDmY=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d87fa961b4f359e540e852648556e8ea81613553022; expires=Fri, 19-Mar-21 09:10:22 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
cf-request-id: 0850da4ed60000061c94b38000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MEYGOevXxumza6C9W4VvDL83KMG%2B0nEohImKIdQ0CKNRxH29VGA6ZIM6fMQVssCm6BouJWZ6v7Q7GN2XFADC0EuPuSE4LiDcHz1tAfQZGHeEiV5%2BVm50TJM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5ff7be42061c-FRA
content-encoding: br

Redirect headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 10ut8s57tx
Raund: 1p
Location: https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

GET
H2

200

aHR0cDovL3RyYWZmaXgyLmNvbQ==
popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/ Frame 19E9
Redirect Chain

https://xml.expialidosius.com/redirect?feed=243245&auth=sceEcB&subid=exp1&query=&url=food.com
https://mob.kaipirinhaloka.xyz/redirect?feed=165208&auth=ebuQy0&url=food.com&subid=243245_exp1&query=
https://new.labtrffc.com/l.php?p=c:yfde_8vmlfewx2r36&d=5fe363bc2c58b35d901a85a2&s=165208&d2=food.com
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

0
0

66ms
65ms

Document
text/html

2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

Requested by

Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

:method: GET
:authority: popmyads.com
:scheme: https
:path: /serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=fb89f6d60e91e649c289444075a2d7ed6ee318b3-1613553022-1800-AZ5eR6fXPzAvdSvlRnweMyYZ5G+wAE3+X0zoN5TOK0tUWC/p4ezbGDpmG4xOs3umvz4P02c/Xdak+1/59nAiDmY=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d87fa961b4f359e540e852648556e8ea81613553022; expires=Fri, 19-Mar-21 09:10:22 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
cf-request-id: 0850da4f030000061cd03c7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JlybYNmI%2BE3LDBOqLL5apH0encByHJ1ZJLnm6uO1s%2FuI2W%2BsScAG0lXnIduDixI%2BuKrvQfaqQDOypxKdLZBvqTq32dB5IVNG0aljsdYODus1gK%2FinxCFJRg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5ff80ed7061c-FRA
content-encoding: br

Redirect headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 10ut8s57tx
Raund: 1p
Location: https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

GET redirect
xml.showcasead.com/ Frame AF77 0
0

GET redirect
xml.showcasead.com/ Frame FF14 0
0

GET redirect
xml.showcasead.com/ Frame 3C88 0
0

GET redirect
xml.showcasead.com/ Frame C516 0
0

GET redirect
xml.showcasead.com/ Frame 5852 0
0

GET redirect
xml.showcasead.com/ Frame A971 0
0

GET opt
volyze.com/ Frame 3EAA 0
0

GET opt
volyze.com/ Frame A91D 0
0

GET
H2 200 ads1.php Show response
ww1.tjeux.com/ Frame 37C4 161 B
393 B 92ms
86ms Script
application/javascript 213.186.33.107
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ww1.tjeux.com/ads1.php?cval=3569605
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.107 , France, ASN16276 (OVH, FR),
Reverse DNS: full-cdn-01.cluster010.hosting.ovh.net
Software: /
Resource Hash: 18d22c74c79d3d2157e7f9a7d5ac85a0c0f0a3ffb7cc808cb9b4d67b73f41e81

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:18 GMT
content-encoding: br
x-cacheable: Cacheable
x-cdn-pop-ip: 137.74.120.32/27
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-cdn-pop: sbg
accept-ranges: bytes
x-request-id: 377979104

GET
H2 200 popmyads.php Show response
www.eurosptp.com/ Frame 715C 5 KB
2 KB 43ms
41ms Document
text/html 213.186.33.19
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eurosptp.com/popmyads.php
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.19 , France, ASN16276 (OVH, FR),
Reverse DNS: cluster010.hosting.ovh.net
Software: Apache / PHP/5.4
Resource Hash: c96551525dd88bc9345b1699c0d1e6da4b164231a37da6a280687e828d729445

Request headers

:method: GET
:authority: www.eurosptp.com
:scheme: https
:path: /popmyads.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: visbl=1; visite24=1; PROMOTION=751c80345e6bb6bc4d71c11a8329b9b5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=iso-8859-1
server: Apache
x-powered-by: PHP/5.4
expires: Sun, 01 Jan 2014 00:00:00 GMT
pragma: no-cache
cache-control: no-cache, must-revalidate
referrer-policy: origin
vary: Accept-Encoding
content-encoding: gzip

GET
H2 200 js15_as.js Show response
s10.histats.com/ Frame 37C4 11 KB
4 KB 1379ms
40ms Script
text/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s10.histats.com/js15_as.js
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:50 GMT
content-encoding: br
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip: 137.74.120.0/27
etag: "-375139978"
x-cacheable: Matched cache
content-type: text/javascript
x-cdn-pop: sbg
accept-ranges: bytes
content-length: 4364
x-request-id: 412319782

GET /
t.riverhit.com/2/ Frame 37C4 0
0

GET
H2 200 / Show response
g.cash-ads.com/ Frame 1F22 1 KB
1 KB 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

7cb463fdead4f5aa3a164dfd424851c58106560debe00be0ac43f889fd88350d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A3A9 1 KB
1 KB 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

f03cecc32fbdad10d53235b26e37f1b86467a38b64b3ef1d5b1395acdef68eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame B7FC 1 KB
1 KB 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

77436856c3b00623e740b3f75a8efe5ffeef49105349f4df4944bb5fc16367bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 678D 1 KB
1 KB 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

7cb463fdead4f5aa3a164dfd424851c58106560debe00be0ac43f889fd88350d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 909E 114 KB
37 KB 69ms
24ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6e2f7e4abb0af99fe128f3e943c469d74d97cd446ff9395ef51fe068ed799209

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:36 GMT
server: nginx
etag: W/"601bd2e4-1c8de"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Thu, 18 Feb 2021 09:10:18 GMT

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 166ms
49ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:43 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 909E 77 KB
31 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NCM67V&l=rsdataLayer

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

00ce6369c3e466ceeadc394ebd3e0ff30c6507a85a7fe27d65535f58356af95a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31161
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:18 GMT

GET
H/1.1

200
OK

pix
ads.rekmob.com/retarget/ Frame 909E
Redirect Chain

https://x.bidswitch.net/sync?ssp=reklamstore
https://x.bidswitch.net/ul_cb/sync?ssp=reklamstore
https://ads.programattik.com/sync?ssp=bidswitch&bidswitch_ssp_id=reklamstore
https://ads.programattik.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=reklamstore
https://x.bidswitch.net/sync?dsp_id=156&expires=14&user_id=9727ec94-b9a5-40c2-b6d4-7483a141cc31&ssp=reklamstore
https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1

35 B
403 B

103ms
102ms

Image
image/gif

146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Server: nginx/1.9.6
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

location: //ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
date: Wed, 17 Feb 2021 09:10:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 192ms
30ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 222ms
30ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 249ms
31ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 307ms
58ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 346ms
40ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 375ms
30ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:44 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H2 200 / Show response
g.cash-ads.com/ Frame E34F 1 KB
1 KB 41ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

f03cecc32fbdad10d53235b26e37f1b86467a38b64b3ef1d5b1395acdef68eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmtzmroV3ID7zCyaNssDanAEQ%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A3CD 1 KB
1 KB 41ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

77436856c3b00623e740b3f75a8efe5ffeef49105349f4df4944bb5fc16367bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6PyYjwLyy0yehuHfFfrcx0%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 903E 1 KB
1 KB 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

7cb463fdead4f5aa3a164dfd424851c58106560debe00be0ac43f889fd88350d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt914IgoUATlLX6%2BSauH4%2F8g%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 21E4 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrqUq%2FUB%2BEs0FXV8ejK0n0s%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrqUq%2FUB%2BEs0FXV8ejK0n0s%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 63E9 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznbEb1G%2FZ2rXvcV8PkC0C5Q%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznbEb1G%2FZ2rXvcV8PkC0C5Q%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame A1A1 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzgh%2BQchYcyo%2BJBHI24qkmcM%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzgh%2BQchYcyo%2BJBHI24qkmcM%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 300x250.png
cpm-ad.com/store/ Frame EB03 36 KB
36 KB 10ms
10ms Image
image/png 2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm-ad.com/store/300x250.png
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf4da1a870c853656ba97415dec0994f4f19d2eb6651cba90acf6c3c0adbf298

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 3901
content-length: 36704
cf-request-id: 0850da3fbb00003128cf10a000000001
last-modified: Thu, 04 Feb 2021 00:15:30 GMT
server: cloudflare
etag: "601b3ca2-8f60"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AlVDUsDVcSM0Hi0bcdPzd17cxJwx0nXsjXoRoDCcOqr552pQw01dD8EHKnUMeey81qEGuRxf77ZGvKKAALwx3XXgb7lXsG5afh8JG9Tdnq3ujDZUrUlk"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e5fdf9fee3128-FRA

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame EB03 218 B
375 B 40ms
39ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=uQbNWNfhVACn9VGoEjv03tVCfHSbzWOV4TVGekvszr4%3D

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

af5f0e8dc77123c22a0128d90ce22017b4cf28380255a72e05b6bf60fad0e16d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 valid.php
cpm-ad.com/serve/ Frame EB03 35 B
343 B 151ms
151ms Image
image/gif 2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm-ad.com/serve/valid.php?a=5280&b=300x250&referr=&t=1613553254&c=smartukas&e=2&f=1&h=ccbebcefaddbfedc
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vEt0sUU8LRiJXk%2BbeyDHI32vTVvfVXHk4ekv0auSZQcrz4rZZp%2FgTSkyXBBPDGpXtkcU7GMRZE3jlxbYaQXqJeGTIPb2aUHSQAksXmTwBNwdJJUGjmvg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 622e5fdf9ff13128-FRA
cf-request-id: 0850da3fbb00003128d130e000000001

GET
H/1.1 200
OK l4.php Show response
mfk-network.com/ads/ Frame 3320 2 KB
2 KB 420ms
138ms Document
text/html 178.211.40.147
INETLTD

General

Check archive.org

Show headers Download Go to

Full URL: https://mfk-network.com/ads/l4.php
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.211.40.147 , Turkey, ASN197328 (INETLTD, TR),
Reverse DNS
Software: nginx / PHP/7.3.27 PleskLin
Resource Hash: d27d57dd4748d26c4e2e6c06a8cf9f9d1b58f11db141524835ac638c56bc95cf

Request headers

Host: mfk-network.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.27 PleskLin

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame EB03 170 B
491 B 1358ms
30ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=92400&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D82237859
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b5e7bd997612dd555cc3276194fd0f0be307ed3a2ca9fc2e35031d245e91256

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:20 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 170

GET
H2 200 728x90.png
cpm-ad.com/store/ Frame 0C2A 25 KB
26 KB 11ms
10ms Image
image/png 2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm-ad.com/store/728x90.png
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17c234114df8b98c37ed3ec8d908738d330d695192d0a1eaba0a120d7c672ab0

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 3940
content-length: 25719
cf-request-id: 0850da3fc2000031286b29d000000001
last-modified: Thu, 04 Feb 2021 00:15:30 GMT
server: cloudflare
etag: "601b3ca2-6477"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sRYnLtgKd0zvtuLh6IUj0t35TtNE5jwEOR2EZRYxa8%2FCSxGsxfhgslYf0wgLrGzz54hQqRd5FqibiOQXQWEMACass6yh2W7I0XOVBEko%2B7qQBJCB0Qzd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e5fdf98003128-FRA

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 0C2A 218 B
375 B 40ms
39ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=uQbNWNfhVACn9VGoEjv03tVCfHSbzWOV4TVGekvszr4%3D

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

af5f0e8dc77123c22a0128d90ce22017b4cf28380255a72e05b6bf60fad0e16d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 valid.php
cpm-ad.com/serve/ Frame 0C2A 35 B
307 B 151ms
151ms Image
image/gif 2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm-ad.com/serve/valid.php?a=5280&b=728x90&referr=&t=1613553254&c=smartukas&e=2&f=1&h=ccbebcefaddbfedc
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QZt2eJmO7ZjxfV6u2%2BgfqzuI7TOBOqeau1nCPDuIvf1UACYJ%2FZidjCU%2BrFEf3jaRFm1p16rSOAYSWB3DG2NZIPnR0vLPcx2tRUy1RPl9UCDWPc1PWfsP"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 622e5fdf98023128-FRA
cf-request-id: 0850da3fc20000312869a5c000000001

GET
H/1.1 200
OK l4.php Show response
mfk-network.com/ads/ Frame 5BBA 2 KB
2 KB 551ms
136ms Document
text/html 178.211.40.147
INETLTD

General

Check archive.org

Show headers Download Go to

Full URL: https://mfk-network.com/ads/l4.php
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.211.40.147 , Turkey, ASN197328 (INETLTD, TR),
Reverse DNS
Software: nginx / PHP/7.3.27 PleskLin
Resource Hash: d27d57dd4748d26c4e2e6c06a8cf9f9d1b58f11db141524835ac638c56bc95cf

Request headers

Host: mfk-network.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.27 PleskLin

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame 0C2A 170 B
491 B 2984ms
28ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=92400&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D63336969
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b5e7bd997612dd555cc3276194fd0f0be307ed3a2ca9fc2e35031d245e91256

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:21 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 170

GET
H2 200 160x600.png
cpm-ad.com/store/ Frame 118A 34 KB
35 KB 11ms
10ms Image
image/png 2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm-ad.com/store/160x600.png
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18c34455c3049d6048e2f70b1ef9aee246dcec5d6fc956a3f451ce21a7c5803c

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 3870
content-length: 34961
cf-request-id: 0850da3fc800003128998fd000000001
last-modified: Thu, 04 Feb 2021 00:15:29 GMT
server: cloudflare
etag: "601b3ca1-8891"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rKyBtCIi9MmKSx%2FVRt1wEJpwLGXMBWNisvDJ4AYk0gT%2Bw71o2PebaMs511WWTeFNfejjbfRzRCMFqXWFPIaNCmw7OiFpHx1U3MYbacgG98k4SIcWb8%2Bc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e5fdfa8143128-FRA

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 118A 218 B
375 B 40ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=uQbNWNfhVACn9VGoEjv03tVCfHSbzWOV4TVGekvszr4%3D

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

af5f0e8dc77123c22a0128d90ce22017b4cf28380255a72e05b6bf60fad0e16d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 valid.php
cpm-ad.com/serve/ Frame 118A 35 B
329 B 289ms
288ms Image
image/gif 2606:4700:3031::ac43:89c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm-ad.com/serve/valid.php?a=5280&b=160x600&referr=&t=1613553254&c=smartukas&e=2&f=1&h=ccbebcefaddbfedc
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:89c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mfA7v7HzuftISP96siqTgadxyLqJYbCsEc7bEEpdKTh5b5oMp1yvBGeFBfUhwQCq2hLQrT1Fzo0ytKYDm4dPuiaSyPyG5%2FQfEf%2BdJkqESNQ%2BtdrkXu85"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 622e5fdfa8163128-FRA
cf-request-id: 0850da3fc800003128c98aa000000001

GET
H/1.1 200
OK l4.php Show response
mfk-network.com/ads/ Frame E813 2 KB
2 KB 687ms
142ms Document
text/html 178.211.40.147
INETLTD

General

Check archive.org

Show headers Download Go to

Full URL: https://mfk-network.com/ads/l4.php
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.211.40.147 , Turkey, ASN197328 (INETLTD, TR),
Reverse DNS
Software: nginx / PHP/7.3.27 PleskLin
Resource Hash: d27d57dd4748d26c4e2e6c06a8cf9f9d1b58f11db141524835ac638c56bc95cf

Request headers

Host: mfk-network.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.27 PleskLin

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame 118A 170 B
491 B 4546ms
28ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=92400&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D5159139
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b5e7bd997612dd555cc3276194fd0f0be307ed3a2ca9fc2e35031d245e91256

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:23 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 170

GET
H2 200 banner.php Show response
g.cash-ads.com/ Frame B6F6 209 B
366 B 50ms
49ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner.php?uid=2121&e=0&p=0&s=0&size=2

Requested by

Host: traffic2bitcoin.com
URL: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

d0bd59e806cb2075a1f5ec970ad7c960adcfa0bca5bd1b6872c3f0568e7aec68

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame D496 1 KB
1 KB 43ms
42ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame D496 84 KB
84 KB 43ms
42ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 89CD 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 9EAE 1 KB
1 KB 42ms
41ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 9EAE 84 KB
84 KB 42ms
41ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame F759 0
0

GET
H/1.1 200
OK ic.png
amazingfreebitcoin.com/ Frame 5D41 754 B
996 B 7552ms
127ms Image
image/png 107.172.10.124
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazingfreebitcoin.com/ic.png
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 107.172.10.124 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: tabib4you.com
Software: Apache /
Resource Hash: 9c4964adac0e09cf0af35a2c9599e7d46af59dac499fd45643e38773818a7e97

Request headers

Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:25 GMT
Last-Modified: Tue, 14 Jan 2020 07:11:02 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 754

GET
H2 200 GE-728-EN.gif
admin.gold-eggs.com/uploads/ckeditor/images/ Frame 5D41 218 KB
219 KB 77ms
29ms Image
image/gif 2606:4700:3035::6815:5c5c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://admin.gold-eggs.com/uploads/ckeditor/images/GE-728-EN.gif
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:5c5c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 702fe7231fdaf68bfdd4b3c20906ba905976e327ed2dfe6383df8db06aa47dd9

Request headers

Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 84005
content-length: 223659
cf-request-id: 0850da400f00004e7f36b1a000000001
last-modified: Fri, 09 Nov 2018 16:17:28 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2627aDyDR5Hb267%2F0Pc%2FhVuUu%2FBTHHx0Ds0kGNaKjn8upTR2QOEmvqiXvXJ%2FjgD0mwEG3a9LMtd8fr%2FgqWmOVqWMWSxcB4RCaM5jrWV46mm28up7z6kigh%2BZ9XD9K7Io"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 622e5fe01e2a4e7f-FRA
expires: Fri, 04 Feb 2022 08:32:25 GMT

GET
H/1.1 200
OK adqlt.php Show response
ad2bitcoin.com/ Frame 6350 752 B
929 B 7553ms
147ms Document
text/html 23.95.12.219
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.95.12.219 , United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 23-95-12-219-host.colocrossing.com
Software: Apache /
Resource Hash: 3e973eabb17e19140e9032711aa8cf191ab8d519781000c1b1d1f427cf623dc7

Request headers

Host: ad2bitcoin.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728

Response headers

Date: Wed, 17 Feb 2021 09:10:23 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 advert.php Show response
www.eurosptp.com/ Frame 44C7 0
365 B 39ms
39ms Document
text/html 213.186.33.19
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eurosptp.com/advert.php?cval=3569606
Requested by: Host: ww1.tjeux.com
URL: https://ww1.tjeux.com/ads1.php?cval=3569605
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.19 , France, ASN16276 (OVH, FR),
Reverse DNS: cluster010.hosting.ovh.net
Software: Apache / PHP/5.4
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: www.eurosptp.com
:scheme: https
:path: /advert.php?cval=3569606
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: visbl=1; visite24=1; PROMOTION=751c80345e6bb6bc4d71c11a8329b9b5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=iso-8859-1
server: Apache
x-powered-by: PHP/5.4
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
last-modified: Wed, 17 Feb 2021 09:10:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip

GET
H2 200 f0ffb9e2d83748d09cbfb12ce59abd99.png
cdn.cryptobrowser.store/media/pb/899/ Frame 2DB4 13 KB
13 KB 57ms
57ms Image
image/png 2606:4700:3030::6815:45ed
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cryptobrowser.store/media/pb/899/f0ffb9e2d83748d09cbfb12ce59abd99.png

Requested by

Host: get.cryptobrowser.site
URL: https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:45ed , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f0db20c19ecbb7cf117ece1dd5c8d8324f39fbff11bffed963b6aa306dc4a23

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"max_age":604800,"report_to":"cf-nel"}
content-length: 13205
cf-request-id: 0850da3ff10000dfef8828a000000001
last-modified: Fri, 24 Jul 2020 15:43:49 GMT
server: cloudflare
etag: "5f1b01b5-3395"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=naO33wry8PVkGs6yLpZrvvsYqe4C1ZztCSaCSGH%2FI6mZ%2FoEWqjRFECM737Torb6q%2B9GzzA71yEvZu4%2Be5fHW5wBUODahFK5FyXXy0nwo1D7DBPVlTZroKSgaQBRpfqcd%2F7Id6A%3D%3D"}],"max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e5fdfed3adfef-FRA

POST
H2 200 / Show response
tr.cryptobrowser.site/api/v2/an/bn/ Frame 2DB4 0
177 B 222ms
37ms XHR
text/plain 212.8.252.212
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.cryptobrowser.site/api/v2/an/bn/

Requested by

Host: get.cryptobrowser.site
URL: https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

212.8.252.212 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

access-control-allow-origin: https://get.cryptobrowser.site
date: Wed, 17 Feb 2021 09:10:19 GMT
access-control-allow-credentials: true
server: nginx
vary: Origin, Accept-Encoding
content-length: 0
strict-transport-security: max-age=15768000

OPTIONS
H2 204 /
tr.cryptobrowser.site/api/v2/an/bn/ Frame 0
0 37ms
37ms Other 212.8.252.212
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.cryptobrowser.site/api/v2/an/bn/

Protocol

Server

212.8.252.212 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://get.cryptobrowser.site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Type,Accept,X-CB-Data
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
strict-transport-security: max-age=15768000

GET
H2 200 pma Show response
popmyads.com/x/ Frame 715C 83 KB
31 KB 85ms
57ms Script
text/html 2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popmyads.com/x/pma
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/popmyads.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash: 876f81b245bddc56705cf98e10eb213725c5d7517927f3b42a8844f5776b186f

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/7.1.33
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zGfnXlnXwgpCHXbvZ01lJx%2BSFdU4P0v%2BCGWU58n%2BVTqM3bxfb7ikWVFu%2BEQEmcNOIqgJbbeQnlil%2FUii9jy8jlQOVr5gbo8WfmcvwR%2BhrSUKM0UrmJ%2FLOE0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 622e5fe01bbe061c-FRA
cf-request-id: 0850da400f0000061cdd935000000001

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 1F22 1 KB
1 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 1F22 84 KB
84 KB 40ms
40ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 5598 0
0

GET
H/1.1 200
OK chicken.gif
nicksstevmark.com/ Frame 3B9B 43 B
353 B 60ms
30ms Image
image/gif 109.206.162.83
SERVEREL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nicksstevmark.com/chicken.gif?z=1817041&pb=28814e1b5b02e39be7950da2ddde679f1613560218&psp=hus7gNn5Ii5Avzl1Xht1a2YnEN8TkKCC5H5_YTgDsF512iJeuoGIY6UNDRDouFud8P-nSAgHOLPJQ9kvguUilpoP8841ThPmK9Yr2gkhmmTpgCEl43bP-zOivbezb4u8Lpgcg6gJBXg71_fRWZobtOqII7v7n8KFnEBAtqvEohlux06yYvSqkW8-kJEa_cwnTRIYTtxtV9NgaxizKzPiwcNx5sUSPfmyrxd7X_VhiR5OQT2DdMomx5d6mAbD5IsG7pnepSVb1qm8R38jVWmQykcjh0FkWZtPaGxYoO1rz_G65RsikHE4rSKFLBr290tLKDEnqvFQioXiwW1pXG7QmwX7683RJQFIUkrMnDCnAQWGNCmdugWGfVPGxEZQwJuSLH3OUKw58XvMZAYXTSMSaZspMIPXtQkKy6zsxloSji9UhRRhRfleAeuGd4JryqBVOkhEG8OTlHcTOCXW4qkF_7sF7bzZwIVxgJPU2dmGmqxGjj2cU_hX7hrimKb-ZoyUM5rxUkVEY1DOQCwo59DSK-5Z7R_f7VEPKstToLkwSf3ZN1SWLf282w_E4cwGAp23vuVHdlOrLunejxrTMRtifmD2z15RsLDCKSa4f-ffrmDEzyQoAx-a3e90-TPRZM6an-P0K8E81J3-QjFclcXRdPlfgUYP4qTtQwNZoQNEP-Ro5bwpIZQ0zrwXmjlTkmPFoejj0FarTMIQJa7BJih_TXchrGpGfPEROcJ5106wBiZHjIaAy9p6zB2f2ifz5d1ROYg6MVy9bhufY9hXO4V9zVNDYLxTq8FNYdSG1Tmr6yo5Zfd2HYC23OR02tDw3XfUbf4tfBqJgs2Cuvi6YmUAw51pou2R4QIv7PSAeZ3haYG4Wzg9w3GpIVVG9tHRbgUeU6hwBm9VhvIXSbuGody5kEoSggXrAo93ugD64R-vXS2YFdVcfJHoscxqdt8xESBXcNgzQQ_eOqcNcANi7eJOCHyCm_jI7naFibOub4R5cy23THo_Rq_Zdh1_ozMWlNUrEN6Vm2vy8nppIckyaxVXcwxpUcbOJZX2Ot1FDVzlgugPp1Z-AGs5PxZmnKNgZMO9L2QahLDkldGpogzFOuiIs3ANG89t2RrceVaKczlrqDzptWfdZUAEiX0HV9CuRXcLH2UKq8IB4Inn8O60IKToIYw24QTJVm-R1LBdzhg5-F-ZZDVmDMgl1XmGQvz5YTgqDJ8eR1y0c5rziuhrJ2bEICjf

Requested by

Host: www.interclics.com
URL: https://www.interclics.com/cinema.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_CBC

Server

109.206.162.83 , Netherlands, ASN50245 (SERVEREL-AS, NL),

Reverse DNS

83.162.serverel.net

Software

nginx /

Resource Hash

44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.interclics.com/cinema.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:18 GMT
X-Content-Type-Options: nosniff
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame A3A9 1 KB
1 KB 41ms
38ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame A3A9 84 KB
84 KB 44ms
39ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame C7EA 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame B7FC 1 KB
1 KB 43ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame B7FC 84 KB
84 KB 45ms
42ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 7A47 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 678D 1 KB
1 KB 52ms
48ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 678D 84 KB
84 KB 47ms
45ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 2D3B 0
0

GET
H2 200 / Show response
g.cash-ads.com/ Frame EC19 502 B
642 B 41ms
39ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKcpBk8GFbxHXQW%2Be5zB1JIc%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner.php?uid=2121&e=0&p=0&s=0&size=2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

cd5c852f2e499b90d50990c2108a43b20192c93711fcd0402c8be8a3845f3e7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=QDg2Nfje%2BgYDQAUbq2TAKcpBk8GFbxHXQW%2Be5zB1JIc%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 v.php Show response
www.adz2you.net/ Frame 5176 0
283 B 313ms
296ms Document
text/html 2606:4700:3032::6815:1d5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adz2you.net/v.php?user=5632
Requested by: Host: traffic2bitcoin.com
URL: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1d5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: www.adz2you.net
:scheme: https
:path: /v.php?user=5632
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=9b387bb1f9b8b29a31e1ba3409344ba123e34c58-1613553018-1800-AV2x7v+9ydjisvwTzHVY1pHUOpQvfloCyrliera7ZWXu/KNUlWoZlMC2fIZPcwkfkDO7hlwgbXEYV/F79S068lQ=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dcaca1792eb3f63a20ec68af9c1a6864d1613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adz2you.net; HttpOnly; SameSite=Lax
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da403000004e672e101000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=64RiNGQmH%2FMqwQH2ykl6wSS0HNHE0JbfrqWKnjUE8SU0ifAVHkyPELyfB1YHoSigjSZlpMNv5Kpm8y5pU0FK%2F2MTUJwxcxUtoVfU95OBubGNeu0mv5zF9xAR4T8%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fe04eef4e67-FRA
content-encoding: br

GET
H2 200 v.php Show response
www.adz2you.net/ Frame DBAE 0
284 B 308ms
291ms Document
text/html 2606:4700:3032::6815:1d5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.adz2you.net/v.php?user=5619
Requested by: Host: traffic2bitcoin.com
URL: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1d5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: www.adz2you.net
:scheme: https
:path: /v.php?user=5619
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=9b387bb1f9b8b29a31e1ba3409344ba123e34c58-1613553018-1800-AV2x7v+9ydjisvwTzHVY1pHUOpQvfloCyrliera7ZWXu/KNUlWoZlMC2fIZPcwkfkDO7hlwgbXEYV/F79S068lQ=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dcaca1792eb3f63a20ec68af9c1a6864d1613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adz2you.net; HttpOnly; SameSite=Lax
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da403000004e67fab84000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JgzcDIiCB9KHWO2tdYp1NfMjo6pvcLmwIPAdWBOHD8wTUXB3ZE0ZJfbK1viEcVwrrwbF%2FDqwtCn6dBVFcLoAfPNM3wiv6ezGtUfxICuUGsaAewQn%2FGWWxxnvPzg%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fe04ef24e67-FRA
content-encoding: br

GET
H2 200 show.php Show response
adz2you.net/serve/ Frame B2ED 10 B
432 B 290ms
288ms Document
text/html 2606:4700:3032::6815:1d5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adz2you.net/serve/show.php?a=3914&b=468x60
Requested by: Host: traffic2bitcoin.com
URL: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:1d5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: 887ee4fd5820088063e31ee2e61869155c1438e27e9f1b116d8fe3bf60829ea7

Request headers

:method: GET
:authority: adz2you.net
:scheme: https
:path: /serve/show.php?a=3914&b=468x60
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=9b387bb1f9b8b29a31e1ba3409344ba123e34c58-1613553018-1800-AV2x7v+9ydjisvwTzHVY1pHUOpQvfloCyrliera7ZWXu/KNUlWoZlMC2fIZPcwkfkDO7hlwgbXEYV/F79S068lQ=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dcaca1792eb3f63a20ec68af9c1a6864d1613553018; expires=Fri, 19-Mar-21 09:10:18 GMT; path=/; domain=.adz2you.net; HttpOnly; SameSite=Lax
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
cf-request-id: 0850da402100004e67e21a7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OTzyAt1%2BZ6BxSqwuHJc4TOyT89MDlzsOb1PnF1%2BHr4jy1p595H4loEQsyGByvK%2FyF355iVvfTVjlLBi%2B2VWP4ihFXP4uyWfiGd4vmL2adOR0U9ALZdxVSw%3D%3D"}]}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fe03ed14e67-FRA
content-encoding: br

GET
H2 200 / Show response
g.cash-ads.com/ Frame 21E4 1 KB
1 KB 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzvfTLYbvIOMYjo3ISO7i6qM%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

730436d16b969e5ebd9930248019fe1d10d44a4961a9a3d4ce444ee3f3ad8ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=eXEy8NJS%2BShQmJDiygzwzvfTLYbvIOMYjo3ISO7i6qM%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrqUq%2FUB%2BEs0FXV8ejK0n0s%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrqUq%2FUB%2BEs0FXV8ejK0n0s%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 63E9 1 KB
1 KB 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrtANmFnFx2OYG12bg6zBxo%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

2d61396a6aeaae8c2d3d93c88a69bbd5749674d38e318c60c75809a17482429a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=eXEy8NJS%2BShQmJDiygzwzrtANmFnFx2OYG12bg6zBxo%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznbEb1G%2FZ2rXvcV8PkC0C5Q%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznbEb1G%2FZ2rXvcV8PkC0C5Q%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A1A1 1 KB
1 KB 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznXM6kIg4JgM7lbrpabKpgg%3D

Requested by

Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c71d3811986a9e5377f9f726ea8359c58ef9fe84e94fbda8045730f7a26ad8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=eXEy8NJS%2BShQmJDiygzwznXM6kIg4JgM7lbrpabKpgg%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzgh%2BQchYcyo%2BJBHI24qkmcM%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzgh%2BQchYcyo%2BJBHI24qkmcM%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:18 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame E34F 1 KB
1 KB 40ms
40ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame E34F 84 KB
84 KB 40ms
40ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt18tNHOl09%2FlNyhWtqjwvJA%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame 33E1 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame A3CD 1 KB
1 KB 40ms
40ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame A3CD 84 KB
84 KB 40ms
40ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt6uHfz1%2BP%2F23DZ3PdhR%2BCkY%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame C898 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 903E 1 KB
1 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 903E 84 KB
84 KB 39ms
39ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=zQ1QZX0NIxAeMYCLBlMmt%2BwX5GJ%2BkXUht7jflP%2BmOxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:18 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:18 GMT

GET redirect
xml.ezmob.com/ Frame CFB8 0
0

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 767ms
766ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=1Cs7jKylS05EJ7hJuvM5&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__1Cs7jKylS05EJ7hJuvM5&ref=www.eurosptp.com&_=1613553018958&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 473a623cd5405e9bdf0ce33027a4a1018eb5bc72bbefd8f17a228a0a787f0195

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 243ms
42ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=7443175411
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 779ms
779ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=a2KNyrexIOAQ0EILBpn1&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__a2KNyrexIOAQ0EILBpn1&ref=www.eurosptp.com&_=1613553018993&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 27c07e1cd9f279bd12dd729d4bdde7eacccf6381e4e0f2ac129987f074fc1ff9

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 222ms
56ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=94477268470
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 raw Show response
api.allorigins.win/ Frame 715C 2 KB
2 KB 294ms
272ms Fetch
text/html 2606:4700:3034::6815:32fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.allorigins.win/raw?url=https://popmyads.com/serve/6123/4832/OW9wbXlkZDF2NzlmZjJmZTU0OGQ=/aHR0cHM6Ly93d3cuZXVyb3NwdHAuY29tL3BvcG15YWRzLnBocA==/1/1600x1200/0
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/popmyads.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:32fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0592edc621d61835bcfac5e4ec3ee05d9aae87be83f4a48ab90204426bea25b4

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
via: allOrigins v2.3.0
cf-cache-status: MISS
nel: {"max_age":604800,"report_to":"cf-nel"}
access-control-allow-methods: OPTIONS, GET, POST, PATCH, PUT, DELETE
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da40a000004a971207f000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7Wh2Q2wmHlX3wRDMykzpg%2FWhQdpMhMOU%2BTx7by0YvdJu4VLpbRYFab%2FdNVGkrlyPQqqbTk5YkHm%2BpNah1wnQXbXk08wbjaHwpVEaKzipKjdVJ0F5HCkgvpG0e09b41w%3D"}],"max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.eurosptp.com
cache-control: public, max-age=3600, stale-if-error=600
access-control-allow-credentials: true
cf-ray: 622e5fe10dbf4a97-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Encoding, Accept

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 4 KB
2 KB 628ms
628ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=oIxFBPKZihfOYuOZQjct&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__oIxFBPKZihfOYuOZQjct&ref=www.eurosptp.com&_=1613553019039&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: b64385430fabfab9e3581344dbbd26d02745b3fe9f8e1cb3b968478fca5807cc

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 176ms
56ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=37669964543
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame EC19 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKcpBk8GFbxHXQW%2Be5zB1JIc%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKcpBk8GFbxHXQW%2Be5zB1JIc%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 21E4 1 KB
1 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzvfTLYbvIOMYjo3ISO7i6qM%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzvfTLYbvIOMYjo3ISO7i6qM%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 21E4 84 KB
84 KB 39ms
39ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzvfTLYbvIOMYjo3ISO7i6qM%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzvfTLYbvIOMYjo3ISO7i6qM%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET redirect
xml.ezmob.com/ Frame EA01 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 63E9 1 KB
1 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrtANmFnFx2OYG12bg6zBxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrtANmFnFx2OYG12bg6zBxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 63E9 84 KB
84 KB 40ms
40ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrtANmFnFx2OYG12bg6zBxo%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwzrtANmFnFx2OYG12bg6zBxo%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET redirect
xml.ezmob.com/ Frame 12B1 0
0

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 609ms
608ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=VfZxLK55g3FVfuSiqYyF&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__VfZxLK55g3FVfuSiqYyF&ref=www.eurosptp.com&_=1613553019047&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 9f9569b71ebaa15731e32a906116066690d454d8dc75ad0270c334fc23c59685

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 169ms
56ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=19984018071
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame A1A1 1 KB
1 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznXM6kIg4JgM7lbrpabKpgg%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznXM6kIg4JgM7lbrpabKpgg%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame A1A1 84 KB
84 KB 39ms
39ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznXM6kIg4JgM7lbrpabKpgg%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=eXEy8NJS%2BShQmJDiygzwznXM6kIg4JgM7lbrpabKpgg%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET redirect
xml.ezmob.com/ Frame 41AC 0
0

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 4 KB
2 KB 710ms
709ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=A7MNwqQBxLZkkkWp8fQB&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__A7MNwqQBxLZkkkWp8fQB&ref=www.eurosptp.com&_=1613553019078&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: d1869ff529f5965c9516ac386bc02160c3a241ec91d64f14a0c3b4d199fb3606

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 140ms
59ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=13169126682
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 / Show response
g.cash-ads.com/ Frame EC19 1 KB
1 KB 41ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D

Requested by

Host: traffic2bitcoin.com
URL: https://traffic2bitcoin.com/ptp.php?ref=markosasmv&sitetype=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

992a978ac02b475e10e84c6359be2c3596ee5aef2e2b15356e933167df8db2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKcpBk8GFbxHXQW%2Be5zB1JIc%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKcpBk8GFbxHXQW%2Be5zB1JIc%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 660ms
660ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=SZvCmlK01VouY5QqApjN&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__SZvCmlK01VouY5QqApjN&ref=www.eurosptp.com&_=1613553019119&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 182b052e6060d0bf50ed0af0acf2f48c75535782dc7bed642dc45826f16f52b6

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 97ms
56ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=10805699214
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame EC19 1 KB
1 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame EC19 84 KB
84 KB 40ms
39ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET redirect
xml.ezmob.com/ Frame 3919 0
0

GET
H2 200 b2.gif
g.cash-ads.com/img/ Frame EC19 7 KB
7 KB 40ms
40ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/b2.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 36ba7545f1bd869f5d3abcc2e0c4e1072a33be1da4934214011a8c4399438e0f

Request headers

Referer: https://g.cash-ads.com/?nc=QDg2Nfje%2BgYDQAUbq2TAKQrTsJ%2F%2BjK%2BczwkPk6UkF6w%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Fri, 11 Sep 2020 22:38:47 GMT
server: nginx
etag: "5f5bfc77-1cf3"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 7411
expires: Fri, 19 Mar 2021 09:10:19 GMT

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 4 KB
2 KB 604ms
603ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=bD6DT8WsgoPTWFN88ZDl&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__bD6DT8WsgoPTWFN88ZDl&ref=www.eurosptp.com&_=1613553019149&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: cad4f89a5d1f97651cd7ea5d2736bd114d6c01630e4c2d96eb3769d75e39582d

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 67ms
57ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=50333631883
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:18 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 20190619160645_47000.jpg
gloimg.gbtcdn.com/soa/gb/pdm-product-pic/Electronic/2019/06/19/source-img/ Frame 3320 30 KB
30 KB 101ms
34ms Image
image/webp 184.24.16.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gloimg.gbtcdn.com/soa/gb/pdm-product-pic/Electronic/2019/06/19/source-img/20190619160645_47000.jpg
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.16.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-16-40.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: c88568465d2298ce76148e2e5f3ae4863e2f924b6ebab3f6130608f0901be6cb

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Wed, 22 Apr 2020 04:41:16 GMT
server: Akamai Image Manager
content-type: image/webp
cache-control: private, no-transform, max-age=43200
timing-allow-origin: *
content-length: 30378
expires: Wed, 17 Feb 2021 21:10:19 GMT

GET
H2 200 0d905b0f-38dd-42e1-a3d3-a0acc648a797.jpg
imgaz.staticbg.com/images/oaupload/banggood/images/7B/22/ Frame 3320 134 KB
134 KB 276ms
31ms Image
image/jpeg 2.17.189.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgaz.staticbg.com/images/oaupload/banggood/images/7B/22/0d905b0f-38dd-42e1-a3d3-a0acc648a797.jpg
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.189.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-17-189-76.deploy.static.akamaitechnologies.com
Software: openresty /
Resource Hash: 21f5285f79abb355603d350bf3928977f415210f524a957886d92784e9bf104f

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Sat, 21 Dec 2019 07:42:22 GMT
server: openresty
x-amz-request-id: 140636fb-fb5b-4017-b1d3-0f156a1ffcaa
x-clv-request-id: 140636fb-fb5b-4017-b1d3-0f156a1ffcaa
etag: "44211e50249f9cc9a43565003f85737a"
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=5888889
x-clv-s3-version: 2.5
accept-ranges: bytes
content-length: 136953
expires: Mon, 26 Apr 2021 12:58:28 GMT

GET
H2 200 EN_300_250.png
ae01.alicdn.com/kf/HTB1fopbov9TBuNjy1zb760pepXaT/ Frame 3320 19 KB
19 KB 348ms
32ms Image
image/webp 104.76.200.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ae01.alicdn.com/kf/HTB1fopbov9TBuNjy1zb760pepXaT/EN_300_250.png
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.76.200.45 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-200-45.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 0f553893c3f87e27252e704ee7e2365fae1d73937a67d70aa6bf75d12a5088e7

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
x-check-cacheable: YES
x-serial: 789
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 17 Feb 2021 21:10:19 GMT
cache-control: private, no-transform, max-age=43200
last-modified: Thu, 17 Dec 2020 10:35:02 GMT
content-length: 19576
timing-allow-origin: *
network_info: DK_COPENHAGEN_9009
from-req-dns-type: NA
server: Akamai Image Manager
served-from: 184.86.102.5

GET popmyads.png
whos.amung.us/swidget/ Frame 3896 0
0

GET
H2

200

404 Show response
popmyads.com/ Frame 3896
Redirect Chain

https://popmyads.com/go
https://popmyads.com/404?dsc6123

837 B
587 B

64ms
64ms

Document
text/html

2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popmyads.com/404?dsc6123
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.1.33
Resource Hash: ee753ae9bc8a63c26a8cfad53c2beb154512129a84273a655ebd4c5d3602c6b1

Request headers

:method: GET
:authority: popmyads.com
:scheme: https
:path: /404?dsc6123
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=017b4deb4807c49529a088ab14e5d47682168caa-1613553018-1800-AQpGT59GDcULOt1vUEMmpYQWAxt6/xRngH+NcRTZtuU+9lAOZKDpQirfdSBf7d31wpAhllMdsDsxCgEwvVBCMe0=
Upgrade-Insecure-Requests: 1
Origin: https://www.eurosptp.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=da3194a6c04e5a5ebccd6c628e1f24a9d1613553019; expires=Fri, 19-Mar-21 09:10:19 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
cf-request-id: 0850da41fc0000061cac95d000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dfzuTyFWH40GkE3zrlLq5Jr0gTWnP2bUcR%2FBW2fO1VhgFl1E8Jl4%2FYUz%2ByFlAXxZv2FegrUiEN8vSFce206XDCgzw6Se6KgW8a4jbEqMDkULWRckB2cN6zE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fe3281f061c-FRA
content-encoding: br

Redirect headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=da3194a6c04e5a5ebccd6c628e1f24a9d1613553019; expires=Fri, 19-Mar-21 09:10:19 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax wGprrBLT=2; expires=Wed, 17-Feb-2021 09:10:21 GMT; Max-Age=2; path=/
x-powered-by: PHP/7.1.33
location: https://popmyads.com/404?dsc6123
cf-cache-status: DYNAMIC
cf-request-id: 0850da41b50000061ca9b9a000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=S%2BiUOMK5jE0emsIKXFbXgKPPXvlZJe9fvVlnh0RWNePch3cM9n8mEViKnGAfCZISizBifMj1OgQSgtCoET%2BLIt%2BMhfZLrzS8P%2FE%2FnxGRaCVOaBODlqKw5WA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 622e5fe2bf73061c-FRA

GET
H2 200 20190619160645_47000.jpg
gloimg.gbtcdn.com/soa/gb/pdm-product-pic/Electronic/2019/06/19/source-img/ Frame 5BBA 30 KB
30 KB 36ms
35ms Image
image/webp 184.24.16.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gloimg.gbtcdn.com/soa/gb/pdm-product-pic/Electronic/2019/06/19/source-img/20190619160645_47000.jpg
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.16.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-16-40.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: c88568465d2298ce76148e2e5f3ae4863e2f924b6ebab3f6130608f0901be6cb

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Wed, 22 Apr 2020 04:41:16 GMT
server: Akamai Image Manager
content-type: image/webp
cache-control: private, no-transform, max-age=43200
timing-allow-origin: *
content-length: 30378
expires: Wed, 17 Feb 2021 21:10:19 GMT

GET
H2 200 0d905b0f-38dd-42e1-a3d3-a0acc648a797.jpg
imgaz.staticbg.com/images/oaupload/banggood/images/7B/22/ Frame 5BBA 134 KB
134 KB 141ms
78ms Image
image/jpeg 2.17.189.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgaz.staticbg.com/images/oaupload/banggood/images/7B/22/0d905b0f-38dd-42e1-a3d3-a0acc648a797.jpg
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.189.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-17-189-76.deploy.static.akamaitechnologies.com
Software: openresty /
Resource Hash: 21f5285f79abb355603d350bf3928977f415210f524a957886d92784e9bf104f

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Sat, 21 Dec 2019 07:42:22 GMT
server: openresty
x-amz-request-id: 140636fb-fb5b-4017-b1d3-0f156a1ffcaa
x-clv-request-id: 140636fb-fb5b-4017-b1d3-0f156a1ffcaa
etag: "44211e50249f9cc9a43565003f85737a"
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=5888889
x-clv-s3-version: 2.5
accept-ranges: bytes
content-length: 136953
expires: Mon, 26 Apr 2021 12:58:28 GMT

GET
H2 200 EN_300_250.png
ae01.alicdn.com/kf/HTB1fopbov9TBuNjy1zb760pepXaT/ Frame 5BBA 19 KB
19 KB 193ms
60ms Image
image/webp 104.76.200.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ae01.alicdn.com/kf/HTB1fopbov9TBuNjy1zb760pepXaT/EN_300_250.png
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.76.200.45 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-200-45.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 0f553893c3f87e27252e704ee7e2365fae1d73937a67d70aa6bf75d12a5088e7

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
x-check-cacheable: YES
x-serial: 789
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 17 Feb 2021 21:10:19 GMT
cache-control: private, no-transform, max-age=43200
last-modified: Thu, 17 Dec 2020 10:35:02 GMT
content-length: 19576
timing-allow-origin: *
network_info: DK_COPENHAGEN_9009
from-req-dns-type: NA
server: Akamai Image Manager
served-from: 184.86.102.5

GET
H2 200 bootstrap.min.css
popmyads.com/dashboard/bootstrap/css/ Frame 3896 104 KB
16 KB 17ms
13ms Stylesheet
text/css 2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popmyads.com/dashboard/bootstrap/css/bootstrap.min.css
Requested by: Host: popmyads.com
URL: https://popmyads.com/404?dsc6123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f61350bc40d801c8fa2b14d71dec2b79a720ac264c71b807ddb73d378af9850

Request headers

Referer: https://popmyads.com/404?dsc6123
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Sep 2017 01:18:58 GMT
server: cloudflare
age: 861
etag: W/"1a046-5588f3ea32480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BAtPQ%2BXpa%2B1GQZCp7tGAHKbsOanmOLlRsllLdbqT0a8ece9ROlgH727Et6fe4J36f6K%2BbYtqaIYjC9B7w4XRBMD4J87o%2FrUV5hELJnWhaE4WyvYpST3B6l8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 622e5fe43966061c-FRA
cf-request-id: 0850da429f0000061cc41d2000000001

GET
H2 200 bootstrap-responsive.min.css
popmyads.com/dashboard/bootstrap/css/ Frame 3896 16 KB
4 KB 15ms
11ms Stylesheet
text/css 2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popmyads.com/dashboard/bootstrap/css/bootstrap-responsive.min.css
Requested by: Host: popmyads.com
URL: https://popmyads.com/404?dsc6123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4289c63fd2b0ae5926316028943355967883265d9907d35e3c3effe4c3a09cd4

Request headers

Referer: https://popmyads.com/404?dsc6123
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 07 Sep 2017 01:18:58 GMT
server: cloudflare
age: 861
etag: W/"41ab-5588f3ea32480"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BDBud50BQ5zriTg33e366B%2BCOaba%2BwfoJ9QwCdtBYomXcwUVLhUz6eDdTUiN2gun9nmTBr%2BN5gWfU0l25grKkfoFPOzERE8ok6N7Rf80Cf%2FQ%2B5EFxhWpFuo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 622e5fe43967061c-FRA
cf-request-id: 0850da42a00000061c9e8b4000000001

GET
H2 200 style.css
popmyads.com/dashboard/css/ Frame 3896 55 KB
11 KB 15ms
12ms Stylesheet
text/css 2606:4700:3034::6815:4436
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popmyads.com/dashboard/css/style.css
Requested by: Host: popmyads.com
URL: https://popmyads.com/404?dsc6123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:4436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3bc4a8c6d724075c74427caf23af8f977bb340c649a9d64b6613ba4b92e695c0

Request headers

Referer: https://popmyads.com/404?dsc6123
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 861
cf-polished: origSize=64686
cf-request-id: 0850da42a00000061cc5987000000001
last-modified: Tue, 10 Oct 2017 12:00:14 GMT
server: cloudflare
etag: W/"fcae-55b300cbfaf80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1Y714BVI8kRAX6VNlUa1n%2BViYpGDDkfwiiyxn9ZsPjzyNFIbRIWLlsjJ%2FR%2BEXoIkGn3YlC6SJ8STxotRfRg1e62uin3O%2BYv6DSw707PDeS2fA9NaHNsa%2FGs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 622e5fe4396a061c-FRA
cf-bgj: minify

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 3896 713 B
444 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Jockey+One

Requested by

Host: popmyads.com
URL: https://popmyads.com/404?dsc6123

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fe68bbc3fdcb7fffe06702b0495a29e82cc8597d0b0b97d24bd05e2081154e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://popmyads.com/404?dsc6123
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:10:19 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:19 GMT

GET
H2

200

806.png
widgets.amung.us/small/08/ Frame 3896
Redirect Chain

https://whos.amung.us/swidget/popmyads404.png
https://widgets.amung.us/small/08/806.png

321 B
751 B

35ms
13ms

Image
image/png

2606:4700:10::6816:4aab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.amung.us/small/08/806.png
Requested by: Host: popmyads.com
URL: https://popmyads.com/404?dsc6123
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 700d8d8016aed5edeba59b13e3828406ace022ec3e6aa3663dc4dfd8f295088e

Request headers

Referer: https://popmyads.com/404?dsc6123
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
cf-cache-status: HIT
age: 151388
content-length: 321
cf-request-id: 0850da433d000005fdfb956000000001
last-modified: Sun, 13 Jun 2010 09:48:30 GMT
server: cloudflare
etag: "4c14a96e-141"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 622e5fe52ca505fd-FRA
expires: Tue, 16 Feb 2021 15:07:11 GMT

Redirect headers

location: https://widgets.amung.us/small/08/806.png
date: Wed, 17 Feb 2021 09:10:19 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8

GET
H2 200 20190619160645_47000.jpg
gloimg.gbtcdn.com/soa/gb/pdm-product-pic/Electronic/2019/06/19/source-img/ Frame E813 30 KB
30 KB 39ms
36ms Image
image/webp 184.24.16.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gloimg.gbtcdn.com/soa/gb/pdm-product-pic/Electronic/2019/06/19/source-img/20190619160645_47000.jpg
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.16.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-16-40.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: c88568465d2298ce76148e2e5f3ae4863e2f924b6ebab3f6130608f0901be6cb

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Wed, 22 Apr 2020 04:41:16 GMT
server: Akamai Image Manager
content-type: image/webp
cache-control: private, no-transform, max-age=43200
timing-allow-origin: *
content-length: 30378
expires: Wed, 17 Feb 2021 21:10:19 GMT

GET
H2 200 0d905b0f-38dd-42e1-a3d3-a0acc648a797.jpg
imgaz.staticbg.com/images/oaupload/banggood/images/7B/22/ Frame E813 134 KB
134 KB 38ms
35ms Image
image/jpeg 2.17.189.76
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgaz.staticbg.com/images/oaupload/banggood/images/7B/22/0d905b0f-38dd-42e1-a3d3-a0acc648a797.jpg
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.189.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-17-189-76.deploy.static.akamaitechnologies.com
Software: openresty /
Resource Hash: 21f5285f79abb355603d350bf3928977f415210f524a957886d92784e9bf104f

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
last-modified: Sat, 21 Dec 2019 07:42:22 GMT
server: openresty
x-amz-request-id: 140636fb-fb5b-4017-b1d3-0f156a1ffcaa
x-clv-request-id: 140636fb-fb5b-4017-b1d3-0f156a1ffcaa
etag: "44211e50249f9cc9a43565003f85737a"
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=5888889
x-clv-s3-version: 2.5
accept-ranges: bytes
content-length: 136953
expires: Mon, 26 Apr 2021 12:58:28 GMT

GET
H2 200 EN_300_250.png
ae01.alicdn.com/kf/HTB1fopbov9TBuNjy1zb760pepXaT/ Frame E813 19 KB
19 KB 51ms
49ms Image
image/webp 104.76.200.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ae01.alicdn.com/kf/HTB1fopbov9TBuNjy1zb760pepXaT/EN_300_250.png
Requested by: Host: mfk-network.com
URL: https://mfk-network.com/ads/l4.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.76.200.45 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-200-45.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 0f553893c3f87e27252e704ee7e2365fae1d73937a67d70aa6bf75d12a5088e7

Request headers

Referer: https://mfk-network.com/ads/l4.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:19 GMT
x-check-cacheable: YES
x-serial: 789
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 17 Feb 2021 21:10:19 GMT
cache-control: private, no-transform, max-age=43200
last-modified: Thu, 17 Dec 2020 10:35:02 GMT
content-length: 19576
timing-allow-origin: *
network_info: DK_COPENHAGEN_9009
from-req-dns-type: NA
server: Akamai Image Manager
served-from: 184.86.102.5

GET
H/1.1 200
OK style_int.inc.css
wx.cm/inc/ Frame 79B7 1 KB
770 B 46ms
45ms Stylesheet
text/css 185.61.152.55
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: http://wx.cm/inc/style_int.inc.css
Requested by: Host: wx.cm
URL: http://wx.cm/ptp/813305
Protocol: HTTP/1.1
Server: 185.61.152.55 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host37.registrar-servers.com
Software: Apache /
Resource Hash: 00297159185bff781d01454e93803bc77fb29dfc0c9b0009f85906bb8deb87bf

Request headers

Referer: http://wx.cm/ptp/813305
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Apr 2020 10:14:42 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 538

GET
H/1.1 200
OK ptp.php Show response
wx.cm/ Frame 11BF 307 B
600 B 92ms
49ms Document
text/html 185.61.152.55
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: http://wx.cm/ptp.php?id=4688&m=813305&s=752f05e8f9caa0919cb7&h=e8f22ff6c774d1a532493226df6c9b3e
Requested by: Host: wx.cm
URL: http://wx.cm/ptp/813305
Protocol: HTTP/1.1
Server: 185.61.152.55 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host37.registrar-servers.com
Software: Apache / PHP/7.2.34
Resource Hash: 41a00e66b79ccfe37800a8fdef6e5422d8d91e5af866117677de8625206140e5

Request headers

Host: wx.cm
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://wx.cm/ptp/813305
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://wx.cm/ptp/813305

Response headers

Date: Wed, 17 Feb 2021 09:10:19 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 257
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

Cookie set / Show response
multibux.org/ Frame 0DF6
Redirect Chain

https://multibux.org/_ref=23
https://multibux.org/

39 KB
10 KB

51ms
49ms

Document
text/html

37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/
Requested by: Host: wx.cm
URL: http://wx.cm/ptp/813305
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/5.5.9-1ubuntu4.26
Resource Hash: fe39ac3df4710cebae456ab0979f548f719969721cec3463667b11a86e7359ab

Request headers

Host: multibux.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://wx.cm/ptp/813305
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://wx.cm/ptp/813305

Response headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:20 GMT
Content-Type: text/html; charset= utf-8
Content-Length: 9589
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=947f310cd6c0e572ae17bbe270b9404e; path=/
Vary: Accept-Encoding
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Wed, 17 Feb 2021 09:10:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=d77fc8dad3e3974c788536e56cca413f; path=/ i=23; expires=Fri, 19-Mar-2021 09:10:20 GMT; Max-Age=2592000 ri=6567161; expires=Fri, 19-Mar-2021 09:10:20 GMT; Max-Age=2592000
Location: /

GET
H2

200

small_logo.gif
wordlinx.com/images/ Frame 79B7
Redirect Chain

http://wordlinx.com/images/small_logo.gif
https://wordlinx.com/images/small_logo.gif

2 KB
3 KB

1405ms
46ms

Image
image/gif

185.61.152.55
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wordlinx.com/images/small_logo.gif
Requested by: Host: wx.cm
URL: http://wx.cm/inc/style_int.inc.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.61.152.55 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host37.registrar-servers.com
Software: Apache /
Resource Hash: 59910c7be4c1275c2dbf048f1925c04aa553607a954cb3b4f67caa6bd62aec4e

Request headers

Referer: http://wx.cm/inc/style_int.inc.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:21 GMT
last-modified: Thu, 27 Feb 2020 11:58:01 GMT
server: Apache
accept-ranges: bytes
content-length: 2558
content-type: image/gif

Redirect headers

Location: https://wordlinx.com/images/small_logo.gif
Date: Wed, 17 Feb 2021 09:10:19 GMT
Server: Apache
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ Frame 37C4 68 B
339 B 1400ms
124ms Script
text/html 192.99.8.27
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://s4.histats.com/stats/0.php?2577526&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mEurosPTP%20-%20Gagnez%20de%20l%27argent%20facilement&@n0&@ohttp%3A%2F%2Fsmartocom.com%2F&@q0&@r0&@s0&@ten-US&@u1600&@b1:129150966&@b3:1613553020&@b4:js15_as.js&@b5:60&@a-_0.2.1&@vhttps%3A%2F%2Fwww.eurosptp.com%2Fpage.php%3Fname%3Dmariusmm&@w
Requested by: Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.99.8.27 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ns500876.ip-192-99-8.net
Software: /
Resource Hash: 3d5895378c71fe200fbabad312903662514aa8e4d32d834c6935b1b4f49fb44d

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Connection: close
Content-Length: 68
Content-Type: text/html;charset=UTF-8

GET
H2 200 display.php Show response
www.performanceonclick.com/a/ Frame EB03 6 KB
2 KB 506ms
173ms Script
application/javascript 35.227.196.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.performanceonclick.com/a/display.php?r=3511723&sub1=92400
Requested by: Host: cpm.ezmob.com
URL: https://cpm.ezmob.com/tag?zone_id=92400&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D82237859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.196.138 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: openresty /
Resource Hash: 9cbfdf10165dd32073e6ab8a6a180de2e879579531a6644dd3033aa1d3a9eb9e

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 09:10:20 GMT
content-encoding: gzip
server: openresty
alt-svc: clear
via: 1.1 google
content-type: application/javascript; charset=utf-8

GET
H2 200 creatives
sgreen.erne.co/ Frame E709 80 KB
80 KB 308ms
56ms Image
image/gif 94.23.73.243
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sgreen.erne.co/creatives?id=PkenkayyQWAo748iZaQT
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR),
Reverse DNS: ip243.ip-94-23-73.eu
Software: openresty /
Resource Hash: fb92a3f3c30a8f80649d36710014b8730708b21b053bfb9be73c1a9c7e274eb0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Tue, 02 Mar 2021 16:06:05 GMT

GET
H2

200

sync
x.bidswitch.net/ Frame E709
Redirect Chain

https://aws-fr.bidswitch.net/impf/0.1378/BSWhttps_A_B_Bgreen.erne.co_Bimpressions_Cid_RqjwjYWTZFaG19Hrz0oSD6JKiNvboqU6lHQEVV7aPMBpSm3rA8Sfi0wasHimF5__je_Jwp_R_I_WAUCTION__PRICE_X/JnZmKZXdIpVIv_dvFB...
https://green.erne.co/impressions?id=qjwjYWTZFaG19Hrz0oSD6JKiNvboqU6lHQEVV7aPMBpSm3rA8Sfi0wasHimF5_je&wp=0.149061
https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=8e6JagLIh2sDa9TYxKj2WVPG

43 B
145 B

34ms
33ms

Image
image/gif

35.157.168.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=8e6JagLIh2sDa9TYxKj2WVPG
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.168.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-168-25.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: http://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=8e6JagLIh2sDa9TYxKj2WVPG
date: Wed, 17 Feb 2021 09:10:20 GMT
server: openresty
content-length: 0
strict-transport-security: max-age=0; includeSubDomains;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

pix
ads.rekmob.com/retarget/ Frame E709
Redirect Chain

https://aws-fr-sync.bidswitch.net/sync?ssp=reklamstore&dsp_id=270&imp=1
https://aws-fr-sync.bidswitch.net/ul_cb/sync?ssp=reklamstore&dsp_id=270&imp=1
https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=reklamstore&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=8e6JagLIh2sDa9TYxKj2WVPG&ssp=reklamstore
https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1

35 B
403 B

32ms
31ms

Image
image/gif

146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Server: nginx/1.9.6
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

location: //ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
date: Wed, 17 Feb 2021 09:10:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 /
aws-fr.bidswitch.net/imp_s2s/0.1378/BSWhttp_A_B_Bgreen.erne.co_Bbidswitch_Bnotify_Cid_RqjwjYWTZFaG19Hrz0oSD6JKiNvboqU6lHQEVV7aPMBpSm3rA8Sfi0wasHimF5__je_Jwp_R_I_WAUCTION__PRICE_X/JnZmKZXdIpVIv_dvFB... Frame E709 43 B
108 B 97ms
45ms Image
image/gif 35.157.168.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aws-fr.bidswitch.net/imp_s2s/0.1378/BSWhttp_A_B_Bgreen.erne.co_Bbidswitch_Bnotify_Cid_RqjwjYWTZFaG19Hrz0oSD6JKiNvboqU6lHQEVV7aPMBpSm3rA8Sfi0wasHimF5__je_Jwp_R_I_WAUCTION__PRICE_X/JnZmKZXdIpVIv_dvFBbbvk83XySjRx2qMjc2q5fauqwKbLVKsdtKUYlBwyLOTqx9VrrcWyLDDoUp0VNll9Vw2m21XoFrq44_7tQcqJefpq7_CWQLfaJ40KxmRsT9324kMS-ijGF1X4Bvy0X52hoWVC_mtWTiQEIxfU11MQPvtkxADeT759SqYRvSU5zo-btzRdhykjMRDDpuImaXoNEN0cwHd69iOwcFw6ze599LUZ2lw3pLKkCQROrcol5PmgWTT1ldUFzY0jfcmQk0CFDJjkWDuq951DfdZVeulmdkOyZ717WNKh7bQllpzpZOjow5wtAaFwN0fXmT0qd4YEwH6Hlx_-_qu-mlKYDktcBr_P_qDzDPV3X1SWymmz09Q-swC_ZfN_R2IYmpvHBLIfhFN1b3X_WnHwBxFAJ0rTNzMI0Fh6fG0gseTpr6TNyNHp8iFB7yL1bz2Omql478GEqhK-OFAtBQ-PjIkZ9fSixxGIELe3cs3DiIFFKB7FrL0cPoms79NAuAsPgMaNe7vOgmDMsnrZVTZMiMg6zC7W4bhcrwR2IxPRdZncKqZlGwxf4gv-E9nNL7RQlaNL6Z9-0feB94cfYOf3281VfLSV6qMiVBK6gYqHroL4OSPDAuwcIECIPBB1PNqiTVOoZoePaM2RcEFDQ4Q_ov2F-lqzErd1d2S4coXJJmxAWSmQHj8PlQ5dUZXmWhg1D8rkkw57i7z6s_QNevS7m73M5R00LViWySscpL_xMFBm-vyhVJNgaMAzFfxXYnyrTsY8IfAD2W0S6qS5AvL-BdNfCPNTt16NFDv_KFBgSbmKIOh6MhYciQYQgk0WJhjXEniPC7SpYkhedPR2poDLH8hfwmDXjSHTrSJDdptcGRgWWf-7Utu7PgFVjoPg725ZwwroyfWdJvnoV7yujRbVDqAkvX85hRE-3cbg/
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.168.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-168-25.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK 1139569 Show response
ad.a-ads.com/ Frame F209 6 KB
2 KB 1158ms
54ms Document
text/html 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1139569?size=300x250

Requested by

Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=smartas&width=728

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) / Phusion Passenger

Resource Hash

f3bd716d547288ee4653188869fe406ab4487c3dc32de32f5efb7de66d85fc95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 17 Feb 2021 09:10:21 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger
X-Original-Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Content-Encoding: gzip

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 909E 2 KB
2 KB 323ms
30ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=44741&s=www.eurosptp.com&x=rekmob&nci=&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&nai=&si=40350&pn=&h=250&w=300&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 5283
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5feb9de310e7-CPH
content-length: 1146
cf-request-id: 0850da4740000010e7c4be0000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H/1.1 200
OK 3e98d504e9b649c4b90348dbd73ebf0a
adimg.rekmob.com/ Frame 1447 11 KB
11 KB 1176ms
52ms Image
image/gif 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/3e98d504e9b649c4b90348dbd73ebf0a
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c3a7af4b5c014cb9378457992e04ccacdde9e15d47cf21ada01d6b56bbc60ce

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 01:11:43 GMT
Via: 1.1 158b0f42a1d87ab9108e2baf28e8c990.cloudfront.net (CloudFront)
Last-Modified: Thu, 21 May 2020 07:18:03 GMT
Server: AmazonS3
Age: 28762
ETag: "976f5c21a45780a23a87d284b8c8a7b6"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 11039
X-Amz-Cf-Id: 0e32JSmikQAmb5XLkM2Wl1J-DRVt1cEI4deYMsnBzy8_iG9QrVZS9w==

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame 1447 2 B
179 B 62ms
61ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&udid=1663d21b9e0d4d1ea7a841d6b87bddad&rid=NjAyY2RkN2MwY2YyOGI1OTkyYzc1MTNl&adId=MTM2Mg==
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 204 display.php
www.performanceonclick.com/ad/ Frame 9D4C 0
0 180ms
179ms Document
text/plain 35.227.196.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.performanceonclick.com/ad/display.php?stamat=m%7C%2Co9jen4jOqB1dAN0dEdHP3xP.454%2CTuo6O6WqAf9d0BILpW7O1y1UKg5QmCAGRRNNcc62DeaOn435WnxBAW3DenzGk4DXktckib3V9h6WteqVIC5nDGpcrbsNP5rM4rSKru4CipQ%2C&cbrandom=0.4890143809148406&cbtitle=&cbiframe=1&cbWidth=300&cbHeight=250&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fwww.markocpm.com%2F
Requested by: Host: www.performanceonclick.com
URL: https://www.performanceonclick.com/a/display.php?r=3511723&sub1=92400
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.196.138 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

:method: GET
:authority: www.performanceonclick.com
:scheme: https
:path: /ad/display.php?stamat=m%7C%2Co9jen4jOqB1dAN0dEdHP3xP.454%2CTuo6O6WqAf9d0BILpW7O1y1UKg5QmCAGRRNNcc62DeaOn435WnxBAW3DenzGk4DXktckib3V9h6WteqVIC5nDGpcrbsNP5rM4rSKru4CipQ%2C&cbrandom=0.4890143809148406&cbtitle=&cbiframe=1&cbWidth=300&cbHeight=250&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fwww.markocpm.com%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250

Response headers

server: openresty
date: Wed, 17 Feb 2021 09:10:20 GMT
access-control-allow-origin: *
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame EB03 227 B
548 B 3303ms
27ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=107011&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D43899332
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 77002ccb8d9892a1281799c1de65d0f380feaf1b7ee9739e8d748cebbb8a4db8

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:23 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 227

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame 909E 30 KB
24 KB 29ms
29ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1613553020758&ver1=2.2.3&qid=230383f5530383f5434353&rnd=yb4vgbc4pvtj&cid=544
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=44741&s=www.eurosptp.com&x=rekmob&nci=&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&nai=&si=40350&pn=&h=250&w=300&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 1257
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5febce4c10e7-CPH
content-length: 23972
cf-request-id: 0850da4762000010e7b3b51000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame 909E 26 B
445 B 30ms
11ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1613553020824&rnd=yb4vgbc4pvtj&ifm=1&uai=1&cid=544&s=www.eurosptp.com&p=44741&x=rekmob&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&ats=0&atf=&nsi=&si=40350&nci=&nai=&pft=0&iip=0&adb=1&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 3707
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fec5a882bca-FRA
content-length: 26
cf-request-id: 0850da47b600002bca6b2bb000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame 909E 26 B
114 B 31ms
12ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1613553020816353&ver=1.2r81&qid=230383f5530383f5434353&p=44741&s=www.eurosptp.com&x=rekmob&cid=544&od1=&od2=&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&nci=&nai=&si=40350&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=yb4vgbc4pvtj&impid=&tps=41&ver1=2.2.3&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&os=&mm=&di=&ip=82.102.20.235&ci=&pp=&bp=&w=300&h=250&pn=&1=2b5b962e41940d9b1130dd8e9cd94361&2=1.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=2&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=544&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=2&icpl=24&icp=http%253A//smartocom.com&irfl=29&irf=https%253A//www.eurosptp.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-22-p-fl-5-s-fl-16-x-fl-6-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-32-nci-fl-0-nai-fl-0-si-fl-5-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-ua-fl-144-os-fl-0-mm-fl-0-di-fl-0-ip-fl-13-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-3-h-fl-3-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andMacIntel&adv=0&det=1&adb=1&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=undefined&ncf=4g_10_undefined_null_0_undefined_false&fli=3429136985&flerr=0&trim=&fio=15
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 2874
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fec5a892bca-FRA
content-length: 26
cf-request-id: 0850da47b600002bca1d20b000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H2 200 bi.js Show response
cdn.runative-syndicate.com/sdk/v1/ Frame 07A3 6 KB
6 KB 1433ms
45ms Script
application/javascript 67.27.233.121
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.runative-syndicate.com/sdk/v1/bi.js
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 408ca75b8f72d7b6231cd0cef752fc5e0c8d16ac75d060a243c62e55262b8fc7

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
last-modified: Fri, 20 Nov 2020 13:41:36 GMT
server: nginx
age: 7672061
etag: "5fb7c790-1934"
content-type: application/javascript
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 6452

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame 07A3 2 B
179 B 100ms
100ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&udid=790209a8be6744c7bee7b787a14fc89f&rid=NjAyY2RkN2MwY2YyOGI1OTkyYzc1MWNk&adId=MTM5Mw==
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:46 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame 909E 30 KB
24 KB 24ms
24ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1613553020892&ver1=2.2.3&qid=230383f5530383f5434353&rnd=y1patae1ds6e&cid=544
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=44741&s=www.eurosptp.com&x=rekmob&nci=&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&nai=&si=40350&pn=&h=250&w=300&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 1257
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fecafa210e7-CPH
content-length: 23972
cf-request-id: 0850da47e7000010e701902000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H/1.1 200
OK 3e98d504e9b649c4b90348dbd73ebf0a
adimg.rekmob.com/ Frame 34F9 11 KB
11 KB 767ms
54ms Image
image/gif 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/3e98d504e9b649c4b90348dbd73ebf0a
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c3a7af4b5c014cb9378457992e04ccacdde9e15d47cf21ada01d6b56bbc60ce

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 01:11:43 GMT
Via: 1.1 158b0f42a1d87ab9108e2baf28e8c990.cloudfront.net (CloudFront)
Last-Modified: Thu, 21 May 2020 07:18:03 GMT
Server: AmazonS3
Age: 28762
ETag: "976f5c21a45780a23a87d284b8c8a7b6"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 11039
X-Amz-Cf-Id: shh0gchqLRlGTSmYE3ZxOhoiLvU-UZfw7hKEYnabOvWn6nQe0NYUtg==

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame 34F9 2 B
179 B 36ms
36ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&udid=3e6522ed8401437abf79a1068d510fb8&rid=NjAyY2RkN2MwY2YyOGI1OTkyYzc1MWQw&adId=MTM2Mg==
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:45 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame 909E 30 KB
24 KB 25ms
25ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1613553020905&ver1=2.2.3&qid=230383f5530383f5434353&rnd=rs3km62kyaqd&cid=544
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=44741&s=www.eurosptp.com&x=rekmob&nci=&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&nai=&si=40350&pn=&h=250&w=300&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 1257
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fecbfdd10e7-CPH
content-length: 23972
cf-request-id: 0850da47f6000010e7ab3bb000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame 909E 26 B
110 B 13ms
12ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1613553020975&rnd=rs3km62kyaqd&ifm=1&uai=1&cid=544&s=www.eurosptp.com&p=44741&x=rekmob&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&ats=0&atf=&nsi=&si=40350&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 3707
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fed2b822bca-FRA
content-length: 26
cf-request-id: 0850da483900002bca04358000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame 909E 26 B
110 B 12ms
11ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=161355302096994&ver=1.2r81&qid=230383f5530383f5434353&p=44741&s=www.eurosptp.com&x=rekmob&cid=544&od1=&od2=&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&nci=&nai=&si=40350&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=rs3km62kyaqd&impid=&tps=45&ver1=2.2.3&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&os=&mm=&di=&ip=82.102.20.235&ci=&pp=&bp=&w=300&h=250&pn=&1=2b5b962e41940d9b1130dd8e9cd94361&2=1.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=2&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=544&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=2&icpl=24&icp=http%253A//smartocom.com&irfl=29&irf=https%253A//www.eurosptp.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-22-p-fl-5-s-fl-16-x-fl-6-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-32-nci-fl-0-nai-fl-0-si-fl-5-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-ua-fl-144-os-fl-0-mm-fl-0-di-fl-0-ip-fl-13-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-3-h-fl-3-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andMacIntel&adv=0&det=1&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=undefined&ncf=4g_10_undefined_null_0_undefined_false&fli=3429136985&flerr=0-a1&trim=&fio=13
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:20 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 2874
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fed2b832bca-FRA
content-length: 26
cf-request-id: 0850da483900002bca2407b000000001
expires: Wed, 17 Feb 2021 11:10:20 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame 909E 26 B
265 B 10ms
10ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1613553020998&rnd=rs3km62kyaqd&ifm=1&uai=1&cid=544&s=www.eurosptp.com&p=44741&x=rekmob&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&ats=0&atf=&nsi=&si=40350&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:21 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 3708
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fed4bb82bca-FRA
content-length: 26
cf-request-id: 0850da484f00002bca1a854000000001
expires: Wed, 17 Feb 2021 11:10:21 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame 909E 26 B
114 B 13ms
13ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1613553020991569&ver=1.2r81&qid=230383f5530383f5434353&p=44741&s=www.eurosptp.com&x=rekmob&cid=544&od1=&od2=&adtg=f3bb5ae9c193436aba0670b5d79bd2e3&nci=&nai=&si=40350&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=rs3km62kyaqd&impid=&tps=45&ver1=2.2.3&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&os=&mm=&di=&ip=82.102.20.235&ci=&pp=&bp=&w=300&h=250&pn=&1=2b5b962e41940d9b1130dd8e9cd94361&2=1.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=2&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=544&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=2&icpl=24&icp=http%253A//smartocom.com&irfl=29&irf=https%253A//www.eurosptp.com/&cty=4&fcs=0&flky=&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andMacIntel&adv=0&det=0&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=undefined&ncf=4g_10_undefined_null_0_undefined_false&fli=3429136985&flerr=0-a1-27-v8&trim=&fio=12
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:21 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 2875
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e5fed4bb92bca-FRA
content-length: 26
cf-request-id: 0850da484f00002bca473e7000000001
expires: Wed, 17 Feb 2021 11:10:21 GMT

GET
H/1.1 200
OK https.js Show response
multibux.org/js/ Frame 0DF6 157 B
498 B 32ms
31ms Script
application/javascript 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/js/https.js
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: dc03ab8ed6b0c0286bd7d1aa1a87f5a536e39cc510f24f65f7e29e020d8de136

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Fri, 28 Jul 2017 20:38:27 GMT
Server: nginx
ETag: "597ba0c3-9d"
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 157
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK style.css
multibux.org/css/ Frame 0DF6 16 KB
5 KB 64ms
31ms Stylesheet
text/css 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/css/style.css?v=0.1.2.1
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 6604e0c2e8f061957a5e0a3d272af3ad70cdea631b6907fb35cf1d5ebaa60beb

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 16 Dec 2019 07:32:27 GMT
Server: nginx
ETag: W/"5df7330b-41d2"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0DF6 7 KB
801 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300,700

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f06c5f18584e8d94f0b4997820910454e00e752f9ef1d317075879769e197529

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:38:13 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:21 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ Frame 0DF6 86 KB
30 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 00:30:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31198
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30774
x-xss-protection: 0
last-modified: Mon, 13 May 2019 14:37:17 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Feb 2022 00:30:23 GMT

GET
H/1.1 200
OK jquery.cookie.js Show response
multibux.org/js/ Frame 0DF6 2 KB
1 KB 157ms
30ms Script
application/javascript 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/js/jquery.cookie.js
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 8de3c69167586aa5e95b77e613f84846384cbab1189183c1bd792451f482c66f

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Content-Encoding: gzip
Last-Modified: Sun, 10 Nov 2019 17:04:58 GMT
Server: nginx
ETag: W/"5dc8433a-96f"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK loader.css
multibux.org/css/ Frame 0DF6 14 KB
1 KB 94ms
30ms Stylesheet
text/css 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/css/loader.css?v=2.0.1
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: f1f3089e0af4eab2761f46ad62b6c7ade98630911286829441cc0822d2009df2

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 14:09:07 GMT
Server: nginx
ETag: W/"5b743403-3855"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lobibox.css
multibux.org/css/ Frame 0DF6 27 KB
4 KB 126ms
31ms Stylesheet
text/css 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/css/lobibox.css?v=3.0.19
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: ee06a6b4644e885a1f55f9647305a518bbe6aa35990ae65dd36746fdd37f714e

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 24 May 2016 11:01:20 GMT
Server: nginx
ETag: W/"57443480-6c97"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lobibox.js Show response
multibux.org/js/ Frame 0DF6 56 KB
11 KB 201ms
44ms Script
application/javascript 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/js/lobibox.js?v=3.0.19
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 0f99d2f45fa96feb11a003e7d7d4816346d4938094e1d56e66348b479317df94

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Sep 2018 06:30:35 GMT
Server: nginx
ETag: W/"5b8e268b-e014"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK logo1.png
multibux.org/images/ Frame 0DF6 2 KB
2 KB 33ms
29ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/logo1.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 91f88b3974b881cb1425c983306ead4fed274c39e12f7c4b5914465b288a3db6

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Tue, 11 Dec 2018 07:28:55 GMT
Server: nginx
ETag: "5c0f6737-74f"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 1871
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK bancode.php Show response
multibux.org/ Frame 0DF6 11 KB
6 KB 80ms
46ms Script
text/javascript 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/bancode.php?id=1
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/5.5.9-1ubuntu4.26
Resource Hash: 86a1847a6b7094235f75931c7fceee2dd3b0fff9d3aedfe484bd74ec0bd574fb

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:21 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK ppcc2.png
multibux.org/images/main1/ Frame 0DF6 57 KB
57 KB 118ms
37ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/ppcc2.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 016dc988ae4d24596967303bd629b5c3d5f4b6a62e57ea8b75aa87601fc3acb2

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Tue, 10 Dec 2019 10:28:59 GMT
Server: nginx
ETag: "5def736b-e431"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 58417
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sheme.png
multibux.org/images/main1/ Frame 0DF6 38 KB
39 KB 363ms
31ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/sheme.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 4aead90a3b30dbcaab174bb37b6198c11ce250fb547ba319a453056f1793e454

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Mon, 09 Dec 2019 14:24:25 GMT
Server: nginx
ETag: "5dee5919-999d"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 39325
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK shesterni.png
multibux.org/images/main1/ Frame 0DF6 51 KB
51 KB 401ms
32ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/shesterni.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 07574ebbbeeeeb5830d1bc614fcbe8516633adf130f9c613a0bacaf781cf6785

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Tue, 10 Dec 2019 14:21:20 GMT
Server: nginx
ETag: "5defa9e0-cc16"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 52246
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ Frame 0DF6 4 KB
2 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=TranslateInit

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

1a116fcfb1dd6b173cca01c2b78d81c485ef8d866d76f5eef0774dc63a3a0ba8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: HTTP server (unknown)
content-language: en
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1873
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK lang__ru.png
multibux.org/images/lang/ Frame 0DF6 899 B
1 KB 536ms
29ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/lang/lang__ru.png?lang
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 73ba093d2e134bee9f470147aad2521ef9ee5d6a48e32dc6377553546a7ce628

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Sat, 07 Sep 2019 17:12:44 GMT
Server: nginx
ETag: "5d73e50c-383"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 899
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lang__en.png
multibux.org/images/lang/ Frame 0DF6 1 KB
2 KB 533ms
29ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/lang/lang__en.png?lang
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 270665a3d97e7d35e67813df4aef7c8dd7a31ba1795c72568a74e796337aa193

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Sat, 07 Sep 2019 17:12:44 GMT
Server: nginx
ETag: "5d73e50c-4d5"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 1237
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ Frame 0DF6 906 B
714 B 18ms
15ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=loadCaptcha&render=explicit

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5e21a27c3d723850a671d7006303ce5dbb022831ef128db4a000297e085efdf5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 571
x-xss-protection: 1; mode=block
expires: Wed, 17 Feb 2021 09:10:22 GMT

GET
H/1.1 200
OK vkgroup.png
multibux.org/images/main1/ Frame 0DF6 15 KB
15 KB 517ms
30ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/vkgroup.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 8306fa2dd9d8f1aca0c29000a17e06a5f2dcb2bf714f353f7bbe794a20112945

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Tue, 10 Dec 2019 11:24:45 GMT
Server: nginx
ETag: "5def807d-3a81"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 14977
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lincode.php Show response
multibux.org/ Frame 0DF6 9 KB
3 KB 301ms
34ms Script
text/javascript 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://multibux.org/lincode.php?id=6
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/5.5.9-1ubuntu4.26
Resource Hash: a154813e235e03699c5247ee1b87d1d285ac2d6de722301e793edff2a6f9ddcc

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:22 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Transfer-Encoding: chunked
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK handshake.png
multibux.org/images/buttons/ Frame 0DF6 9 KB
10 KB 275ms
30ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/buttons/handshake.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: bf39ad0bf3ce02acfb00ddb49ca2b9d9c1604b42011bf57fbb435089a4bffbdf

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Mon, 03 Feb 2020 13:13:42 GMT
Server: nginx
ETag: "5e381c86-25cd"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 9677
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK bullhorn.png
multibux.org/images/buttons/ Frame 0DF6 10 KB
10 KB 156ms
29ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/buttons/bullhorn.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: cb044c55062c197d2c772f63eeb054327d35f49822f529e7ddd37756fafa7ad6

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Mon, 03 Feb 2020 13:09:36 GMT
Server: nginx
ETag: "5e381b90-2896"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 10390
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK statistics.png
multibux.org/images/buttons/ Frame 0DF6 7 KB
8 KB 139ms
32ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/buttons/statistics.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: e714e6e72599483f8956b5a6a8c69fd5351259364398cc0ce93aed23b85c8044

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Mon, 03 Feb 2020 13:18:22 GMT
Server: nginx
ETag: "5e381d9e-1d6d"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 7533
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lifetime.png
multibux.org/images/buttons/ Frame 0DF6 9 KB
10 KB 126ms
30ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/buttons/lifetime.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 6bbaa421f7cc6cf008ad8aa2286e25069ad2789833a3e39cf48fad8db465530d

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Mon, 03 Feb 2020 13:16:32 GMT
Server: nginx
ETag: "5e381d30-24b7"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 9399
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK pss.png
multibux.org/images/main1/ Frame 0DF6 10 KB
10 KB 111ms
32ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/pss.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: ec610829ceaab330191de51dd7e084061b6fa0f8fddc9b517fe421cebf9861ac

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Mon, 09 Dec 2019 15:34:43 GMT
Server: nginx
ETag: "5dee6993-27fa"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 10234
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cycounter
yandex.ru/ Frame 0DF6 1 KB
2 KB 176ms
81ms Image
image/png 2a02:6b8:a::a
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yandex.ru/cycounter?multibux.org&theme=light&lang=ru

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

eb077650e1313eb9fc73c4a5951d2a9f8015d40b10dc0b79e25c3ec6ffd204e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expires: Fri, 26 Feb 2021 09:49:37 GMT
last-modified: Fri, 12 Feb 2021 09:49:37 GMT
nel: {"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1}
report-to: { "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: image/png

GET
H2 200 3_0_FFFFFFFF_EFEFEFFF_0_pageviews
metrika-informer.com/informer/55666786/ Frame 0DF6 1 KB
2 KB 161ms
54ms Image
image/png 149.5.244.96
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrika-informer.com/informer/55666786/3_0_FFFFFFFF_EFEFEFFF_0_pageviews

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.5.244.96 , United States, ASN174 (COGENT-174, US),

Reverse DNS

Software

Resource Hash

9fc5d1e23af2145db4b2165e29890bb554491ddf1ec6959496897429ca1f8a89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:22 GMT
last-modified: Wed, 17-Feb-2021 09:10:22 GMT
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-length: 1364
x-xss-protection: 1; mode=block
expires: Wed, 17-Feb-2021 09:10:22 GMT

GET
H2 200 jquery-ui.js Show response
code.jquery.com/ui/1.11.4/ Frame 0DF6 460 KB
112 KB 34ms
14ms Script
application/javascript 2001:4de0:ac19::1:b:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.11.4/jquery-ui.js
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0c8e8d7408611519ceda4e759ae9987834a17addc8f0028241ffed7fb0113612

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
content-encoding: gzip
last-modified: Wed, 11 Mar 2015 13:03:17 GMT
server: nginx
etag: W/"55003d15-72e44"
vary: Accept-Encoding
x-hw: 1613553022.dop210.fr8.t,1613553022.cds210.fr8.hn,1613553022.cds125.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 114093

GET
H/1.1 200
OK push.js Show response
push.multibux.org/ Frame 0DF6 53 KB
15 KB 3177ms
47ms Script
application/javascript 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://push.multibux.org/push.js?id=8
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/5.5.9-1ubuntu4.26
Resource Hash: 1a02115af0ccc87ddbff3b473d5907d53c9b692ed2b14ad1a5ea411bb9ef0769

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 17 Feb 2021 09:10:24 GMT
Server: nginx
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Keep-Alive: timeout=60
Content-Length: 15477

GET
H2 200 display.php Show response
www.performanceonclick.com/a/ Frame 0C2A 6 KB
2 KB 179ms
179ms Script
application/javascript 35.227.196.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.performanceonclick.com/a/display.php?r=3511723&sub1=92400
Requested by: Host: cpm.ezmob.com
URL: https://cpm.ezmob.com/tag?zone_id=92400&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D63336969
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.196.138 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: openresty /
Resource Hash: f1fe57aa83d973b22fcd14ccc9944935a46ae45fa11649a44b5e3d2582afc8dc

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 09:10:22 GMT
content-encoding: gzip
server: openresty
alt-svc: clear
via: 1.1 google
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK 300x250
static.a-ads.com/a-ads-banners/138835/ Frame F209 27 KB
27 KB 839ms
53ms Image
image/gif 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/138835/300x250?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/1139569?size=300x250
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.85-10-201-130.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 5ad86d9267ecc7653059e558b183942ba76601845d85dba74540efac223e46ba

Request headers

Referer: https://ad.a-ads.com/1139569?size=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Tue, 16 Feb 2021 09:33:37 GMT
Server: nginx/1.14.0 (Ubuntu)
x-amz-request-id: E8687EE1D88A4645
ETag: "44bc8bc1d6d7bce8abf491773717148a"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 27193
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: 7HlQUhynHmC5HenYtwtNF9lWlYcrse40F7nQofKgWN5UOS8rNfbUK3OeoUJNcRAG2HCgXoMO6ng=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame F209 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 0DF6 8 KB
809 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:600,700,400,300

Requested by

Host: multibux.org
URL: https://multibux.org/css/lobibox.css?v=3.0.19

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c79f45aa72da8267dd5abcffe78bfd8fbc9add544bbccf6db01d5b6f54e1c7d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/css/lobibox.css?v=3.0.19
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 07:50:22 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:22 GMT

GET
H2 204 display.php
www.performanceonclick.com/ad/ Frame 3328 0
0 181ms
180ms Document
text/plain 35.227.196.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.performanceonclick.com/ad/display.php?stamat=m%7C%2Cg93dnYharB1dAN0dEdHP3xP.7f1%2CTuo6O6WqAf9d0BILpW7O13_ntqjhK5PRfunfDdsO9E0KlQORyx8VdFg1S731PccxWvwKeJYxqd1xk4uoRB3JJ3Xy84eG7Mi0s8vhx_fn6Ys%2C&cbrandom=0.6860167709378258&cbtitle=&cbiframe=1&cbWidth=728&cbHeight=90&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fwww.markocpm.com%2F
Requested by: Host: www.performanceonclick.com
URL: https://www.performanceonclick.com/a/display.php?r=3511723&sub1=92400
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.196.138 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

:method: GET
:authority: www.performanceonclick.com
:scheme: https
:path: /ad/display.php?stamat=m%7C%2Cg93dnYharB1dAN0dEdHP3xP.7f1%2CTuo6O6WqAf9d0BILpW7O13_ntqjhK5PRfunfDdsO9E0KlQORyx8VdFg1S731PccxWvwKeJYxqd1xk4uoRB3JJ3Xy84eG7Mi0s8vhx_fn6Ys%2C&cbrandom=0.6860167709378258&cbtitle=&cbiframe=1&cbWidth=728&cbHeight=90&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fwww.markocpm.com%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90

Response headers

server: openresty
date: Wed, 17 Feb 2021 09:10:22 GMT
access-control-allow-origin: *
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame 0C2A 227 B
548 B 3825ms
28ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=107011&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D59542365
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 77002ccb8d9892a1281799c1de65d0f380feaf1b7ee9739e8d748cebbb8a4db8

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:26 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 227

GET
H/1.1 200
OK bg.png
multibux.org/images/ Frame 0DF6 19 KB
19 KB 173ms
31ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/bg.png
Requested by: Host: multibux.org
URL: https://multibux.org/css/style.css?v=0.1.2.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: d3c48f4c1bcfacbbced503f338b930da929a0bd3ee8e360ee6f684bdd406da11

Request headers

Referer: https://multibux.org/css/style.css?v=0.1.2.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Mon, 10 Dec 2018 09:21:45 GMT
Server: nginx
ETag: "5c0e3029-4a48"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 19016
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK mm1.png
multibux.org/images/main1/ Frame 0DF6 2 KB
2 KB 80ms
34ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/mm1.png?
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: a7a3275fa13bf55c34803695a11a1a476fd22ceca5882bd5f0e9bd953dd06216

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Mon, 09 Dec 2019 14:35:29 GMT
Server: nginx
ETag: "5dee5bb1-66e"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 1646
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK mm2.png
multibux.org/images/main1/ Frame 0DF6 429 B
758 B 203ms
30ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/mm2.png?
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 58ac5eb706801ee72fc1d49c51ca4850012a5c0fd82c824dab000ccb833a22f5

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Mon, 09 Dec 2019 14:35:30 GMT
Server: nginx
ETag: "5dee5bb2-1ad"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 429
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK mm3.png
multibux.org/images/main1/ Frame 0DF6 975 B
1 KB 110ms
29ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/mm3.png?
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 85aa190c922d28392b8c3db3300fd63d6f1511cb7c88975e6a7bc7691fcacd14

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Mon, 09 Dec 2019 14:35:32 GMT
Server: nginx
ETag: "5dee5bb4-3cf"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 975
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK banners.png
multibux.org/images/main1/ Frame 0DF6 10 KB
10 KB 140ms
30ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/banners.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 5c43c89ca64ac7cf8e370d76c6d8cdb81eae4d249f048cc39e85c387108aa816

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Tue, 10 Dec 2019 14:21:21 GMT
Server: nginx
ETag: "5defa9e1-2711"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 10001
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK reviews.png
multibux.org/images/main1/ Frame 0DF6 19 KB
20 KB 236ms
32ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/main1/reviews.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 8e266356a7af236a8e5ec140b205d8c1f0ad91f2c80b77805c0a3a67ead49985

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Tue, 10 Dec 2019 14:21:22 GMT
Server: nginx
ETag: "5defa9e2-4d01"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 19713
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 translateelement.css
translate.googleapis.com/translate_static/css/ Frame 0DF6 18 KB
4 KB 33ms
6ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=TranslateInit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:57:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 787
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3619
x-xss-protection: 0
last-modified: Wed, 12 Feb 2020 21:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 17 Feb 2021 09:57:15 GMT

GET
H2 200 main.js Show response
translate.googleapis.com/translate_static/js/element/ Frame 0DF6 4 KB
2 KB 33ms
6ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/js/element/main.js

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=TranslateInit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d42383b5324502731c01f9f7a3e006a19287abd6035519e3da33f9861fef1c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:48:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1286
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2029
x-xss-protection: 0
last-modified: Thu, 03 Dec 2020 22:45:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 17 Feb 2021 09:48:56 GMT

GET
H/1.1 200
OK 1110727 Show response
ad.a-ads.com/ Frame 3516 6 KB
2 KB 48ms
47ms Document
text/html 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1110727?size=728x90

Requested by

Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/ad.php?ref=smartas&width=728

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) / Phusion Passenger

Resource Hash

7449e04f8a192aea56e9f0b1d88c191c4d9e3bfd5a32ec178158c6b4680aa38a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 17 Feb 2021 09:10:22 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger
X-Original-Referer: https://ad2bitcoin.com/ad.php?ref=smartas&width=728
Content-Encoding: gzip

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame 0DF6 332 KB
129 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=loadCaptcha&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://multibux.org
Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132389
x-xss-protection: 0
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Feb 2022 09:06:05 GMT

GET
H/1.1 200
OK stripes.png
multibux.org/images/ Frame 0DF6 1022 B
1 KB 90ms
29ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/stripes.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 02d39564046f0771e02353626fcfa94fa7bb042574ccbcc1c04d9921b6cda517

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Fri, 07 Dec 2018 06:58:43 GMT
Server: nginx
ETag: "5c0a1a23-3fe"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 1022
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK arrow.png
multibux.org/images/ Frame 0DF6 429 B
758 B 96ms
29ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/arrow.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 34ad6d1cb319319ba1c0c7bc04f460d6ea5cd913452c6cc8d95b346241ca02f8

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Fri, 27 Sep 2019 07:19:17 GMT
Server: nginx
ETag: "5d8db7f5-1ad"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 429
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYb9lecyU.woff2
fonts.gstatic.com/s/robotocondensed/v19/ Frame 0DF6 11 KB
11 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYb9lecyU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac42e86ff1d0fc78a7870a72cf5d1bbf0a509a852dba1d8abdc734892b0d4844

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://multibux.org
Referer: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,300,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:08:35 GMT
server: sffe
age: 504819
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11052
x-xss-protection: 0
expires: Fri, 11 Feb 2022 12:56:43 GMT

GET
H2 200 tag.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ Frame 0DF6 210 KB
76 KB 9ms
8ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3a9986a765fae3dd3daf10d2860ad9b826af81ac5949d4db4ae9b807bd17f52f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 13302
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 78006
etag: W/"3461d-mjJBMHnvlSiFHAqIntZXyhyw6Ao"
x-served-by: cache-fra19137-FRA, cache-hhn4069-HHN
date: Wed, 17 Feb 2021 09:10:22 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1

200
OK

hit
counter.yadro.ru/ Frame 0DF6
Redirect Chain

https://counter.yadro.ru/hit?t16.6;rhttp%3A//wx.cm/ptp/813305;s1600*1200*24;uhttps%3A//multibux.org/;hMULTIBUX%20-%20%u0413%u043B%u0430%u0432%u043D%u0430%u044F;0.2602094844483056
https://counter.yadro.ru/hit?q;t16.6;rhttp%3A//wx.cm/ptp/813305;s1600*1200*24;uhttps%3A//multibux.org/;hMULTIBUX%20-%20%u0413%u043B%u0430%u0432%u043D%u0430%u044F;0.2602094844483056

231 B
685 B

75ms
74ms

Image
image/gif

88.212.201.210
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t16.6;rhttp%3A//wx.cm/ptp/813305;s1600*1200*24;uhttps%3A//multibux.org/;hMULTIBUX%20-%20%u0413%u043B%u0430%u0432%u043D%u0430%u044F;0.2602094844483056

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.210 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

2ca574bd0d87a193dacb03f8543a5c2baa7f43cdc5c2d7d927fdc9ea8cc0ea75

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:23 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 231
Expires: Mon, 17 Feb 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:23 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;t16.6;rhttp%3A//wx.cm/ptp/813305;s1600*1200*24;uhttps%3A//multibux.org/;hMULTIBUX%20-%20%u0413%u043B%u0430%u0432%u043D%u0430%u044F;0.2602094844483056
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Mon, 17 Feb 2020 21:00:00 GMT

GET
H2 200 f0bfa7fdbd58472d8f52efcde6f48cab.html Show response
run-syndicate.com/iframes2/ Frame 6641 9 KB
4 KB 248ms
173ms Document
text/html 176.9.139.172
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
Requested by: Host: cdn.runative-syndicate.com
URL: https://cdn.runative-syndicate.com/sdk/v1/bi.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.139.172 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: fb5bfb00109484670fcb50120b295cd5e6bc238650513f8c26ed60731e7a4d5a

Request headers

:method: GET
:authority: run-syndicate.com
:scheme: https
:path: /iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.votreimc.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.votreimc.com/

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:22 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding *
cache-control: no-cache, no-store, no-transform, must-revalidate no-transform
pragma: no-cache
expires: 0
x-api-version: 2
link: <https://lcdn.runative-syndicate.com/sdk/v1/b.b.js>; rel=preload; as=script, <https://lcdn.runative-syndicate.com/images/9/9/d3dcbf9f569f441e9d7c0cefd53ac17dc03642/300x250.jpg>; rel=preload; as=image
x-request-id: e7c2a2c7db786f89
set-cookie: ts_uid=4248af5f-a2d4-4f50-87cd-103b61ad05a8; expires=Mon, 17 Feb 2031 09:10:22 GMT; domain=.run-syndicate.com; path=/; secure; SameSite=None bfq=e0SIEaFjSxcWIsYUPJiwDMMufRQE; expires=Thu, 18 Feb 2021 09:10:22 GMT; domain=.runative-syndicate.com; path=/; secure; SameSite=None
x-robots-tag: none noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip

GET
H/1.1 200
OK 60253d233c985.gif
multibux.org/uploads/ Frame 0DF6 287 KB
287 KB 64ms
31ms Image
image/gif 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/uploads/60253d233c985.gif
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: ce8a0baa4941c3b6864b6924d1d6f7ad670819fbb9fbbab0b79224b376b60d3c

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:21 GMT
Last-Modified: Thu, 11 Feb 2021 14:20:19 GMT
Server: nginx
ETag: "60253d23-47aa9"
Content-Type: image/gif
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 293545
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK buyb2.png
multibux.org/images/ Frame 0DF6 5 KB
6 KB 133ms
30ms Image
image/png 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://multibux.org/images/buyb2.png
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: e21c873b121f9ce4577e92b944e0c5d9d11484b16bd94304616ee02af3da9870

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Mon, 11 Nov 2019 19:04:34 GMT
Server: nginx
ETag: "5dc9b0c2-14fe"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 5374
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-Q050 200 element_main.js Show response
translate.googleapis.com/element/TE_20201130_00/e/js/element/ Frame 0DF6 243 KB
87 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86207a548361e9fcdc830f7cca9540c7c93ff4132dde2a72fb38d23151bd46a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 21:50:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40781
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88693
x-xss-protection: 0
last-modified: Mon, 30 Nov 2020 10:52:04 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Feb 2022 21:50:41 GMT

GET
H3-Q050 200 anchor Show response
www.google.com/recaptcha/api2/ Frame E353 20 KB
11 KB 29ms
29ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4728a9220a66e14f171e391efdcd404b3c35b85fc913878a1d2d614d98111232

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-slMDFPqfv0dF47lGL6fNQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://multibux.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://multibux.org/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 17 Feb 2021 09:10:22 GMT
content-security-policy: script-src 'report-sample' 'nonce-slMDFPqfv0dF47lGL6fNQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11189
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK 728x90
static.a-ads.com/a-ads-banners/138837/ Frame 3516 36 KB
36 KB 173ms
40ms Image
image/gif 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/138837/728x90?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/1110727?size=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.85-10-201-130.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 0b3597ca37388a851c4ea15dce0634c685b97c2a86f6929ac3caa46496b93882

Request headers

Referer: https://ad.a-ads.com/1110727?size=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:22 GMT
Last-Modified: Tue, 16 Feb 2021 09:34:22 GMT
Server: nginx/1.14.0 (Ubuntu)
x-amz-request-id: F3F0F79F5733BE4B
ETag: "492649696b2fa5716430a38cc80a3a25"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 36604
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: 9QBlepzULv50ACyiJ1SAOVXhl6LPB3nl8WL4wUpWJo/ilNPj0usbwcV8HXUm+LvrMYUlKxNTq2E=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/55666786/ Frame 0DF6
Redirect Chain

https://mc.yandex.ru/watch/55666786?wmode=7&page-url=https%3A%2F%2Fmultibux.org%2F&page-ref=http%3A%2F%2Fwx.cm%2Fptp%2F813305&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Acaxskmb7n72i09b%3A...
https://mc.yandex.ru/watch/55666786/1?wmode=7&page-url=https%3A%2F%2Fmultibux.org%2F&page-ref=http%3A%2F%2Fwx.cm%2Fptp%2F813305&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Acaxskmb7n72i09b%...

186 B
268 B

51ms
51ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/55666786/1?wmode=7&page-url=https%3A%2F%2Fmultibux.org%2F&page-ref=http%3A%2F%2Fwx.cm%2Fptp%2F813305&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Acaxskmb7n72i09b%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A421%3Acn%3A1%3Adp%3A0%3Als%3A193997047691%3Ahid%3A317680868%3Az%3A60%3Ai%3A2021021701001022%3Aet%3A1613553023%3Ac%3A1%3Arn%3A668354917%3Au%3A1613553023152863481%3Aw%3A1080x972%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Ahdl%3A1%3Ans%3A1613553019767%3Awv%3A2%3Ads%3A0%2C0%2C49%2C2%2C1410%2C1410%2C1%2C1334%2C0%2C%2C%2C%2C2831%3Adsn%3A0%2C0%2C49%2C2%2C1410%2C1409%2C1%2C1367%2C0%2C%2C%2C%2C2831%3Arqnl%3A1%3Ati%3A2%3Ast%3A1613553023%3At%3AMULTIBUX%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

a78bfc3f9a1aef9c15ecf2c22011ced79ea819b2f1c1aaac60f0ea9165b524e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 17-Feb-2021 09:10:22 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://multibux.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 186
x-xss-protection: 1; mode=block
expires: Wed, 17-Feb-2021 09:10:22 GMT

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:22 GMT
last-modified: Wed, 17-Feb-2021 09:10:22 GMT
location: /watch/55666786/1?wmode=7&page-url=https%3A%2F%2Fmultibux.org%2F&page-ref=http%3A%2F%2Fwx.cm%2Fptp%2F813305&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Acaxskmb7n72i09b%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A421%3Acn%3A1%3Adp%3A0%3Als%3A193997047691%3Ahid%3A317680868%3Az%3A60%3Ai%3A2021021701001022%3Aet%3A1613553023%3Ac%3A1%3Arn%3A668354917%3Au%3A1613553023152863481%3Aw%3A1080x972%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Ahdl%3A1%3Ans%3A1613553019767%3Awv%3A2%3Ads%3A0%2C0%2C49%2C2%2C1410%2C1410%2C1%2C1334%2C0%2C%2C%2C%2C2831%3Adsn%3A0%2C0%2C49%2C2%2C1410%2C1409%2C1%2C1367%2C0%2C%2C%2C%2C2831%3Arqnl%3A1%3Ati%3A2%3Ast%3A1613553023%3At%3AMULTIBUX%20-%20%D0%93%D0%BB%D0%B0%D0%B2%D0%BD%D0%B0%D1%8F
strict-transport-security: max-age=31536000
access-control-allow-origin: https://multibux.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Wed, 17-Feb-2021 09:10:22 GMT

GET
DATA 200
OK truncated
/ Frame 3516 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ Frame 0DF6 43 B
165 B 48ms
48ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
last-modified: Mon, 15 Feb 2021 13:31:56 GMT
etag: "602bfd68-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Wed, 17 Feb 2021 10:10:22 GMT

GET
H3-Q050 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ Frame 0DF6 825 B
934 B 6ms
6ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:26:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 146639
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:26:23 GMT

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame E353 50 KB
25 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 17:53:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 55002
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Wed, 16 Feb 2022 17:53:40 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame E353 332 KB
129 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132389
x-xss-protection: 0
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Feb 2022 09:06:05 GMT

GET
H3-Q050 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ Frame 0DF6 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.googleapis.com/translate_static/css/translateelement.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 13:35:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 156896
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1847
x-xss-protection: 0
expires: Tue, 15 Feb 2022 13:35:26 GMT

GET
H3-Q050 200 l Show response
translate.googleapis.com/translate_a/ Frame 93D7 3 KB
1 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vSsrincu96rOkHAkQESuxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'report-sample' 'nonce-vSsrincu96rOkHAkQESuxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self'
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
date: Wed, 17 Feb 2021 09:10:22 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame E353 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E353 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame E353 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 15:40:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 581404
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Wed, 17 Feb 2021 15:40:18 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E353 10 KB
11 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 146711
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:11 GMT

GET
H3-Q050 200 026ms1DBHoZ6ke4i5_BY2jFY0HJmnHooFCBm7r39q_A.js Show response
www.google.com/js/bg/ Frame E353 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/026ms1DBHoZ6ke4i5_BY2jFY0HJmnHooFCBm7r39q_A.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d36ea6b350c11e867a91ee22e7f058da3158d072669c7a28142066eebdfdabf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 18:20:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 11:30:00 GMT
server: sffe
age: 139797
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6395
x-xss-protection: 0
expires: Tue, 15 Feb 2022 18:20:25 GMT

GET
H2 200 b.b.js Show response
lcdn.runative-syndicate.com/sdk/v1/ Frame 6641 4 KB
4 KB 149ms
36ms Script
application/javascript 67.27.233.121
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://lcdn.runative-syndicate.com/sdk/v1/b.b.js
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: d7d6b4ac1019f487f26ab37a8eef1c80be8d6c213a98d875d8847e99288802c6

Request headers

Referer: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:23 GMT
last-modified: Mon, 01 Jun 2020 09:16:15 GMT
server: nginx
age: 20376185
etag: "5ed4c75f-100b"
content-type: application/javascript
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 4107

GET
H2 200 300x250.jpg
lcdn.runative-syndicate.com/images/9/9/d3dcbf9f569f441e9d7c0cefd53ac17dc03642/ Frame 6641 8 KB
9 KB 150ms
37ms Image
image/jpeg 67.27.233.121
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lcdn.runative-syndicate.com/images/9/9/d3dcbf9f569f441e9d7c0cefd53ac17dc03642/300x250.jpg
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 3c81697f1c88f098972621a07cc3ca4dc161f980e446295d469d29be319f4af1

Request headers

Referer: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:23 GMT
last-modified: Fri, 12 Feb 2021 15:13:37 GMT
server: nginx
age: 409300
etag: "60269b21-21b4"
content-type: image/jpeg
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 8628

GET
H2 200 1 Show response
ymetrica1.com/watch/3/ Frame 0DF6 43 B
369 B 669ms
62ms XHR
image/gif 149.5.244.96
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://ymetrica1.com/watch/3/1?

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

149.5.244.96 , United States, ASN174 (COGENT-174, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:23 GMT
last-modified: Wed, 17-Feb-2021 09:10:23 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://multibux.org
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Wed, 17-Feb-2021 09:10:23 GMT

GET
H3-Q050 200 webworker.js
www.google.com/recaptcha/api2/ Frame E353 102 B
157 B 15ms
14ms Other
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

050be014144f5a95d8be13335084810c845e1e74e93337420cb3f2960f976966

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&co=aHR0cHM6Ly9tdWx0aWJ1eC5vcmc6NDQz&hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&size=normal&cb=i8cmhnkb4yvw
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 17 Feb 2021 09:10:22 GMT

GET
H2 200 bannerNativeTrackImpression.js Show response
lcdn.runative-syndicate.com/sdk/v1/ Frame 6641 655 B
837 B 45ms
35ms Script
application/javascript 67.27.233.121
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://lcdn.runative-syndicate.com/sdk/v1/bannerNativeTrackImpression.js
Requested by: Host: run-syndicate.com
URL: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: f870e36f1d8c5188723dd872a87705dfad89cabaf1c99ddd8ea7e0350fb48842

Request headers

Referer: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:23 GMT
last-modified: Mon, 31 Aug 2020 07:23:11 GMT
server: nginx
age: 14693984
etag: "5f4ca55f-28f"
content-type: application/javascript
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 655

GET
H2 200 n.css
lcdn.runative-syndicate.com/sdk/v1/ Frame 6641 8 KB
8 KB 44ms
35ms Stylesheet
text/css 67.27.233.121
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://lcdn.runative-syndicate.com/sdk/v1/n.css
Requested by: Host: run-syndicate.com
URL: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 24b59f4e4fbf1d4a988ffa478952ceb54e0b2f0774da926bcd2cc0376200dbfe

Request headers

Referer: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:23 GMT
last-modified: Mon, 18 Jan 2021 15:00:01 GMT
server: nginx
age: 2569164
etag: "6005a271-2055"
content-type: text/css
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 8277

GET
H2 200 native-banner-default.css
lcdn.runative-syndicate.com/sdk/v1/ Frame 6641 251 B
422 B 45ms
36ms Stylesheet
text/css 67.27.233.121
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://lcdn.runative-syndicate.com/sdk/v1/native-banner-default.css
Requested by: Host: run-syndicate.com
URL: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.233.121 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff9150f84253841e2097c26de1611c67aad46c758b1899c75800af0016e5c446

Request headers

Referer: https://run-syndicate.com/iframes2/f0bfa7fdbd58472d8f52efcde6f48cab.html?keywords=blue&subid=98730&adb=1&clientjs=1&w=1600&h=1200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:23 GMT
last-modified: Mon, 31 Aug 2020 07:23:11 GMT
server: nginx
age: 14693983
etag: "5f4ca55f-fb"
content-type: text/css
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 251

GET
H3-Q050 200 translateelement.css
translate.googleapis.com/translate_static/css/ Frame 46C0 18 KB
4 KB 8ms
6ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:57:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 788
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3619
x-xss-protection: 0
last-modified: Wed, 12 Feb 2020 21:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 17 Feb 2021 09:57:15 GMT

GET
H3-Q050 204 gen204
translate.google.com/ Frame 0DF6 0
426 B 44ms
29ms Image
image/gif 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://translate.google.com/gen204?sl=ru&nca=te_ap&client=te&logld=vTE_20201130_00

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:23 GMT
x-content-type-options: nosniff
server: HTTP server (unknown)
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 googlelogo_color_68x28dp.png
www.gstatic.com/images/branding/googlelogo/1x/ Frame 46C0 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_68x28dp.png

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f56402b127698db4b4dc611a97a6f081d04c4691c60522c5912d189e37c94a9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 147064
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1597
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:19 GMT

GET
H3-Q050 200 cleardot.gif
www.google.com/images/ Frame 46C0 43 B
149 B 16ms
15ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/cleardot.gif

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 loading.gif
translate.googleapis.com/translate_static/img/ Frame 46C0 702 B
811 B 7ms
6ms Image
image/gif 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://translate.googleapis.com/translate_static/img/loading.gif

Requested by

Host: multibux.org
URL: https://multibux.org/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb6b7bcc1ab09f27db17bcbdf5239ce1d52af34f1fc5125b3fc8528a07848d21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 17:21:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 143335
content-type: image/gif
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 702
x-xss-protection: 0
expires: Tue, 15 Feb 2022 17:21:28 GMT

GET
H3-Q050 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 6C5E 7 KB
1 KB 19ms
18ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&cb=xiivw89lnqqy

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2dfbeee78ebfe4fb07d2d12c25734692aa7453b99a06020cce0a8bec68880587

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-k9/fs8r+uiisDzpnp3ItYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&cb=xiivw89lnqqy
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://multibux.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://multibux.org/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 17 Feb 2021 09:10:23 GMT
content-security-policy: script-src 'report-sample' 'nonce-k9/fs8r+uiisDzpnp3ItYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1121
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cleardot.gif
www.google.com/images/ Frame 46C0 43 B
66 B 14ms
14ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/cleardot.gif

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 translateelement.css
translate.googleapis.com/translate_static/css/ Frame 7564 18 KB
4 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:57:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 788
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3619
x-xss-protection: 0
last-modified: Wed, 12 Feb 2020 21:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 17 Feb 2021 09:57:15 GMT

GET
H3-Q050 200 translateelement.css
translate.googleapis.com/translate_static/css/ Frame A56E 18 KB
4 KB 6ms
5ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:57:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 788
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3619
x-xss-protection: 0
last-modified: Wed, 12 Feb 2020 21:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Wed, 17 Feb 2021 09:57:15 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame A492 0
150 B 40ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=smartocom.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=smartocom.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.votreimc.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.votreimc.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1639
date: Wed, 17 Feb 2021 09:10:22 GMT
content-length: 0

GET
H3-Q050 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame 6C5E 50 KB
25 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&cb=xiivw89lnqqy

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&cb=xiivw89lnqqy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 17:53:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
age: 55003
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25479
x-xss-protection: 0
expires: Wed, 16 Feb 2022 17:53:40 GMT

GET
H3-Q050 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/ Frame 6C5E 332 KB
129 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2Mfykwl2mlvyQZQ3PEgoH710/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&cb=xiivw89lnqqy

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c1c07ebcbd346b8d5b9a33219fce562ae37d9885563f6dabae6cd104bfd54827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/recaptcha/api2/bframe?hl=en&v=2Mfykwl2mlvyQZQ3PEgoH710&k=6LdT9P4UAAAAABLDO024LJbTaQmf6Hdr24R19bAg&cb=xiivw89lnqqy
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132389
x-xss-protection: 0
last-modified: Mon, 01 Feb 2021 05:06:45 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 17 Feb 2022 09:06:05 GMT

GET
H2 200 display.php Show response
www.performanceonclick.com/a/ Frame 118A 6 KB
2 KB 249ms
249ms Script
application/javascript 35.227.196.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.performanceonclick.com/a/display.php?r=3511723&sub1=92400
Requested by: Host: cpm.ezmob.com
URL: https://cpm.ezmob.com/tag?zone_id=92400&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D5159139
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.196.138 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: openresty /
Resource Hash: 45e98633495a43be2711fc5708ec83f3f232b1cf9f8abfd0269446d2a0c48668

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 09:10:23 GMT
content-encoding: gzip
server: openresty
alt-svc: clear
via: 1.1 google
content-type: application/javascript; charset=utf-8

GET
H2 204 display.php
www.performanceonclick.com/ad/ Frame E7B0 0
0 407ms
406ms Document
text/plain 35.227.196.138
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.performanceonclick.com/ad/display.php?stamat=m%7C%2CgtjajtidrB1dAN0dEdHP3xP.709%2CTuo6O6WqAf9d0BILpW7O1wkQNw9GhLdSdtHecpfq4fm-k-Kv3m5f_XmY2P3UgaEDkfjpOJs3e6l7NiXiHz47sO0V8eiDftR1X0TMVDDnZtk%2C&cbrandom=0.34010145289085125&cbtitle=&cbiframe=1&cbWidth=160&cbHeight=600&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fwww.markocpm.com%2F
Requested by: Host: www.performanceonclick.com
URL: https://www.performanceonclick.com/a/display.php?r=3511723&sub1=92400
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.196.138 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

:method: GET
:authority: www.performanceonclick.com
:scheme: https
:path: /ad/display.php?stamat=m%7C%2CgtjajtidrB1dAN0dEdHP3xP.709%2CTuo6O6WqAf9d0BILpW7O1wkQNw9GhLdSdtHecpfq4fm-k-Kv3m5f_XmY2P3UgaEDkfjpOJs3e6l7NiXiHz47sO0V8eiDftR1X0TMVDDnZtk%2C&cbrandom=0.34010145289085125&cbtitle=&cbiframe=1&cbWidth=160&cbHeight=600&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fwww.markocpm.com%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600

Response headers

server: openresty
date: Wed, 17 Feb 2021 09:10:24 GMT
access-control-allow-origin: *
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame 118A 227 B
548 B 3278ms
28ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=107011&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D68612241
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 77002ccb8d9892a1281799c1de65d0f380feaf1b7ee9739e8d748cebbb8a4db8

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:27 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 227

GET
H/1.1 200
OK 300x250-low-google.gif
beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/ Frame EB03 148 KB
148 KB 649ms
86ms Image
image/gif 5.101.110.225
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/300x250-low-google.gif

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

5.101.110.225 , United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

df46f8ed158243072f47dac6013063067f2da1133d9c3fac3e66b157c8866e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:24 GMT
Last-Modified: Tue, 21 Jul 2020 07:20:07 GMT
x-amz-request-id: tx00000000000006343af06-00602cdd80-90880e1-ams3b
ETag: "67ee2a072908098e72a709b65b5ddef6"
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Type: image/gif
x-rgw-object-type: Normal
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 151177

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame EB03 227 B
548 B 3210ms
46ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=111227&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D15254500
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 6290be4469214fdb80f64684e62e554ebeb8c4c16a526405d7741ff1b4c4bf3e

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:27 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 227

GET
H2 200 page2.php Show response
www.eurosptp.com/ Frame 28C9 658 B
754 B 39ms
39ms Document
text/html 213.186.33.19
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://www.eurosptp.com/page2.php?valid=1
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.186.33.19 , France, ASN16276 (OVH, FR),
Reverse DNS: cluster010.hosting.ovh.net
Software: Apache / PHP/5.4
Resource Hash: c69e365a584ba9ad84065c03d4cdde9aa746345020155720563f520b73176c23

Request headers

:method: GET
:authority: www.eurosptp.com
:scheme: https
:path: /page2.php?valid=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.eurosptp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.eurosptp.com/

Response headers

date: Wed, 17 Feb 2021 09:10:24 GMT
content-type: text/html; charset=iso-8859-1
server: Apache
x-powered-by: PHP/5.4
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
referrer-policy: origin
set-cookie: PROMOTION=d102fd3cb8623343041dcb7f520fb15f; expires=Wed, 17-Feb-2021 09:18:44 GMT; path=/; samesite=None;Secure; domain=.eurosptp.com
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
x-robots-tag: noindex

GET
H/1.1 200
OK ptp.php Show response
wx.cm/ Frame 11BF 0
294 B 693ms
675ms Document
text/html 185.61.152.55
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: http://wx.cm/ptp.php?id=4688&m=813305&s=752f05e8f9caa0919cb7&h=e8f22ff6c774d1a532493226df6c9b3e&r=1
Requested by: Host: wx.cm
URL: http://wx.cm/ptp/813305
Protocol: HTTP/1.1
Server: 185.61.152.55 , United Kingdom, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host37.registrar-servers.com
Software: Apache / PHP/7.2.34
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: wx.cm
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://wx.cm/ptp.php?id=4688&m=813305&s=752f05e8f9caa0919cb7&h=e8f22ff6c774d1a532493226df6c9b3e
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://wx.cm/ptp.php?id=4688&m=813305&s=752f05e8f9caa0919cb7&h=e8f22ff6c774d1a532493226df6c9b3e

Response headers

Date: Wed, 17 Feb 2021 09:10:24 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 206
Partial Content sound1.mp3
push.multibux.org/sound/ Frame 0DF6 36 KB
37 KB 36ms
36ms Media
audio/mpeg 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://push.multibux.org/sound/sound1.mp3
Requested by: Host: multibux.org
URL: https://multibux.org/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: f66495c22da907eed8ff377a8c32b5b184272ddf5c24c558029c25166686c8a6

Request headers

Referer: https://multibux.org/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

Date: Wed, 17 Feb 2021 09:10:24 GMT
Last-Modified: Thu, 25 Jun 2020 05:44:45 GMT
Server: nginx
ETag: "5ef439cd-9107"
Content-Type: audio/mpeg
Content-Range: bytes 0-37126/37127
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Content-Length: 37127
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 300x250-low-google.gif
beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/ Frame 0C2A 148 KB
148 KB 78ms
77ms Image
image/gif 5.101.110.225
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/300x250-low-google.gif

Requested by

Host: cpm.ezmob.com
URL: https://cpm.ezmob.com/tag?zone_id=107011&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D59542365

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

5.101.110.225 , United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

df46f8ed158243072f47dac6013063067f2da1133d9c3fac3e66b157c8866e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:26 GMT
Last-Modified: Tue, 21 Jul 2020 07:20:07 GMT
x-amz-request-id: tx0000000000000d798654c-00602cdd82-695c3ae-ams3b
ETag: "67ee2a072908098e72a709b65b5ddef6"
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Type: image/gif
x-rgw-object-type: Normal
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 151177

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame 0C2A 227 B
548 B 2225ms
28ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=111227&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D32396023
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 6290be4469214fdb80f64684e62e554ebeb8c4c16a526405d7741ff1b4c4bf3e

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:28 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 227

GET
H2

200

/ Show response
www.sadnessoflucifer.net/ Frame D74E
Redirect Chain

https://sadnessoflucifer.net/
https://www.sadnessoflucifer.net/

131 KB
22 KB

173ms
144ms

Document
text/html

2a00:1450:4001:82b::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sadnessoflucifer.net/

Requested by

Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e9ae642618155c6c59b8831c8e37128c8b085428348d05c138f31539c0ee2824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.sadnessoflucifer.net
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457

Response headers

content-type: text/html; charset=UTF-8
expires: Wed, 17 Feb 2021 09:10:26 GMT
date: Wed, 17 Feb 2021 09:10:26 GMT
cache-control: private, max-age=0
last-modified: Tue, 12 Jan 2021 00:26:16 GMT
etag: W/"15c04bc7af18d02a7b26ea6d5c7084eec276d28ddaf51ffcdb6a4f4ef56aa928"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22279
server: GSE

Redirect headers

location: https://www.sadnessoflucifer.net/
date: Wed, 17 Feb 2021 09:10:26 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 230
x-xss-protection: 0
x-frame-options: SAMEORIGIN

GET
H2 200 / Show response
ad.gab.ag/ Frame 48D7 1 KB
764 B 179ms
125ms Document
text/html 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.gab.ag/
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c7c595930c443d9e776e2952b9a189d0d7b08c88c3ce04cb133e9646c0fc0c1

Request headers

:method: GET
:authority: ad.gab.ag
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457

Response headers

date: Wed, 17 Feb 2021 09:10:26 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=df0a04aada0fd7a12addd58109e5ae9681613553026; expires=Fri, 19-Mar-21 09:10:26 GMT; path=/; domain=.gab.ag; HttpOnly; SameSite=Lax
last-modified: Sun, 14 Feb 2021 10:57:00 GMT
cf-cache-status: DYNAMIC
cf-request-id: 0850da5e0a0000fa785c3d3000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ap%2BruulROe69GK5k2jgnLHeRbMqx0AkK1nt8MMkMZ%2FztE9t8nP8w%2BDMBt0sByknC7bBbe0%2Fs%2FbfDzNTLitU8DA3B4naOnFzZeZIsf3FlpLo%2B0HbMAwc%3D"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e60100ddffa78-AMS
content-encoding: br

GET
H2 200 / Show response
ad.gab.ag/ Frame EE11 1 KB
451 B 2253ms
2201ms Document
text/html 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.gab.ag/
Requested by: Host: ad2bitcoin.com
URL: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c7c595930c443d9e776e2952b9a189d0d7b08c88c3ce04cb133e9646c0fc0c1

Request headers

:method: GET
:authority: ad.gab.ag
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad2bitcoin.com/adqlt.php?ref=smartas&keycode=8457

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=df0a04aada0fd7a12addd58109e5ae9681613553026; expires=Fri, 19-Mar-21 09:10:26 GMT; path=/; domain=.gab.ag; HttpOnly; SameSite=Lax
last-modified: Sun, 14 Feb 2021 10:57:00 GMT
cf-cache-status: DYNAMIC
cf-request-id: 0850da5e070000fa784f34b000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iWsqZ7arqvz9VOY4KqOESJHFXNvfD8vxxdd%2Fpgp5JUY3KHRV3sIvPIFRtw%2Fz9epBeYu2H8LPhgEJ2IELckm7QNaBYmZuhTAwid0GM3iAogfgaTtGRkY%3D"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e60100de2fa78-AMS
content-encoding: br

GET
H2 200 index.php Show response
www.gab.ag/ Frame 48D7 14 KB
3 KB 3949ms
3947ms Document
text/html 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/index.php?view=register
Requested by: Host: ad.gab.ag
URL: https://ad.gab.ag/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2190efa4e01911a9c81598299d57ab04d2c83c42c55774956a57d37bf49ac3d7

Request headers

:method: GET
:authority: www.gab.ag
:scheme: https
:path: /index.php?view=register
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.gab.ag/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad.gab.ag/

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=df74d1eecb2a09bba9e134820ecb3b34d1613553026; expires=Fri, 19-Mar-21 09:10:26 GMT; path=/; domain=.gab.ag; HttpOnly; SameSite=Lax evo_session=p0073jgobk931s9vvd29koapehog12re; expires=Wed, 17-Feb-2021 11:10:30 GMT; Max-Age=7200; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 0850da5eff0000fa78dbb26000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3aRLDEMEXuQIe3mevT436LGiicEyyy7CLTh%2FklONtcRpJydirlVZUYwX4URS6OU38TpaFLX8MN%2F%2BZnKH7BedOW8IAc1c%2BQmsCK1U1FMNIxHwIPBcvlUx"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e601199ecfa78-AMS
content-encoding: br

GET
H3-Q050 200 clipboard.min.js Show response
www.gstatic.com/external_hosted/clipboardjs/ Frame D74E 12 KB
4 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a00d3cabd4a8dbdbd2e992e238d11ec889fb3cc7751d9bc271f063a17ec8bf7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 0
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4096
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:26 GMT

GET
H2 200 1772004140-vegeclub_compiled.js Show response
resources.blogblog.com/blogblog/data/res/ Frame D74E 135 KB
47 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:802::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.blogblog.com/blogblog/data/res/1772004140-vegeclub_compiled.js

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e153d916096463c7a56b0753c9d1ca4a05fa381c58d492e3e58f103823c7e02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 02:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Feb 2021 01:22:56 GMT
server: sffe
age: 457278
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47284
x-xss-protection: 0
expires: Fri, 19 Feb 2021 02:09:08 GMT

GET
H2 200 cookienotice.js Show response
www.sadnessoflucifer.net/js/ Frame D74E 6 KB
2 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:82b::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sadnessoflucifer.net/js/cookienotice.js

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Feb 2021 07:43:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2026
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:26 GMT

GET
H2 200 2473628150-widgets.js Show response
www.blogger.com/static/v1/widgets/ Frame D74E 143 KB
52 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/widgets/2473628150-widgets.js

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

717fdf32513c4e6bd6a3e31827ecaed7728f961b61c5ea62db5de1054c463dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 01:48:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:08:59 GMT
server: sffe
age: 199330
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53282
x-xss-protection: 0
expires: Tue, 15 Feb 2022 01:48:16 GMT

GET
H2 200 sprite_v1_6.css.svg
www.sadnessoflucifer.net/responsive/ Frame D74E 7 KB
2 KB 19ms
19ms Other
image/svg+xml 2a00:1450:4001:82b::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sadnessoflucifer.net/responsive/sprite_v1_6.css.svg

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 21:21:03 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2244
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:26 GMT

GET
H2 200 / Show response
www.www.baomoi.com.tntn.cf/ Frame 0E7C 148 KB
23 KB 142ms
118ms Document
text/html 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.www.baomoi.com.tntn.cf/

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

45126a390e59d51fee1d20ba6863371176896f3e7dd0d40af7f8350812c8c072

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.www.baomoi.com.tntn.cf
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sadnessoflucifer.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.sadnessoflucifer.net/

Response headers

content-type: text/html; charset=UTF-8
expires: Wed, 17 Feb 2021 09:10:27 GMT
date: Wed, 17 Feb 2021 09:10:27 GMT
cache-control: private, max-age=0
last-modified: Wed, 30 Dec 2020 11:46:28 GMT
etag: W/"c8bce86ef2d93104b9ccac863bdc8000736acc6195bd0c11ff484b62f668500b"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22957
server: GSE

GET
H2 200 noblesse-episode-11-english-subbed.html Show response
www.kissanime1.ml/2020/12/ Frame AA13 96 KB
18 KB 180ms
156ms Document
text/html 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dc90017b081c4beeca72afea31ce499cd0d2f9fdcecb82152396473340be239e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.kissanime1.ml
:scheme: https
:path: /2020/12/noblesse-episode-11-english-subbed.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sadnessoflucifer.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.sadnessoflucifer.net/

Response headers

content-type: text/html; charset=UTF-8
expires: Wed, 17 Feb 2021 09:10:27 GMT
date: Wed, 17 Feb 2021 09:10:27 GMT
cache-control: private, max-age=0
last-modified: Sun, 31 Jan 2021 08:06:04 GMT
etag: W/"bbaf9d22b6edb7c1fdc3806a83de08de67d69d35970a217a8c78a37428d09f52"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 18172
server: GSE

GET
H2 200 / Show response
www.vietnamnet.vn.nmnm.cf/ Frame 18E3 182 KB
26 KB 281ms
178ms Document
text/html 216.239.34.21
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vietnamnet.vn.nmnm.cf/

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.34.21 San Mateo, United States, ASN15169 (GOOGLE, US),

Reverse DNS

any-in-2215.1e100.net

Software

GSE /

Resource Hash

fcd49ce2be5804c8d6601e5b17677b551f7d0e8d54a2cd1db8e0eed1f06b60c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.vietnamnet.vn.nmnm.cf
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sadnessoflucifer.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.sadnessoflucifer.net/

Response headers

content-type: text/html; charset=UTF-8
expires: Wed, 17 Feb 2021 09:10:27 GMT
date: Wed, 17 Feb 2021 09:10:27 GMT
cache-control: private, max-age=0
last-modified: Wed, 30 Dec 2020 11:44:05 GMT
etag: W/"eca2e015703d41fa0c786cdc4ec9153c26dbf8c7035e2bd4b795379d467ebab3"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 25921
server: GSE

GET
H3-Q050 200 u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame D74E 19 KB
19 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e19e5fec549d0d871301c8196f4a954abe8d6913464a1ac511f81ef71529f89b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 13:34:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:09:53 GMT
server: sffe
age: 156958
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19300
x-xss-protection: 0
expires: Tue, 15 Feb 2022 13:34:28 GMT

GET
H2 200 hXE4onHw_M1QP-OY0-jj42-Ug2ch0zNiwSPIokSnzY2GXCb_er3Xm_N6B92itt8ykk-5H6JE6kNZYOaOpNa_66s0N_U=w800-h272-n-k-no-nu
lh6.googleusercontent.com/proxy/ Frame D74E 40 KB
40 KB 14ms
12ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/hXE4onHw_M1QP-OY0-jj42-Ug2ch0zNiwSPIokSnzY2GXCb_er3Xm_N6B92itt8ykk-5H6JE6kNZYOaOpNa_66s0N_U=w800-h272-n-k-no-nu

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9b46c11808e69a34f4cee1d0600625634ffd792142c3f7ba0ecf96a169249f30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:09:46 GMT
x-content-type-options: nosniff
server: fife
age: 40
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41225
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:09:46 GMT

GET
H2 200 xMR6n8pbCkR_u8l-y3CDZ7GQQurmdIxcQrW3VaZlSYSt9DEw_SgJNRw-MYafx95ToKL9GVm2d7LyusReLYqYqeyxiU8=w385-h184-n-k-no-nu
lh4.googleusercontent.com/proxy/ Frame D74E 20 KB
20 KB 30ms
6ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/xMR6n8pbCkR_u8l-y3CDZ7GQQurmdIxcQrW3VaZlSYSt9DEw_SgJNRw-MYafx95ToKL9GVm2d7LyusReLYqYqeyxiU8=w385-h184-n-k-no-nu

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4a999a2dfd1239f835fb8e8a484febccb348bd00bae04e110990ae28cb102c77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:04 GMT
x-content-type-options: nosniff
server: fife
age: 262
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20259
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:06:04 GMT

GET
H2 200 AnJdlmE87eJ7GE8L7nalaqbPYBE-gSpGc4_fC30-XxV1IJE2MIz1qZMTxZI7UwLJe6mac4Y0UtDpNxonFqNFBD1loZE=w385-h184-n-k-no-nu
lh4.googleusercontent.com/proxy/ Frame D74E 31 KB
31 KB 35ms
12ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/AnJdlmE87eJ7GE8L7nalaqbPYBE-gSpGc4_fC30-XxV1IJE2MIz1qZMTxZI7UwLJe6mac4Y0UtDpNxonFqNFBD1loZE=w385-h184-n-k-no-nu

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

752ee029f577e2742df5ec88cc6476b4e9b1de3b2ab80ceb78a86df17ff7c809

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:04 GMT
x-content-type-options: nosniff
server: fife
age: 262
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31489
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:06:04 GMT

GET
H2 200 W4s0P8SyzMiVNV0y0jHlbwoSuL420RvQQKQ2BEHd-D5cFJYH9rfMDC25if6Tuy8LnZX40MG1_1zBsiGk4pdQzS8azLE=w385-h184-n-k-no-nu
lh3.googleusercontent.com/proxy/ Frame D74E 23 KB
23 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/proxy/W4s0P8SyzMiVNV0y0jHlbwoSuL420RvQQKQ2BEHd-D5cFJYH9rfMDC25if6Tuy8LnZX40MG1_1zBsiGk4pdQzS8azLE=w385-h184-n-k-no-nu

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

49fd63d4e8f0d7a2a95fbcf9319fc4fe6f69f7058d08de059c4177dab36b81fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:03:22 GMT
x-content-type-options: nosniff
server: fife
age: 424
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23800
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:03:22 GMT

GET
H2 200 FyUk2OHyqGdtQSzwYOgaM0PCHg2jIHLzusx4g6lpySfVqmWg4Q4JAQcBMXv5X2RqRcgvgMYA9MVPn-mCdDhSQPB3iYg=w385-h184-n-k-no-nu
lh6.googleusercontent.com/proxy/ Frame D74E 34 KB
34 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/FyUk2OHyqGdtQSzwYOgaM0PCHg2jIHLzusx4g6lpySfVqmWg4Q4JAQcBMXv5X2RqRcgvgMYA9MVPn-mCdDhSQPB3iYg=w385-h184-n-k-no-nu

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

45d2c70daefdef94d6e34c521ee8b6e87ee363b9b4b925c730999b38ba800083

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:19 GMT
x-content-type-options: nosniff
server: fife
age: 247
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34492
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:06:19 GMT

GET
H2 200 riFo5Dsb5b6gAzgYO8nAuDIGwkGAa-Fx3jmsTE5BMpZZTIl7SdCo7lKVjKUj7qOHF7MIJcJ-E6yBJYTQzPC_79bP_5s=w385-h184-n-k-no-nu
lh4.googleusercontent.com/proxy/ Frame D74E 28 KB
29 KB 39ms
16ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/riFo5Dsb5b6gAzgYO8nAuDIGwkGAa-Fx3jmsTE5BMpZZTIl7SdCo7lKVjKUj7qOHF7MIJcJ-E6yBJYTQzPC_79bP_5s=w385-h184-n-k-no-nu

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1ba3a837b772958f73c67fe73c03e0ab27eeeaed79e2d10262bda8ce64e5f6ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:04 GMT
x-content-type-options: nosniff
server: fife
age: 262
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29135
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:06:04 GMT

GET
H2 200 IIQi0C_-kfUu1OiaBwqjvGQLETQWkPfhSGro2u1SPMG1JHV40yWh1TpnIU58oHPv5SJxGiDtqYlVGU5cMyHEilD0ixI=w385-h184-n-k-no-nu
lh6.googleusercontent.com/proxy/ Frame D74E 25 KB
25 KB 16ms
14ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/IIQi0C_-kfUu1OiaBwqjvGQLETQWkPfhSGro2u1SPMG1JHV40yWh1TpnIU58oHPv5SJxGiDtqYlVGU5cMyHEilD0ixI=w385-h184-n-k-no-nu

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e86c02cbaa637d80b1f6fffc45174396be1dbb9a43912d38e205e0e220788ea5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:05:44 GMT
x-content-type-options: nosniff
server: fife
age: 282
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25122
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:05:44 GMT

GET
H3-Q050 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame D74E 23 KB
23 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 06:00:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 97802
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Wed, 16 Feb 2022 06:00:24 GMT

GET
H3-Q050 200 u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame D74E 19 KB
19 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afba6e308182b28f02233e3c816e99fe5cc51511f90cab2cc6219d652f14f3a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:19 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:07:15 GMT
server: sffe
age: 147067
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19152
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:19 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame D74E 22 KB
23 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 09:20:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
age: 517824
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
expires: Fri, 11 Feb 2022 09:20:02 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame D74E 22 KB
22 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:30 GMT
server: sffe
age: 98140
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
expires: Wed, 16 Feb 2022 05:54:46 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwaPGR_p.woff2
fonts.gstatic.com/s/lato/v17/ Frame D74E 5 KB
5 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwaPGR_p.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28927518b5750f500f8d606b8629cd40092c7f19d8d2e32c865c4902cd489543

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:17 GMT
server: sffe
age: 147065
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5360
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:21 GMT

GET
H3-Q050 200 u-4m0qyriQwlOrhSvowK_l5-eRZAf-LHrw.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame D74E 18 KB
18 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZAf-LHrw.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b760106c753e8e5b4c2a7696fd97f6069ce3f832fcea83c55120d0c25d784dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:47 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:07:20 GMT
server: sffe
age: 147039
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18836
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:47 GMT

GET
H3-Q050 200 S6uyw4BMUTPHjxAwXjeu.woff2
fonts.gstatic.com/s/lato/v17/ Frame D74E 5 KB
5 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjxAwXjeu.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b7ad361cce9dbab34c8fd714b379707d7aa40199bf90b90f9f19c7c1db5171b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 147055
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5480
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:32 GMT

GET
H/1.1 200
OK atrk.js Show response
certify-js.alexametrics.com/ Frame D74E 4 KB
2 KB 137ms
45ms Script
text/javascript 65.9.94.110
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://certify-js.alexametrics.com/atrk.js
Requested by: Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.94.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 09 Oct 2020 00:43:22 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Sat, 16 Mar 2019 16:01:33 GMT
Server: AmazonS3
Age: 11348826
ETag: W/"96c08723796affab377d9bb08d631cd0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront)
Cache-Control: max-age=26920000
Transfer-Encoding: chunked
X-Amz-Cf-Pop: PRG50-C1
X-Amz-Cf-Id: rAWtYsyi-rgmUb1udOA_sXKEQuDS6uLg3Srszw9hiioD718TXvGskw==

GET
H3-Q050 200 u-4m0qyriQwlOrhSvowK_l5-eRZBf-LHrw.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame D74E 8 KB
8 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZBf-LHrw.woff2

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0ca8a70c1514e8a747ec671826c2593f06cb926ec69546f6031c85a96a7bd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sadnessoflucifer.net
Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 14 Feb 2021 15:32:35 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:08:54 GMT
server: sffe
age: 236272
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8104
x-xss-protection: 0
expires: Mon, 14 Feb 2022 15:32:35 GMT

GET
H3-Q050 200 blogger_logo_round_35.png
www.blogger.com/img/ Frame D74E 2 KB
3 KB 34ms
20ms Image
image/png 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blogger.com/img/blogger_logo_round_35.png

Requested by

Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 22:15:40 GMT
server: sffe
age: 98155
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2531
x-xss-protection: 0
expires: Tue, 23 Feb 2021 05:54:32 GMT

GET
H3-Q050 200 imagesloaded-3.1.8.min.js Show response
www.gstatic.com/external_hosted/imagesloaded/ Frame AA13 7 KB
2 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/external_hosted/imagesloaded/imagesloaded-3.1.8.min.js

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c0ddd5f84226a630de4cfacb523cc1a0821f50434466a8898d0ef6aecad3dd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2314
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 masonry.pkgd.min.js Show response
www.gstatic.com/external_hosted/vanillamasonry-v3_1_5/ Frame AA13 25 KB
7 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/external_hosted/vanillamasonry-v3_1_5/masonry.pkgd.min.js

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6942bbecde948a8e032fc1204e9fc6a8d6508a2c095785d3f68e2726dc2f1d13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7630
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 clipboard.min.js Show response
www.gstatic.com/external_hosted/clipboardjs/ Frame AA13 12 KB
4 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a00d3cabd4a8dbdbd2e992e238d11ec889fb3cc7751d9bc271f063a17ec8bf7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 0
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4096
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 authorization.css
www.blogger.com/dyn-css/ Frame AA13 1 B
665 B 113ms
113ms Stylesheet
text/css 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1359023690256536622&zx=edf11378-7418-495d-b43d-b2112aadbeaa

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' .google.com .google-analytics.com 'unsafe-inline' 'unsafe-eval' .gstatic.com .googlesyndication.com .blogger.com .googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Feb 2021 09:10:27 GMT
server: GSE
date: Wed, 17 Feb 2021 09:10:27 GMT
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/css; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sprite_v1_6.css.svg
www.kissanime1.ml/responsive/ Frame AA13 7 KB
2 KB 17ms
16ms Other
image/svg+xml 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kissanime1.ml/responsive/sprite_v1_6.css.svg

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 19:11:45 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2244
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H/1.1 200
OK atrk.gif
certify.alexametrics.com/ Frame D74E 43 B
552 B 51ms
50ms Image
image/gif 65.9.20.19
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1200&iframe=1&title=bicachu&time=1613553027158&time_zone_offset=-60&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fad2bitcoin.com%2Fadqlt.php%3Fref%3Dsmartas%26keycode%3D8457&host_url=https%3A%2F%2Fwww.sadnessoflucifer.net%2F&random_number=12710244079&sess_cookie=c23a580f177af41484caae0357f&sess_cookie_flag=1&user_cookie=c23a580f177af41484caae0357f&user_cookie_flag=1&dynamic=true&domain=www.sadnessoflucifer.net&account=FDJKv1hNdI20fn&jsv=20130128&user_lang=en-US
Requested by: Host: www.sadnessoflucifer.net
URL: https://www.sadnessoflucifer.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.19 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://www.sadnessoflucifer.net/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 04:37:09 GMT
Via: 1.1 f857c6fa23ed7b2d0b237aefe9c50960.cloudfront.net (CloudFront)
Last-Modified: Mon, 17 Jan 2011 20:41:40 GMT
Server: AmazonS3
Age: 16399
ETag: "221d8352905f2c38b3cb2bd191d630b0"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Pop: ZAG50-C1
x-amz-meta-alexa-last-modified: 20110117123941
Content-Length: 43
X-Amz-Cf-Id: okSxNobyX1iMQcp7EAiOOFtpi_h8-Dnv2cMJ20Jz2gxRm2N9gEL47w==

GET
H3-Q050 200 SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkBI9_.woff2
fonts.gstatic.com/s/ebgaramond/v15/ Frame AA13 28 KB
29 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ebgaramond/v15/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkBI9_.woff2

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

baa1981f4cf7845628912e10883e4cbf10b2d5970e4fd1de11f766046a4f2b39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.kissanime1.ml
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 01:30:40 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 21:08:53 GMT
server: sffe
age: 373187
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29100
x-xss-protection: 0
expires: Sun, 13 Feb 2022 01:30:40 GMT

GET
H3-Q050 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame AA13 19 KB
19 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.kissanime1.ml
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:52 GMT
server: sffe
age: 98158
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19172
x-xss-protection: 0
expires: Wed, 16 Feb 2022 05:54:29 GMT

GET
H3-Q050 200 JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame AA13 17 KB
17 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c75be06dd83179b39507632603aaf3eab56409a1fb41c5a40bb68157d46029d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.kissanime1.ml
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 09:20:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:22 GMT
server: sffe
age: 517801
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17060
x-xss-protection: 0
expires: Fri, 11 Feb 2022 09:20:26 GMT

GET
H3-Q050 200 JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame AA13 12 KB
12 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

637fc05835856f967578386134fe8a10b4fc4afaae082c8052226d5bd5a23e4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.kissanime1.ml
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 12:26:20 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 161047
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12196
x-xss-protection: 0
expires: Tue, 15 Feb 2022 12:26:20 GMT

GET
H3-Q050 200 SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkAI9_S6w.woff2
fonts.gstatic.com/s/ebgaramond/v15/ Frame AA13 19 KB
19 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ebgaramond/v15/SlGDmQSNjdsmc35JDF1K5E55YMjF_7DPuGi-6_RkAI9_S6w.woff2

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c325fb301769ce7171761acb3f6bab8ce1f87af10d771f89db411d50ebc48cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.kissanime1.ml
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 04:41:59 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 21:06:15 GMT
server: sffe
age: 361708
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19684
x-xss-protection: 0
expires: Sun, 13 Feb 2022 04:41:59 GMT

GET
H/1.1 200
OK 5759 Show response
cdn.adclerks.com/core/ad2/24667/ Frame AA13 984 B
1 KB 785ms
394ms Script
text/javascript 198.74.54.57
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adclerks.com/core/ad2/24667/5759?r=18551
Requested by: Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.74.54.57 Atlanta, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: adn1.adclerks.com
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16
Resource Hash: 7d365a30058c6d4a87f549b5604f952262892ab01fda782f651747eb8ebb4dfb

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, max-age=604800, post-check=0, pre-check=0
Connection: close
Content-Length: 984
Expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 70WYToVE8hGAWWdGXuk51E-5sux-JawR5pbJ8Ry9pGklCp9x_QfFQempPVHCXcuntkvp6NDrnYat-fwUK4jQKOJzi5M=w490
lh4.googleusercontent.com/proxy/ Frame AA13 39 KB
39 KB 39ms
22ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/70WYToVE8hGAWWdGXuk51E-5sux-JawR5pbJ8Ry9pGklCp9x_QfFQempPVHCXcuntkvp6NDrnYat-fwUK4jQKOJzi5M=w490

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

5b62231c145f2bd50da4576537d15572ef203ddf473569588fa064d3eab4c163

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:33 GMT
x-content-type-options: nosniff
server: fife
age: 234
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39907
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:06:33 GMT

GET
H3-Q050 200 loader.js Show response
www.gstatic.com/charts/ Frame AA13 64 KB
20 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/loader.js

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d48c95e39e7dcd31ebeee1191f77770fa1cb0a4213bb84ac925406066218c841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19830
x-xss-protection: 0
pragma: no-cache
last-modified: Thu, 23 Jul 2020 17:43:26 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 1089121065-fancy_compiled.js Show response
resources.blogblog.com/blogblog/data/res/ Frame AA13 136 KB
47 KB 35ms
19ms Script
text/javascript 2a00:1450:4001:802::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.blogblog.com/blogblog/data/res/1089121065-fancy_compiled.js

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ed7d36be134b77ecf8b958f168efea52e13d6a2ea2e2ccf19db4989f510601e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 02:08:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Feb 2021 01:22:56 GMT
server: sffe
age: 457288
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47708
x-xss-protection: 0
expires: Fri, 19 Feb 2021 02:08:59 GMT

GET
H2 200 cookienotice.js Show response
www.kissanime1.ml/js/ Frame AA13 6 KB
2 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kissanime1.ml/js/cookienotice.js

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Feb 2021 07:43:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2026
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 2473628150-widgets.js Show response
www.blogger.com/static/v1/widgets/ Frame AA13 143 KB
52 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/widgets/2473628150-widgets.js

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

717fdf32513c4e6bd6a3e31827ecaed7728f961b61c5ea62db5de1054c463dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 01:48:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:08:59 GMT
server: sffe
age: 199331
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53282
x-xss-protection: 0
expires: Tue, 15 Feb 2022 01:48:16 GMT

GET
H3-Q050 200 clipboard.min.js Show response
www.gstatic.com/external_hosted/clipboardjs/ Frame 0E7C 12 KB
4 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a00d3cabd4a8dbdbd2e992e238d11ec889fb3cc7751d9bc271f063a17ec8bf7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 0
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4096
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:27 GMT

GET
H/1.1 200
OK close.png
mellowads.com/img/ Frame 0E7C 399 B
1 KB 33ms
16ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/close.png
Requested by: Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 317a4b3c77269258fbf082d910a099adcd8873cb9c037b42c9b6468ce8d7101d

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005966
Cf-Polished: origSize=1422
Connection: keep-alive
Content-Length: 399
cf-request-id: 0850da60910000d70d34274000000001
Last-Modified: Wed, 15 Nov 2017 09:57:37 GMT
Server: cloudflare
ETag: "967d12af85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60141859d70d-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 962757 Show response
ad.a-ads.com/ Frame CEF5 6 KB
2 KB 758ms
59ms Document
text/html 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/962757?size=468x60

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) / Phusion Passenger

Resource Hash

e6ba66d0378865b88de2c60042d49afba1bfe1c4c6cc2705952db4a281ec3671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger
X-Original-Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Content-Encoding: gzip

GET
H/1.1 200
OK 5761 Show response
cdn.adclerks.com/core/ad2/24667/ Frame AA13 952 B
1 KB 665ms
280ms Script
text/javascript 198.74.54.57
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adclerks.com/core/ad2/24667/5761?r=58640
Requested by: Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.74.54.57 Atlanta, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: adn1.adclerks.com
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16
Resource Hash: 8c65522dc57c934b7dab50b6a55edea7473b88c442a7b96acd8550dda61650d6

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, max-age=604800, post-check=0, pre-check=0
Connection: close
Content-Length: 952
Expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H/1.1 200
OK 962758 Show response
ad.a-ads.com/ Frame 673C 6 KB
2 KB 806ms
47ms Document
text/html 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/962758?size=728x90

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) / Phusion Passenger

Resource Hash

e04978b05c6932346fcc289391ff20799dae2089bdc18b2e0189f067e050a354

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger
X-Original-Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Content-Encoding: gzip

GET
H2

200

pyxSN_WIThM Show response
www.youtube.com/embed/ Frame E6DA
Redirect Chain

https://youtube.com/embed/pyxSN_WIThM
https://www.youtube.com/embed/pyxSN_WIThM

30 KB
10 KB

99ms
76ms

Document
text/html

2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/pyxSN_WIThM

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

3aaa481d5bee03566f66256844befdda282c9516c7a8546882f007580385b67b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/pyxSN_WIThM
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Response headers

content-encoding: br
x-content-type-options: nosniff
content-length: 9616
pragma: no-cache
strict-transport-security: max-age=31536000
date: Wed, 17 Feb 2021 09:10:27 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: YSC=k_s7KU9RrHk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=S6fvYv_8e8g; Domain=.youtube.com; Expires=Mon, 16-Aug-2021 09:10:27 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+016; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
location: https://www.youtube.com/embed/pyxSN_WIThM
date: Wed, 17 Feb 2021 09:10:27 GMT
content-type: text/html
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: CONSENT=PENDING+158; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 17 Feb 2021 09:10:27 GMT
cache-control: private

GET
H2 404 hqdefault.jpg
i.ytimg.com/vi/pyxSN_WIThM/ Frame AA13 1 KB
1 KB 50ms
6ms Image
image/jpeg 2a00:1450:4001:801::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/pyxSN_WIThM/hqdefault.jpg

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:17 GMT
x-content-type-options: nosniff
server: sffe
age: 10
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=30
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1097
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:47 GMT

GET
H3-Q050 200 JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame AA13 7 KB
7 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca5c84dc7b788426db818e4834249af7fbbfdec34c784adaafe3b00031993167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.kissanime1.ml
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 15:39:44 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:56 GMT
server: sffe
age: 581443
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6696
x-xss-protection: 0
expires: Thu, 10 Feb 2022 15:39:44 GMT

GET
H3-Q050 200 0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2
fonts.gstatic.com/s/lora/v17/ Frame AA13 19 KB
19 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v17/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkq0.woff2

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b874445c1c5f287cca4f88a9b939270676c7ad03c9c7209a33a5907ae731fe0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.kissanime1.ml
Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 01:17:37 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 21:52:45 GMT
server: sffe
age: 373970
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19144
x-xss-protection: 0
expires: Sun, 13 Feb 2022 01:17:37 GMT

GET
H2 200 sprite_v1_6.css.svg
www.www.baomoi.com.tntn.cf/responsive/ Frame 0E7C 7 KB
2 KB 24ms
24ms Other
image/svg+xml 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.www.baomoi.com.tntn.cf/responsive/sprite_v1_6.css.svg

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 19:11:45 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2244
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H/1.1 200
OK Cookie set E3ED2177086A Show response
mellowads.com/view/ Frame 1A9A 2 KB
2 KB 260ms
258ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/E3ED2177086A
Requested by: Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d4d57754f9ec338a895a8f651c798b77626723e72bb49e9c9becdada1b0814f

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.www.baomoi.com.tntn.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.www.baomoi.com.tntn.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d0487544361096e9c8e858f6ce14375ed1613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:09:55 GMT; path=/
Cache-Control: private
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da60c10000d70d2b962000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e6014688fd70d-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set 70C484EDA031 Show response
mellowads.com/view/ Frame 9C13 2 KB
2 KB 269ms
254ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/70C484EDA031
Requested by: Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0cae1108337c4edd9e8fc09b688194169020eeb2929e892d08eaeea37658e219

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.www.baomoi.com.tntn.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.www.baomoi.com.tntn.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d2870d116e02830111c70a247110efaf61613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:21 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da60d200002c4ed18ae000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e60147ce42c4e-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set C44DA330A4A4 Show response
mellowads.com/view/ Frame 8C85 2 KB
2 KB 265ms
251ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/C44DA330A4A4
Requested by: Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a39567de812d4fb31a31612c2c8fb3d0101ed9a987cc43631500a0240f1c7c05

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.www.baomoi.com.tntn.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.www.baomoi.com.tntn.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d024e935c306cc1e902670c50558137931613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:41 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da60d00000061004225000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e60148a580610-FRA
Content-Encoding: gzip

GET
H3-Q050 200 1772004140-vegeclub_compiled.js Show response
resources.blogblog.com/blogblog/data/res/ Frame 0E7C 135 KB
46 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.blogblog.com/blogblog/data/res/1772004140-vegeclub_compiled.js

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e153d916096463c7a56b0753c9d1ca4a05fa381c58d492e3e58f103823c7e02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 02:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Feb 2021 01:22:56 GMT
server: sffe
age: 457279
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47284
x-xss-protection: 0
expires: Fri, 19 Feb 2021 02:09:08 GMT

GET
H2 200 cookienotice.js Show response
www.www.baomoi.com.tntn.cf/js/ Frame 0E7C 6 KB
2 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.www.baomoi.com.tntn.cf/js/cookienotice.js

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Feb 2021 07:43:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2026
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 3672613597-widgets.js Show response
www.blogger.com/static/v1/widgets/ Frame 0E7C 141 KB
51 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/widgets/3672613597-widgets.js

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab419744135650aef8e6f53a56917a4ebc7dfe1a7969f3dda8bf4a3ee98869a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 01:33:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Feb 2021 11:07:04 GMT
server: sffe
age: 27394
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52520
x-xss-protection: 0
expires: Thu, 17 Feb 2022 01:33:53 GMT

GET
H/1.1 200
OK 300x250-low-google.gif
beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/ Frame 118A 148 KB
148 KB 145ms
53ms Image
image/gif 5.101.110.225
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/300x250-low-google.gif

Requested by

Host: cpm.ezmob.com
URL: https://cpm.ezmob.com/tag?zone_id=107011&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D68612241

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

5.101.110.225 , United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

df46f8ed158243072f47dac6013063067f2da1133d9c3fac3e66b157c8866e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Last-Modified: Tue, 21 Jul 2020 07:20:07 GMT
x-amz-request-id: tx00000000000006343b707-00602cdd83-90880e1-ams3b
ETag: "67ee2a072908098e72a709b65b5ddef6"
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Type: image/gif
x-rgw-object-type: Normal
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 151177

GET
H/1.1 200
OK tag Show response
cpm.ezmob.com/ Frame 118A 227 B
548 B 7015ms
28ms Script
application/javascript 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.ezmob.com/tag?zone_id=111227&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D56376581
Requested by: Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: 6290be4469214fdb80f64684e62e554ebeb8c4c16a526405d7741ff1b4c4bf3e

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:34 GMT
Server: nginx
Age: 0
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Connection: close
Content-Type: application/javascript; charset=utf-8
Content-Length: 227

GET
H3-Q050 200 u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame 0E7C 19 KB
19 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e19e5fec549d0d871301c8196f4a954abe8d6913464a1ac511f81ef71529f89b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.www.baomoi.com.tntn.cf
Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 13:34:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:09:53 GMT
server: sffe
age: 156959
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19300
x-xss-protection: 0
expires: Tue, 15 Feb 2022 13:34:28 GMT

GET
H3-Q050 200 gmfuuRioTdyjHRsZ4wxYxyNeYkIHSU141xmdxx862iErIA5zCtvq_61Nqk2by028w8qFoDzCsdDFT3Dl3Xyh1J9PcLI=w800-h272-n-k-no-nu
lh3.googleusercontent.com/proxy/ Frame 0E7C 18 KB
18 KB 29ms
24ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/proxy/gmfuuRioTdyjHRsZ4wxYxyNeYkIHSU141xmdxx862iErIA5zCtvq_61Nqk2by028w8qFoDzCsdDFT3Dl3Xyh1J9PcLI=w800-h272-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2dbcc58c3b999294a08f4dadb8272e6e71bcc3e9538b71d237e2c208b701a3f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:03:03 GMT
x-content-type-options: nosniff
server: fife
age: 444
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17994
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:03:03 GMT

GET
H3-Q050 200 qbO-8QKr4AqroDfUaJPUaW3tiXGTenisQRX2X_siu0zItzN25x4L00SHUJTpvcyJ-fKoz3JuPOA3l2lKUioIfpIIYpQ=w385-h184-n-k-no-nu
lh4.googleusercontent.com/proxy/ Frame 0E7C 17 KB
17 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/qbO-8QKr4AqroDfUaJPUaW3tiXGTenisQRX2X_siu0zItzN25x4L00SHUJTpvcyJ-fKoz3JuPOA3l2lKUioIfpIIYpQ=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8e8a29908fb74946eeebe56b63f4e35753b54aec23369e1ed2b53bb95b8a6696

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:08:24 GMT
x-content-type-options: nosniff
server: fife
age: 123
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17826
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:08:24 GMT

GET
H3-Q050 200 ypWtxFHkSXnQFgEycfX93-ZIrf8DjSL60zVxxZOXFVqiqVrQa415AL0Hi-bS9dECMrXZ9mlBjqdNRTgJV38-bVrVoXg=w385-h184-n-k-no-nu
lh6.googleusercontent.com/proxy/ Frame 0E7C 21 KB
22 KB 25ms
20ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/ypWtxFHkSXnQFgEycfX93-ZIrf8DjSL60zVxxZOXFVqiqVrQa415AL0Hi-bS9dECMrXZ9mlBjqdNRTgJV38-bVrVoXg=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c36fa9409653ca7cacd6c0035698e87b66bd1b250d080edb5aa912230b96f93e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:02:49 GMT
x-content-type-options: nosniff
server: fife
age: 458
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21795
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:02:49 GMT

GET
H3-Q050 404 T4j2-B7M_uwhGX51wSFDeoNSsNDSG7BmqGPb67pZvb19ow59hSvpZ1YPBZHXJ3bEICys83fpbR0_UL9XHNzDaoOdbs4=w385-h184-n-k-no-nu
lh3.googleusercontent.com/proxy/ Frame 0E7C 1 KB
1 KB 82ms
79ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/proxy/T4j2-B7M_uwhGX51wSFDeoNSsNDSG7BmqGPb67pZvb19ow59hSvpZ1YPBZHXJ3bEICys83fpbR0_UL9XHNzDaoOdbs4=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

57eb79ec23f95554cfee51062e26a0e62c8b095b030bf7aa4068894370e1052e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
x-content-type-options: nosniff
server: fife
content-type: image/jpeg
access-control-allow-origin: *
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1187
x-xss-protection: 0

GET
H3-Q050 200 KBmTPCm-4sBMqAMBkUjL6F_VcbWsf1Zxo4xpWQJioMMdkVuqLiOCQ5psrOco9LO-Ym9wHXhtQ5wG2uK74mUQrHVyO2I=w385-h184-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 0E7C 16 KB
16 KB 32ms
28ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/KBmTPCm-4sBMqAMBkUjL6F_VcbWsf1Zxo4xpWQJioMMdkVuqLiOCQ5psrOco9LO-Ym9wHXhtQ5wG2uK74mUQrHVyO2I=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f4dc4bbcb678f1e4297dc774d3a3a691435b08a8c1809f3e6a73d1fd2b0afa86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:04:28 GMT
x-content-type-options: nosniff
server: fife
age: 359
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16478
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:04:28 GMT

GET
H3-Q050 200 om6kIzvtDnuX-IYjL7TPrBga0keI69gI0TSzgeOSoTxuI7Q7R8QBBiUyqemchyXK1E99WhwgUc4m4RWQxVop7oxiQK4=w385-h184-n-k-no-nu
lh3.googleusercontent.com/proxy/ Frame 0E7C 16 KB
16 KB 33ms
29ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/proxy/om6kIzvtDnuX-IYjL7TPrBga0keI69gI0TSzgeOSoTxuI7Q7R8QBBiUyqemchyXK1E99WhwgUc4m4RWQxVop7oxiQK4=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a86f754589d0f9618b1679a8489a81cb5bc273be25004b4fbd1529215efd1107

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:03:03 GMT
x-content-type-options: nosniff
server: fife
age: 444
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16344
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:03:03 GMT

GET
H3-Q050 200 Q8uYOAzS7TdWaY-UnUqeT6EaYLNl0jFcmFsM-5pq0OJiMRqPUskMWJUcFngjZKbNbeDUf1UqhnOy4ALu8EHBJI6_d8o=w385-h184-n-k-no-nu
lh6.googleusercontent.com/proxy/ Frame 0E7C 27 KB
27 KB 28ms
25ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/Q8uYOAzS7TdWaY-UnUqeT6EaYLNl0jFcmFsM-5pq0OJiMRqPUskMWJUcFngjZKbNbeDUf1UqhnOy4ALu8EHBJI6_d8o=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6618113ee8758c5678e427e3544ccccced96b84cc80180e131d255ebe375280f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:02:49 GMT
x-content-type-options: nosniff
server: fife
age: 458
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27782
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:02:49 GMT

GET
H3-Q050 200 WJVDe-IRGO9KothmO-BcEOt3g3uzQx6ZQlvypHulVKxP530n6mhDfHzRfVT6n3sCyX1BlwtLi3DN-1B0pIiYuJno5xs=w385-h184-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 0E7C 16 KB
16 KB 27ms
23ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/WJVDe-IRGO9KothmO-BcEOt3g3uzQx6ZQlvypHulVKxP530n6mhDfHzRfVT6n3sCyX1BlwtLi3DN-1B0pIiYuJno5xs=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

957cfad6d1cf1be2f28c946348ede1625d86862a415c03a02e48c1351460ff18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:04:28 GMT
x-content-type-options: nosniff
server: fife
age: 359
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16586
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:04:28 GMT

GET
H3-Q050 200 tSxOh0Y6FBrcu0Au4lyI0V0vL67SVIRMwwmLgO27mcRkgoEuTEzfYliYvRIcBYmbtCedQXiuhEnDZ2XcAq3xfE_MR-A=w385-h184-n-k-no-nu
lh4.googleusercontent.com/proxy/ Frame 0E7C 14 KB
14 KB 11ms
7ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/tSxOh0Y6FBrcu0Au4lyI0V0vL67SVIRMwwmLgO27mcRkgoEuTEzfYliYvRIcBYmbtCedQXiuhEnDZ2XcAq3xfE_MR-A=w385-h184-n-k-no-nu

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

568da5497854334778fdd885a0ba5f2759781334de18ddb8b2053d9a9c3d347a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:08:24 GMT
x-content-type-options: nosniff
server: fife
age: 123
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14729
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:08:24 GMT

GET
H3-Q050 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 0E7C 33 KB
34 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.www.baomoi.com.tntn.cf
Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 12:26:30 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:02:57 GMT
server: sffe
age: 161037
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34260
x-xss-protection: 0
expires: Tue, 15 Feb 2022 12:26:30 GMT

GET
H3-Q050 200 u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame 0E7C 19 KB
19 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afba6e308182b28f02233e3c816e99fe5cc51511f90cab2cc6219d652f14f3a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.www.baomoi.com.tntn.cf
Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:19 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:07:15 GMT
server: sffe
age: 147068
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19152
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:19 GMT

GET
H3-Q050 200 4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 0E7C 28 KB
28 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

045469f2d577c2ad73219bbd713640bcb4a4f9a46cecc6c0df0e66338646b27f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.www.baomoi.com.tntn.cf
Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:20:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:43 GMT
server: sffe
age: 146995
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28968
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:20:32 GMT

GET
H3-Q050 200 4iCv6KVjbNBYlgoCjC3jsGyN.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 0E7C 29 KB
29 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jsGyN.woff2

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97d812da07c2319e0e64c4137b33a5d3ccfb4c06fa5ab4444f522959e27a9ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.www.baomoi.com.tntn.cf
Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:38 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:02:34 GMT
server: sffe
age: 98149
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29864
x-xss-protection: 0
expires: Wed, 16 Feb 2022 05:54:38 GMT

GET
H3-Q050 200 4iCv6KVjbNBYlgoCxCvjvmyNL4U.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 0E7C 37 KB
37 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCxCvjvmyNL4U.woff2

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bff3ec720117a91ab7501102a32f06d0f224673a7f2407a31e076e8617856c5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.www.baomoi.com.tntn.cf
Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:03:07 GMT
server: sffe
age: 147069
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37888
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:18 GMT

GET
H3-Q050 200 4iCv6KVjbNBYlgoCjC3jvmyNL4U.woff2
fonts.gstatic.com/s/ubuntu/v15/ Frame 0E7C 41 KB
41 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jvmyNL4U.woff2

Requested by

Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1265dca02f5211352302e547a1d49f0d0fe36f5852768b45fb7482b4c1034222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.www.baomoi.com.tntn.cf
Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 12:26:20 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:02:39 GMT
server: sffe
age: 161047
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42344
x-xss-protection: 0
expires: Tue, 15 Feb 2022 12:26:20 GMT

GET
H/1.1 200
OK 5760 Show response
cdn.adclerks.com/core/ad2/24667/ Frame AA13 1 KB
1 KB 1491ms
214ms Script
text/javascript 198.74.54.57
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adclerks.com/core/ad2/24667/5760?r=26995
Requested by: Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.74.54.57 Atlanta, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: adn1.adclerks.com
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16
Resource Hash: 60649abde14f0abe5aa2d433ccda17983183b38d728ad130ff5565a106b6b384

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, max-age=604800, post-check=0, pre-check=0
Connection: close
Content-Length: 1042
Expires: Wed, 24 Feb 2021 09:10:28 GMT

GET
H/1.1 200
OK Cookie set 260544E8445E Show response
mellowads.com/view/ Frame B9A2 2 KB
2 KB 261ms
248ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/260544E8445E
Requested by: Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d8dc15634db6c6eb994a77de4492c3910cd83bbae460788d0e8aa204fa6ebb7

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.www.baomoi.com.tntn.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.www.baomoi.com.tntn.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dea4bf279d79f59b70a999842bc9264c41613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:29 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da60f80000535db9be2000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e6014bbaf535d-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set D422DDD74C99 Show response
mellowads.com/view/ Frame E0BC 3 KB
2 KB 301ms
250ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/D422DDD74C99
Requested by: Host: www.www.baomoi.com.tntn.cf
URL: https://www.www.baomoi.com.tntn.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25be5e7c0a4ff370a1bad44555cf6be3ec71edd2799aa0b51940d0b458018229

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.www.baomoi.com.tntn.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.www.baomoi.com.tntn.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d5e1461d872bbc164439d44d67846f46c1613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:09:55 GMT; path=/
Cache-Control: private
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da612100004e44b41e0000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e601508d94e44-FRA
Content-Encoding: gzip

GET
H2 200 stats Show response
www.kissanime1.ml/b/ Frame AA13 405 B
320 B 240ms
198ms XHR
text/html 2a00:1450:4001:808::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kissanime1.ml/b/stats?style=WHITE_TRANSPARENT&timeRange=LAST_MONTH&token=APq4FmDoFExvk4SVdaayYV9bBfb3i4y34X4SMg2yZpaI8x-r1yGd5RC5ZhAJTUGhhs8qvzhWaHA5Y6pzih2lks6S7KMcllmitQ

Requested by

Host: www.blogger.com
URL: https://www.blogger.com/static/v1/widgets/2473628150-widgets.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c23149d010374d4edfcd7be524def4aba294e0b71d4af8554337a7a6f945239c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0
content-length: 255
x-xss-protection: 1; mode=block
expires: Wed, 17 Feb 2021 09:10:27 GMT

GET
H/1.1 200
OK 300x250-low-google.gif
beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/ Frame EB03 148 KB
148 KB 114ms
52ms Image
image/gif 5.101.110.225
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beluga-cdn.ams3.digitaloceanspaces.com/EZmobBanners/300x250-low-google.gif

Requested by

Host: cpm.ezmob.com
URL: https://cpm.ezmob.com/tag?zone_id=111227&size=300x250&subid=&j=pu%3Dwww.markocpm.com%26if%3D2%26rn%3D15254500

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

5.101.110.225 , United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Resource Hash

df46f8ed158243072f47dac6013063067f2da1133d9c3fac3e66b157c8866e73

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Last-Modified: Tue, 21 Jul 2020 07:20:07 GMT
x-amz-request-id: tx00000000000006343b74d-00602cdd83-90880e1-ams3b
ETag: "67ee2a072908098e72a709b65b5ddef6"
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Type: image/gif
x-rgw-object-type: Normal
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 151177

GET
H2 200 / Show response
g.cash-ads.com/ Frame 3974 494 B
634 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=uQbNWNfhVACn9VGoEjv03tVCfHSbzWOV4TVGekvszr4%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

a7b63edab7d8e6bc2fc9370226934bdf9ba94b6ab3fe855105422b5491cc316f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:27 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame EB03 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=300x250
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 1391
date: Wed, 17 Feb 2021 08:47:16 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 10:47:16 GMT

GET
H3-Q050 200 authorization.css
www.blogger.com/dyn-css/ Frame AA13 1 B
46 B 367ms
367ms Stylesheet
text/css 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1359023690256536622&zx=edf11378-7418-495d-b43d-b2112aadbeaa

Requested by

Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' .google.com .google-analytics.com 'unsafe-inline' 'unsafe-eval' .gstatic.com .googlesyndication.com .blogger.com .googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Feb 2021 09:10:27 GMT
server: GSE
date: Wed, 17 Feb 2021 09:10:27 GMT
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: text/css; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

HEAD
H3-Q050 200 5dovSf9Y75raTKvQisU6vPMWLeSN79LhMYMgFYybp65mmF1L8acs_msd9uNhlWW7M-RO6aGTa5_fKOLDOAkODNqsLI00TbPI=w1152-h864-pd Show response
lh6.googleusercontent.com/proxy/ Frame AA13 0
373 B 49ms
34ms XHR
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://lh6.googleusercontent.com/proxy/5dovSf9Y75raTKvQisU6vPMWLeSN79LhMYMgFYybp65mmF1L8acs_msd9uNhlWW7M-RO6aGTa5_fKOLDOAkODNqsLI00TbPI=w1152-h864-pd

Requested by

Host: resources.blogblog.com
URL: https://resources.blogblog.com/blogblog/data/res/1089121065-fancy_compiled.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
x-content-type-options: nosniff
server: fife
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 152209
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 blogger_logo_round_35.png
www.blogger.com/img/ Frame AA13 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blogger.com/img/blogger_logo_round_35.png

Requested by

Host: resources.blogblog.com
URL: https://resources.blogblog.com/blogblog/data/res/1089121065-fancy_compiled.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 22:15:40 GMT
server: sffe
age: 98155
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2531
x-xss-protection: 0
expires: Tue, 23 Feb 2021 05:54:32 GMT

GET
H3-Q050 200 blogger_logo_round_35.png
www.blogger.com/img/ Frame 0E7C 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blogger.com/img/blogger_logo_round_35.png

Requested by

Host: resources.blogblog.com
URL: https://resources.blogblog.com/blogblog/data/res/1772004140-vegeclub_compiled.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.www.baomoi.com.tntn.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 22:15:40 GMT
server: sffe
age: 98155
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2531
x-xss-protection: 0
expires: Tue, 23 Feb 2021 05:54:32 GMT

GET
H3-Q050 200 clipboard.min.js Show response
www.gstatic.com/external_hosted/clipboardjs/ Frame 18E3 12 KB
4 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a00d3cabd4a8dbdbd2e992e238d11ec889fb3cc7751d9bc271f063a17ec8bf7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
age: 0
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4096
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:27 GMT

GET
H2 200 sprite_v1_6.css.svg
www.vietnamnet.vn.nmnm.cf/responsive/ Frame 18E3 7 KB
2 KB 39ms
39ms Other
image/svg+xml 216.239.34.21
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vietnamnet.vn.nmnm.cf/responsive/sprite_v1_6.css.svg

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.34.21 San Mateo, United States, ASN15169 (GOOGLE, US),

Reverse DNS

any-in-2215.1e100.net

Software

sffe /

Resource Hash

73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Feb 2021 07:43:08 GMT
server: sffe
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2244
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H/1.1 200
OK Cookie set F153A28D15CE Show response
mellowads.com/view/ Frame 5F7E 2 KB
2 KB 256ms
255ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/F153A28D15CE
Requested by: Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 128dc8db18031bf21409c8e8fe229651e1cc05bb5c0b6a9129382e041884dd62

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.vietnamnet.vn.nmnm.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.vietnamnet.vn.nmnm.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dc92e1d6ca39031d854bc1760d11ffdbd1613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:41 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da61c70000d70d168d0000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e601609cad70d-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set FA91F4BB821F Show response
mellowads.com/view/ Frame A78E 2 KB
2 KB 250ms
247ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/FA91F4BB821F
Requested by: Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52d18b86f59607a707243f356dde57399c9cc9be3b6390feabdaadd287a67a4e

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.vietnamnet.vn.nmnm.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.vietnamnet.vn.nmnm.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd5e2edebdaaa81fab33f1f1f674ad4211613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:21 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da61cb0000061020314000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e60161c1b0610-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set 335D3A8A3007 Show response
mellowads.com/view/ Frame 3ED8 3 KB
2 KB 253ms
249ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/335D3A8A3007
Requested by: Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cb6fcb42ccf487939c8b4040d2c5c61e37f90b03a1686b713f5cb4f7c5258b5

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.vietnamnet.vn.nmnm.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.vietnamnet.vn.nmnm.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d95d76fec63e0ec061971f07d2deacf491613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:21 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da61ce00002c4ed8b8b000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e60161e7e2c4e-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK close.png
mellowads.com/img/ Frame 18E3 399 B
1 KB 43ms
14ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/close.png
Requested by: Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 317a4b3c77269258fbf082d910a099adcd8873cb9c037b42c9b6468ce8d7101d

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005966
Cf-Polished: origSize=1422
Connection: keep-alive
Content-Length: 399
cf-request-id: 0850da61eb0000c29a9cbd3000000001
Last-Modified: Wed, 15 Nov 2017 09:57:37 GMT
Server: cloudflare
ETag: "967d12af85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60164e5fc29a-FRA
Cf-Bgj: imgq:100,h2pri

GET
H3-Q050 200 1772004140-vegeclub_compiled.js Show response
resources.blogblog.com/blogblog/data/res/ Frame 18E3 135 KB
46 KB 28ms
26ms Script
text/javascript 2a00:1450:4001:802::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.blogblog.com/blogblog/data/res/1772004140-vegeclub_compiled.js

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e153d916096463c7a56b0753c9d1ca4a05fa381c58d492e3e58f103823c7e02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 02:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Feb 2021 01:22:56 GMT
server: sffe
age: 457279
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47284
x-xss-protection: 0
expires: Fri, 19 Feb 2021 02:09:08 GMT

GET
H2 200 cookienotice.js Show response
www.vietnamnet.vn.nmnm.cf/js/ Frame 18E3 6 KB
2 KB 39ms
38ms Script
text/javascript 216.239.34.21
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.vietnamnet.vn.nmnm.cf/js/cookienotice.js

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.239.34.21 San Mateo, United States, ASN15169 (GOOGLE, US),

Reverse DNS

any-in-2215.1e100.net

Software

sffe /

Resource Hash

068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Feb 2021 07:43:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2026
x-xss-protection: 0
expires: Wed, 24 Feb 2021 09:10:27 GMT

GET
H3-Q050 200 2473628150-widgets.js Show response
www.blogger.com/static/v1/widgets/ Frame 18E3 143 KB
52 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.blogger.com/static/v1/widgets/2473628150-widgets.js

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

717fdf32513c4e6bd6a3e31827ecaed7728f961b61c5ea62db5de1054c463dc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 01:48:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:08:59 GMT
server: sffe
age: 199331
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53282
x-xss-protection: 0
expires: Tue, 15 Feb 2022 01:48:16 GMT

GET
H3-Q050 200 www-player-webp.css
www.youtube.com/s/player/6eebf7aa/ Frame E6DA 340 KB
51 KB 55ms
39ms Stylesheet
text/css 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/6eebf7aa/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pyxSN_WIThM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0651e9a718a6ce3d030e0086532dad8caf7571b961e311fda509a47d0ba4bd56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 16:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:13:47 GMT
server: sffe
age: 59005
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52099
x-xss-protection: 0
expires: Wed, 16 Feb 2022 16:47:02 GMT

GET
H3-Q050 200 www-embed-player.js Show response
www.youtube.com/s/player/6eebf7aa/www-embed-player.vflset/ Frame E6DA 157 KB
57 KB 55ms
39ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/6eebf7aa/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pyxSN_WIThM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f003001a164fc40eb7a767dcb8f36dce6ba51e3f6852f38f9400322dfa59f252

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 16:45:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:13:47 GMT
server: sffe
age: 59102
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58426
x-xss-protection: 0
expires: Wed, 16 Feb 2022 16:45:25 GMT

GET
H3-Q050 200 base.js Show response
www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/ Frame E6DA 1 MB
492 KB 56ms
40ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pyxSN_WIThM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37555d2a8631f6c69e94303caf2b0f844327688c004f02e7549f15834558c263

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 16:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:13:47 GMT
server: sffe
age: 58979
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 504129
x-xss-protection: 0
expires: Wed, 16 Feb 2022 16:47:28 GMT

GET
H3-Q050 200 fetch-polyfill.js Show response
www.youtube.com/s/player/6eebf7aa/fetch-polyfill.vflset/ Frame E6DA 8 KB
3 KB 46ms
31ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/6eebf7aa/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pyxSN_WIThM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 16:45:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:13:47 GMT
server: sffe
age: 59102
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3027
x-xss-protection: 0
expires: Wed, 16 Feb 2022 16:45:25 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E6DA 10 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pyxSN_WIThM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:11 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 146716
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:11 GMT

GET
H/1.1 200
OK Cookie set 0538B66CECD2 Show response
mellowads.com/view/ Frame 068B 2 KB
2 KB 271ms
269ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/0538B66CECD2
Requested by: Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea086075fae357fd441bb4dd9ee29b91f97be63de2d484fb8e6c5eb0e8ca92f6

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.vietnamnet.vn.nmnm.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.vietnamnet.vn.nmnm.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dd7a648e571e09e7d63598b43c81e77141613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:30 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da620c0000c29ad1b9b000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e60167e82c29a-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set FD623390B1FD Show response
mellowads.com/view/ Frame FFBA 2 KB
2 KB 265ms
263ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/FD623390B1FD
Requested by: Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1972993627933161eb4286074780602ea032bce628c2c24c20749a299df5761c

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.vietnamnet.vn.nmnm.cf/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.vietnamnet.vn.nmnm.cf/

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d32b411a31fd9d6ffe6bb1e3f9436c33c1613553027; expires=Fri, 19-Mar-21 09:10:27 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:09:56 GMT; path=/
Cache-Control: private
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da620f0000535da32fe000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e60167e10535d-FRA
Content-Encoding: gzip

GET
H3-Q050 200 u-440qyriQwlOrhSvowK_l5-fCZM.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame 18E3 19 KB
19 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-fCZM.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e19e5fec549d0d871301c8196f4a954abe8d6913464a1ac511f81ef71529f89b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 13:34:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:09:53 GMT
server: sffe
age: 156959
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19300
x-xss-protection: 0
expires: Tue, 15 Feb 2022 13:34:28 GMT

GET
H3-Q050 200 6lygjky9af0c1EwQvsKHt6I8yfgIhUSiZS-g8DSMLA3IZABArl1xBoTn41K4ZxTDSBdY6DSvwrgPuM9he7Y-Iq_pSmk=w800-h272-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 18E3 25 KB
25 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/6lygjky9af0c1EwQvsKHt6I8yfgIhUSiZS-g8DSMLA3IZABArl1xBoTn41K4ZxTDSBdY6DSvwrgPuM9he7Y-Iq_pSmk=w800-h272-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4d3bcbdab5bf8f7aeaec5ebd0a9bd5c6188377f8fd0a8261b94a71cc48265ce1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:05:33 GMT
x-content-type-options: nosniff
server: fife
age: 294
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25684
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:05:33 GMT

GET
H3-Q050 200 5BwRW2VP-WjOfbe3OuDW9Gnf5EJW_7xwzmnERu9AtLUh_9nr_isFhgJkdZjEGodJGssXsDltIKu3snpSpAsxz8xhleE=w385-h184-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 18E3 19 KB
20 KB 12ms
10ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/5BwRW2VP-WjOfbe3OuDW9Gnf5EJW_7xwzmnERu9AtLUh_9nr_isFhgJkdZjEGodJGssXsDltIKu3snpSpAsxz8xhleE=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

219090691fd71d5c7f3a90e27653463d1075fc175fe267bc4113bc28c24d4325

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 06:23:41 GMT
x-content-type-options: nosniff
server: fife
age: 10006
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19921
x-xss-protection: 0
expires: Thu, 18 Feb 2021 06:23:41 GMT

GET
H3-Q050 200 J70zruIBmbkgkM11lhEQmZlTSbXR12BfYYZmx3yTYAwCyTOHpUAk1zp7DNJGtWm0P0UISOnSEkNsFT9esY-sflsaCXM=w385-h184-n-k-no-nu
lh6.googleusercontent.com/proxy/ Frame 18E3 14 KB
14 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/J70zruIBmbkgkM11lhEQmZlTSbXR12BfYYZmx3yTYAwCyTOHpUAk1zp7DNJGtWm0P0UISOnSEkNsFT9esY-sflsaCXM=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cc563873045e07077f13313013d3ea89b9cc5899ebb16e5316c1ebca22aeab25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:02:49 GMT
x-content-type-options: nosniff
server: fife
age: 458
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14698
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:02:49 GMT

GET
H3-Q050 200 WWfj0EVYtavNOq_L-hKD4XkqL6hfOBNt8lH307-cW9g4xLDD966U_jPSMcEa7DHVsx-_wjS0LtCA5saI1BGNh6jPVVk=w385-h184-n-k-no-nu
lh3.googleusercontent.com/proxy/ Frame 18E3 22 KB
22 KB 19ms
16ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/proxy/WWfj0EVYtavNOq_L-hKD4XkqL6hfOBNt8lH307-cW9g4xLDD966U_jPSMcEa7DHVsx-_wjS0LtCA5saI1BGNh6jPVVk=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1507a52b580acafd157a0a8faf3523b9c11417f18899ac3607b7d8c4e6cf25cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:03:22 GMT
x-content-type-options: nosniff
server: fife
age: 425
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22453
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:03:22 GMT

GET
H3-Q050 200 WM86MUexZTcvx2e-zELWUfG0tafM6lzn68zkeDtdnUK3dIZ3Bbl8hjzzh5NbOXgWtNhyXyyIfVEWlxKJqQX7ODdatzk=w385-h184-n-k-no-nu
lh3.googleusercontent.com/proxy/ Frame 18E3 15 KB
15 KB 17ms
14ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/proxy/WM86MUexZTcvx2e-zELWUfG0tafM6lzn68zkeDtdnUK3dIZ3Bbl8hjzzh5NbOXgWtNhyXyyIfVEWlxKJqQX7ODdatzk=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1078ebca04ff2463d409299c81f8ab8a0caea1eb5388ce79af1ec33a2f800a5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:03:22 GMT
x-content-type-options: nosniff
server: fife
age: 425
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15198
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:03:22 GMT

GET
H3-Q050 200 RbXhfNVUBwg1CdIaZCerM57HNHAgsZDlxoqt-BtvT6L6JcRuHTISi7r-EePZSDevWB_QSgcF4yixLMqLNoEijVQtbew=w385-h184-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 18E3 26 KB
26 KB 36ms
33ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/RbXhfNVUBwg1CdIaZCerM57HNHAgsZDlxoqt-BtvT6L6JcRuHTISi7r-EePZSDevWB_QSgcF4yixLMqLNoEijVQtbew=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bee42133df7c52475b5e20d46fa11479103a00a26cabaae159c2b1cee6d8a181

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:05:33 GMT
x-content-type-options: nosniff
server: fife
age: 294
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26657
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:05:33 GMT

GET
H3-Q050 200 MavGb0jebwOKc6qSVdFB6LJBKs-Q706fqbEMtst-uQjuvqca6HpSDYerhHKbBqD4zxnDY88A9IwJ44G1cprC9BR2w1k=w385-h184-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 18E3 12 KB
13 KB 35ms
33ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/MavGb0jebwOKc6qSVdFB6LJBKs-Q706fqbEMtst-uQjuvqca6HpSDYerhHKbBqD4zxnDY88A9IwJ44G1cprC9BR2w1k=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6bd408923dd0c335b53377781abb4edb36347d4d124285213c712a0a9a0fda2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:05:33 GMT
x-content-type-options: nosniff
server: fife
age: 294
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12778
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:05:33 GMT

GET
H3-Q050 200 yvc5GgAmrF-qVL0cAmcSJ3S_v994yO4k06DmYIwOONWq4ILp3RGznPCRVUSmdCE2QP08h3ppTAtHVw029c9xmFa0va4=w385-h184-n-k-no-nu
lh4.googleusercontent.com/proxy/ Frame 18E3 21 KB
21 KB 12ms
9ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/yvc5GgAmrF-qVL0cAmcSJ3S_v994yO4k06DmYIwOONWq4ILp3RGznPCRVUSmdCE2QP08h3ppTAtHVw029c9xmFa0va4=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d140afd52d602837eec6b5078689267813f5c24c2c00fd2fe50a9b36c3361b47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:34 GMT
x-content-type-options: nosniff
server: fife
age: 233
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21844
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:06:34 GMT

GET
H3-Q050 200 KPea2fRVeA-t4P71xv439rb4SKZldTWA8xf4E3Vtv3sbpa8IY8lx_zMORhHxX0WqFv_EKkSMBbEgFzwhZVszzFZae_M=w385-h184-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 18E3 17 KB
18 KB 24ms
22ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/KPea2fRVeA-t4P71xv439rb4SKZldTWA8xf4E3Vtv3sbpa8IY8lx_zMORhHxX0WqFv_EKkSMBbEgFzwhZVszzFZae_M=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cfcb1dd142feadccae72aa121874e7f82b6902973b8f0884f5b2141f59fb53df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:05:33 GMT
x-content-type-options: nosniff
server: fife
age: 294
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17901
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:05:33 GMT

GET
H3-Q050 200 mLcmjuhRoGEMDsH6S2_X0fpvVA8xzZxZDhI9-9bEo0R9cQ3pRnIxuux3MyJsqbMpAnFa88l7VuODqaiCxYsAZ43FFUM=w385-h184-n-k-no-nu
lh5.googleusercontent.com/proxy/ Frame 18E3 17 KB
17 KB 37ms
34ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/proxy/mLcmjuhRoGEMDsH6S2_X0fpvVA8xzZxZDhI9-9bEo0R9cQ3pRnIxuux3MyJsqbMpAnFa88l7VuODqaiCxYsAZ43FFUM=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

d9781b93d424879f2ad4e09db89d50a83205647ec29c50ce220363f848254748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:05:33 GMT
x-content-type-options: nosniff
server: fife
age: 294
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17099
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:05:33 GMT

GET
H3-Q050 200 6TGSDkxEiWzBWI06cbJp8ucrzs7NffoApWWAy41gZPBBwT8aMv29WNnOIekjGxg__aHBa7M64HtKt-Yu4Aoyvkscshs=w385-h184-n-k-no-nu
lh6.googleusercontent.com/proxy/ Frame 18E3 29 KB
29 KB 62ms
59ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/6TGSDkxEiWzBWI06cbJp8ucrzs7NffoApWWAy41gZPBBwT8aMv29WNnOIekjGxg__aHBa7M64HtKt-Yu4Aoyvkscshs=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

cfa6ae86f3d87f5b1ad4303f8ea9425eda1b462a408ef44ae75d84f68666f44c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:02:50 GMT
x-content-type-options: nosniff
server: fife
age: 457
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29213
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:02:50 GMT

GET
H3-Q050 200 8dUj-tdfufzpNhtjOl8PBJ7CcHV2eiRWyB8y4P5fNydPwdtkFcMLLFydeR4XehMRReoYf68cS8XJXlXs08v3dV4E28o=w385-h184-n-k-no-nu
lh4.googleusercontent.com/proxy/ Frame 18E3 33 KB
33 KB 17ms
14ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/8dUj-tdfufzpNhtjOl8PBJ7CcHV2eiRWyB8y4P5fNydPwdtkFcMLLFydeR4XehMRReoYf68cS8XJXlXs08v3dV4E28o=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

fdee2f7854c02fa314307a55957f519931475962f5c3ef0d518b98e56343b06f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:06:34 GMT
x-content-type-options: nosniff
server: fife
age: 233
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33355
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:06:34 GMT

GET
H3-Q050 200 rjOXt7KEYGSTISavq0UWR-MfXbm_7LgRV8mBYaU-D32l1vjI3LkoacxE5ODSFZkrOo3ZcAhgc73ailYjJlpgMumwQ4k=w385-h184-n-k-no-nu
lh3.googleusercontent.com/proxy/ Frame 18E3 22 KB
22 KB 35ms
32ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/proxy/rjOXt7KEYGSTISavq0UWR-MfXbm_7LgRV8mBYaU-D32l1vjI3LkoacxE5ODSFZkrOo3ZcAhgc73ailYjJlpgMumwQ4k=w385-h184-n-k-no-nu

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

40a77e8be0be94390b40524734e136b93ba124661596096e0cb8f46705514416

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:03:22 GMT
x-content-type-options: nosniff
server: fife
age: 425
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22690
x-xss-protection: 0
expires: Thu, 18 Feb 2021 09:03:22 GMT

GET
H3-Q050 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v17/ Frame 18E3 23 KB
23 KB 16ms
13ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 06:00:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 97803
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
expires: Wed, 16 Feb 2022 06:00:24 GMT

GET
H3-Q050 200 u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame 18E3 19 KB
19 KB 17ms
14ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZOf-I.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afba6e308182b28f02233e3c816e99fe5cc51511f90cab2cc6219d652f14f3a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:19 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:07:15 GMT
server: sffe
age: 147068
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19152
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:19 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 18E3 22 KB
23 KB 20ms
17ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 09:20:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:12 GMT
server: sffe
age: 517825
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
expires: Fri, 11 Feb 2022 09:20:02 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v17/ Frame 18E3 22 KB
22 KB 28ms
25ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:30 GMT
server: sffe
age: 98141
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
expires: Wed, 16 Feb 2022 05:54:46 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh6UVSwaPGR_p.woff2
fonts.gstatic.com/s/lato/v17/ Frame 18E3 5 KB
5 KB 27ms
24ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwaPGR_p.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28927518b5750f500f8d606b8629cd40092c7f19d8d2e32c865c4902cd489543

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:17 GMT
server: sffe
age: 147066
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5360
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:21 GMT

GET
H3-Q050 200 u-4m0qyriQwlOrhSvowK_l5-eRZAf-LHrw.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame 18E3 18 KB
18 KB 30ms
24ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZAf-LHrw.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b760106c753e8e5b4c2a7696fd97f6069ce3f832fcea83c55120d0c25d784dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:47 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:07:20 GMT
server: sffe
age: 147040
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18836
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:47 GMT

GET
H3-Q050 200 S6u9w4BMUTPHh50XSwaPGR_p.woff2
fonts.gstatic.com/s/lato/v17/ Frame 18E3 5 KB
5 KB 55ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwaPGR_p.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c231bed4704b4d3db5350e6b08c88dd0ea7240374bfe6f9951b706dfa8901c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 20:03:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:23 GMT
server: sffe
age: 133617
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5436
x-xss-protection: 0
expires: Tue, 15 Feb 2022 20:03:30 GMT

GET
H3-Q050 200 S6uyw4BMUTPHjxAwXjeu.woff2
fonts.gstatic.com/s/lato/v17/ Frame 18E3 5 KB
5 KB 36ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjxAwXjeu.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b7ad361cce9dbab34c8fd714b379707d7aa40199bf90b90f9f19c7c1db5171b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:19:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
age: 147055
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5480
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:19:32 GMT

GET
H3-Q050 200 loader.js Show response
www.gstatic.com/charts/49/ Frame AA13 27 KB
10 KB 19ms
13ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/49/loader.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e72a5ee0982cf53fc8cee83f837f897bc9e82a057453c647d5706b6ba4ff757

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9832
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 08 Jul 2020 22:21:37 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK pushserver.php Show response
push.multibux.org/ Frame 0DF6 319 B
531 B 184ms
70ms XHR
application/json 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://push.multibux.org/pushserver.php
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/5.5.9-1ubuntu4.26
Resource Hash: 2c65a803c074fa1b96450a89f0488bf3f67da9c9550d71ddda60421f4b4fa0d9

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: *
Keep-Alive: timeout=60

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 3974 5 KB
5 KB 43ms
42ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:27 GMT

GET
H3-Q050 200 blogger_logo_round_35.png
www.blogger.com/img/ Frame 18E3 2 KB
2 KB 12ms
6ms Image
image/png 2a00:1450:4001:808::2009
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.blogger.com/img/blogger_logo_round_35.png

Requested by

Host: resources.blogblog.com
URL: https://resources.blogblog.com/blogblog/data/res/1772004140-vegeclub_compiled.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 22:15:40 GMT
server: sffe
age: 98155
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2531
x-xss-protection: 0
expires: Tue, 23 Feb 2021 05:54:32 GMT

GET
H3-Q050 200 u-4m0qyriQwlOrhSvowK_l5-eRZBf-LHrw.woff2
fonts.gstatic.com/s/merriweather/v22/ Frame 18E3 8 KB
8 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZBf-LHrw.woff2

Requested by

Host: www.vietnamnet.vn.nmnm.cf
URL: https://www.vietnamnet.vn.nmnm.cf/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0ca8a70c1514e8a747ec671826c2593f06cb926ec69546f6031c85a96a7bd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.vietnamnet.vn.nmnm.cf
Referer: https://www.vietnamnet.vn.nmnm.cf/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 14 Feb 2021 15:32:35 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Sep 2020 17:08:54 GMT
server: sffe
age: 236272
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8104
x-xss-protection: 0
expires: Mon, 14 Feb 2022 15:32:35 GMT

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 1A9A 395 B
1 KB 44ms
43ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/E3ED2177086A
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/E3ED2177086A
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3229
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da62ea00002c4e33314000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e6017d8812c4e-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 1A9A 880 B
2 KB 44ms
43ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/E3ED2177086A
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/E3ED2177086A
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005974
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da62ea0000d70df6350000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e6017dc10d70d-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK CACB3CB80637.gif
banners.mellowads.com/ads/ Frame 1A9A 65 KB
65 KB 66ms
13ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/CACB3CB80637.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/E3ED2177086A
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa232a21d87a8f414d57819642249d553cb2067cf6e182fe6e251933cf23b38

Request headers

Referer: https://mellowads.com/view/E3ED2177086A
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 89911
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 66166
cf-request-id: 0850da631f0000c29f52268000000001
Last-Modified: Wed, 20 May 2020 12:13:46 GMT
Server: cloudflare
ETag: "731aa61ca02ed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60183be9c29f-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size3.css
mellowads.com/css/ Frame 8C85 397 B
1 KB 42ms
42ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size3.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/C44DA330A4A4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8706ae696503e418edcb9696da1ae9b19436ed262c5bf54e259e45b9f49c4ac5

Request headers

Referer: https://mellowads.com/view/C44DA330A4A4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 1654
Cf-Polished: origSize=597
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da62eb00004e445d907000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"ddda6828f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e6017dd124e44-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 8C85 880 B
2 KB 46ms
46ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/C44DA330A4A4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/C44DA330A4A4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005974
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da62eb000006103cae0000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e6017dea40610-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 7FEA7D180FEE.gif
banners.mellowads.com/ads/ Frame 8C85 67 KB
68 KB 68ms
15ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/7FEA7D180FEE.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/C44DA330A4A4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7fd5d302844a0d20d199f7d034823f13e734c7b5461f879b0670b64eff5c459

Request headers

Referer: https://mellowads.com/view/C44DA330A4A4
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005788
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 68405
cf-request-id: 0850da6323000016ea303e9000000001
Last-Modified: Wed, 20 May 2020 12:05:32 GMT
Server: cloudflare
ETag: "be911f69e2ed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60183ec516ea-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size1.css
mellowads.com/css/ Frame 9C13 1 KB
1 KB 58ms
11ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size1.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/70C484EDA031
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d4af139311c81555211be2e79cf4fe27b40ef7c9242efd2f04aaaa1ab90bfb1

Request headers

Referer: https://mellowads.com/view/70C484EDA031
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3636
Cf-Polished: origSize=1553
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da631a0000535db9bfd000000001
Last-Modified: Thu, 21 May 2020 00:52:49 GMT
Server: cloudflare
ETag: W/"a41e6926a2fd61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e60182825535d-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 9C13 880 B
2 KB 17ms
11ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/70C484EDA031
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/70C484EDA031
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005974
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da631900004e44b41ff000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60182d814e44-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 312E2FCEB04C.gif
banners.mellowads.com/ads/ Frame 9C13 783 KB
784 KB 46ms
28ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/312E2FCEB04C.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/70C484EDA031
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5e2c39ee7d45b930ab6d4fa011bb4decc10658a89c574a0bef580f08e00cfa8f

Request headers

Referer: https://mellowads.com/view/70C484EDA031
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 742360
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 801659
cf-request-id: 0850da633400002b71a088f000000001
Last-Modified: Fri, 29 Jan 2021 22:42:27 GMT
Server: cloudflare
ETag: "fd521c590f6d61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60185d7a2b71-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size6.css
mellowads.com/css/ Frame B9A2 1 KB
1 KB 18ms
17ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size6.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/260544E8445E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3e95f43a10a17150009cf32b5db9fd77945784fc5b20913577180bf2ecb5925

Request headers

Referer: https://mellowads.com/view/260544E8445E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2321
Cf-Polished: origSize=1468
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da63220000c29adf24a000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"1daa9628f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e60183ff8c29a-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame B9A2 880 B
2 KB 11ms
11ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/260544E8445E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/260544E8445E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005974
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da632100000610f49b9000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60183eff0610-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 4381CCBE52AA.gif
banners.mellowads.com/ads/ Frame B9A2 146 KB
147 KB 23ms
11ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/4381CCBE52AA.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/260544E8445E
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b08a44521bceda7ede4087c0a1da4e66d81daa74b57fdcee9ad3d74960377e2

Request headers

Referer: https://mellowads.com/view/260544E8445E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005950
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 149384
cf-request-id: 0850da632d00004dbe1a0e8000000001
Last-Modified: Wed, 20 May 2020 12:05:00 GMT
Server: cloudflare
ETag: "e120f1e29e2ed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60184d384dbe-FRA
Cf-Bgj: imgq:100,h2pri

GET
H3-Q050 200 tooltip.css
www.gstatic.com/charts/49/css/core/ Frame AA13 1 KB
587 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/49/css/core/tooltip.css

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/49/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cb6d99c8ba2262a4d0c6d0333a35b67be6d4db6c5a7d2c4a9cff74e5970e4f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 533
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 08 Jul 2020 22:32:32 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 util.css
www.gstatic.com/charts/49/css/util/ Frame AA13 12 KB
3 KB 17ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/49/css/util/util.css

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/49/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9c9244f08810a7573b16fd89288d4587f617de4c005b3e4d74ee034b6dbf280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3203
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 08 Jul 2020 22:32:32 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 jsapi_compiled_default_module.js Show response
www.gstatic.com/charts/49/js/ Frame AA13 258 KB
82 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/49/js/jsapi_compiled_default_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/49/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4fdb87c57bc847088dce0b9e304ad29f484d9aad79d886cbbdcfe1479c7d79c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83560
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 08 Jul 2020 22:27:07 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 jsapi_compiled_graphics_module.js Show response
www.gstatic.com/charts/49/js/ Frame AA13 38 KB
12 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/49/js/jsapi_compiled_graphics_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/49/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf10d79572b622cc42a98ec271cd8e311464939eb91c7af1bf14d2594e76fee5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12304
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 08 Jul 2020 22:27:07 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 jsapi_compiled_ui_module.js Show response
www.gstatic.com/charts/49/js/ Frame AA13 492 KB
162 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/49/js/jsapi_compiled_ui_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/49/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f90ebd02e91d7c660b7f8f299d6fefd4c4f46d706d467c01857d19807b5d949

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 166264
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 08 Jul 2020 22:27:07 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 jsapi_compiled_corechart_module.js Show response
www.gstatic.com/charts/49/js/ Frame AA13 20 KB
6 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/49/js/jsapi_compiled_corechart_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/49/loader.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f0b04d65d7e52487553553e18ae7e775bbb3ac2b8b0161ceec5c4d164ad93c95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5649
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 08 Jul 2020 22:27:07 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK size2.css
mellowads.com/css/ Frame E0BC 1 KB
1 KB 14ms
14ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size2.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/D422DDD74C99
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d252b095e3be279781e80a6c6b785735e56dfa5cc77c1d68f5b95b74d9cb6a0b

Request headers

Referer: https://mellowads.com/view/D422DDD74C99
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 1973
Cf-Polished: origSize=1583
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da63360000c29aeb83f000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"33854928f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e60185810c29a-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame E0BC 880 B
2 KB 10ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/D422DDD74C99
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/D422DDD74C99
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
CF-Cache-Status: HIT
Age: 2005974
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da633600000610fc01c000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60185f210610-FRA
Cf-Bgj: imgq:100,h2pri

GET
H2 200 / Show response
g.cash-ads.com/ Frame 3974 1 KB
1 KB 41ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=rn5qZnEPZHMNsKkC37EfkGyRHZANSiyodSgBtnKt8UU%3D

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=300x250

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

309172c5837a27ada46c724ab1da8b2001c92407098f92c8aae81b664134aa2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=rn5qZnEPZHMNsKkC37EfkGyRHZANSiyodSgBtnKt8UU%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:27 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H3-Q050

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame E6DA
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
1 KB

70ms
53ms

XHR
application/json

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pyxSN_WIThM

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfb1d183ecc53dc659c1cd7026e87c07a7b30bac308d500a4c28a6f7602f6499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 17 Feb 2021 09:10:28 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame E6DA 29 B
406 B 39ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/6eebf7aa/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 08:56:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 810
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:11:58 GMT

POST
H/1.1 200
OK pushserver.php Show response
push.multibux.org/ Frame 0DF6 12 B
474 B 78ms
78ms XHR
application/json 37.139.1.242
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://push.multibux.org/pushserver.php
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 37.139.1.242 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / PHP/5.5.9-1ubuntu4.26
Resource Hash: 587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Referer: https://multibux.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 17 Feb 2021 09:10:27 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/5.5.9-1ubuntu4.26
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: *
Keep-Alive: timeout=60

GET
H3-Q050 200 remote.js Show response
www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/ Frame E6DA 95 KB
31 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6109e8fab058603a1e83d35427f0f994937d00b9e19bc79e6cc919e01d4f3280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:13:47 GMT
server: sffe
age: 58978
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32155
x-xss-protection: 0
expires: Wed, 16 Feb 2022 16:47:30 GMT

GET
H3-Q050 200 embed.js Show response
www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/ Frame E6DA 29 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51acacfa29a4836037ad7a3484b636a8d1adf06f44189818d07970054f4cb23a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 16:48:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Feb 2021 01:13:47 GMT
server: sffe
age: 58945
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9707
x-xss-protection: 0
expires: Wed, 16 Feb 2022 16:48:03 GMT

GET
H/1.1 200
OK size1.css
mellowads.com/css/ Frame A78E 1 KB
1 KB 13ms
11ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size1.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/FA91F4BB821F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d4af139311c81555211be2e79cf4fe27b40ef7c9242efd2f04aaaa1ab90bfb1

Request headers

Referer: https://mellowads.com/view/FA91F4BB821F
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3637
Cf-Polished: origSize=1553
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da64620000c29adb9b4000000001
Last-Modified: Thu, 21 May 2020 00:52:49 GMT
Server: cloudflare
ETag: W/"a41e6926a2fd61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e601a39afc29a-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame A78E 880 B
2 KB 14ms
13ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/FA91F4BB821F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/FA91F4BB821F
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 2005975
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da64630000061038a79000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601a39820610-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 7AB9ED471E9D.png
banners.mellowads.com/ads/ Frame A78E 111 KB
112 KB 18ms
15ms Image
image/png 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/7AB9ED471E9D.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/FA91F4BB821F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 693cc3c47b13cb2f2bcf12d9df5a930b9536858fc941476395d82a8ba794c676

Request headers

Referer: https://mellowads.com/view/FA91F4BB821F
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 161263
Cf-Polished: origSize=163592
Connection: keep-alive
Content-Length: 114042
cf-request-id: 0850da646400004dbe30a20000000001
Last-Modified: Sun, 14 Feb 2021 21:54:54 GMT
Server: cloudflare
ETag: "197b4671c3d71:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601a380b4dbe-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 5F7E 395 B
1 KB 11ms
9ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/F153A28D15CE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/F153A28D15CE
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3230
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da646300004e449db1d000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e601a38f54e44-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 5F7E 880 B
2 KB 12ms
11ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/F153A28D15CE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/F153A28D15CE
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 2005975
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da64640000535db59c9000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601a3a9b535d-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK CACB3CB80637.gif
banners.mellowads.com/ads/ Frame 5F7E 65 KB
65 KB 20ms
17ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/CACB3CB80637.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/F153A28D15CE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa232a21d87a8f414d57819642249d553cb2067cf6e182fe6e251933cf23b38

Request headers

Referer: https://mellowads.com/view/F153A28D15CE
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 89912
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 66166
cf-request-id: 0850da6466000016ea51156000000001
Last-Modified: Wed, 20 May 2020 12:13:46 GMT
Server: cloudflare
ETag: "731aa61ca02ed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601a388b16ea-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size4.css
mellowads.com/css/ Frame 3ED8 1 KB
1 KB 13ms
11ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size4.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/335D3A8A3007
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21de9b90173dd3bd8c897b2c173617ffc15eed321a42b0f9c0b68dda34399ea5

Request headers

Referer: https://mellowads.com/view/335D3A8A3007
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3441
Cf-Polished: origSize=1482
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da646500002c4ef523f000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"b5b87228f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e601a3b852c4e-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 3ED8 880 B
2 KB 13ms
11ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/335D3A8A3007
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/335D3A8A3007
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 2005975
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da64640000d70d433a3000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601a3df0d70d-FRA
Cf-Bgj: imgq:100,h2pri

GET
H2 200 141416217.png
static.adclerks.com/ads/202101/ Frame AA13 30 KB
31 KB 63ms
40ms Image
image/png 2606:4700:3034::6815:3b49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adclerks.com/ads/202101/141416217.png
Requested by: Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:3b49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1a165820565aea5e74a18974f1c0baed250022c761d3a7fabb43b6e96b28309

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
x-cache: HIT
content-length: 31017
cf-request-id: 0850da647c00004e49f7841000000001
last-modified: Sun, 31 Jan 2021 18:44:31 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9UmD06AAJzylVjpCNSd7ooyEjfN5M7GbVkHyJB6RNg3GGAUqEjvFTpRNxpU8UIx3Q0MyDHjnNKt22FfibJAuiUUYAB95mcJcc%2FAc%2FH4%3D"}],"max_age":604800,"group":"cf-nel"}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 622e601a6e744e49-FRA
expires: Sat, 20 Feb 2021 19:00:22 GMT

GET
DATA 200
OK truncated
/ Frame E6DA 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 404 hqdefault.jpg
i1.ytimg.com/vi/pyxSN_WIThM/ Frame E6DA 1 KB
1 KB 59ms
37ms Image
image/jpeg 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.ytimg.com/vi/pyxSN_WIThM/hqdefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/pyxSN_WIThM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20e9aab22032d85684d7d916a1013f7c577a132a5b10ea3fd3578e8d0b28a711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
x-content-type-options: nosniff
server: sffe
vary: Origin
content-type: image/jpeg
cache-control: public, max-age=30
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1097
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:58 GMT

GET
H2 200 blue.html Show response
www.votreimc.com/ Frame 909E 5 KB
1 KB 14ms
10ms Document
text/html 2606:4700:e2::ac40:8c0a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.votreimc.com/blue.html
Requested by: Host: www.eurosptp.com
URL: https://www.eurosptp.com/page.php?name=mariusmm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8c0a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bcf0a6da796d57e37ba4e6ba08bda6bb29922a8bd0baca242bb7283b774f935

Request headers

:method: GET
:authority: www.votreimc.com
:scheme: https
:path: /blue.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.votreimc.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.votreimc.com/

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
content-type: text/html
set-cookie: __cfduid=de2dda11fdbabb6af5754c000820571051613553028; expires=Fri, 19-Mar-21 09:10:28 GMT; path=/; domain=.votreimc.com; HttpOnly; SameSite=Lax
vary: Accept-Encoding
pragma: no-cache
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 230
cf-request-id: 0850da648100004e494a386000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y7qPZcY7ohVUwOUHAPl1zHEU0YEAdkieN4cMhCHlpYJkpMmMN3%2ByS7KMyfypxkGCRws45z1nON0W0HVbvSVU%2F0jt1dCsLPBJ3ZxicLqI3hWGUgvKB4tOy3uEwOiP"}],"group":"cf-nel"}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e601a6e7c4e49-FRA
content-encoding: br

GET
H/1.1 200
OK size6.css
mellowads.com/css/ Frame 068B 1 KB
1 KB 15ms
12ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size6.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/0538B66CECD2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3e95f43a10a17150009cf32b5db9fd77945784fc5b20913577180bf2ecb5925

Request headers

Referer: https://mellowads.com/view/0538B66CECD2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 2322
Cf-Polished: origSize=1468
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da648100002c4e1c1f8000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"1daa9628f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e601a6bb42c4e-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 068B 880 B
2 KB 15ms
12ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/0538B66CECD2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/0538B66CECD2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 2005975
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da64820000d70d1407e000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601a6e13d70d-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 0D31F491E28F.gif
banners.mellowads.com/ads/ Frame 068B 495 KB
495 KB 15ms
12ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/0D31F491E28F.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/0538B66CECD2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10184c919dae0ced7e5f796ff3ae5828645380f0daa3ad97da9d6187960cfe9f

Request headers

Referer: https://mellowads.com/view/0538B66CECD2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 174933
Cf-Polished: origSize=511786
Connection: keep-alive
Content-Length: 506527
cf-request-id: 0850da6482000016ea5400b000000001
Last-Modified: Tue, 19 Jan 2021 05:59:42 GMT
Server: cloudflare
ETag: "15ec8a4728eed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601a68c516ea-FRA
Cf-Bgj: imgq:100,h2pri

GET
H2 200 144963888.png
static.adclerks.com/ads/202102/ Frame AA13 32 KB
32 KB 37ms
35ms Image
image/png 2606:4700:3034::6815:3b49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adclerks.com/ads/202102/144963888.png
Requested by: Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:3b49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 195c188ee335ec0d5726724977dea7664dc03a5bb359e249786fbc55af01a830

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
x-cache: HIT
content-length: 32614
cf-request-id: 0850da648400004e49f2bbd000000001
last-modified: Wed, 17 Feb 2021 07:33:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H8GEkAMh9HIActyUSW%2BBaxubjP6tUZoYgRjdaZv0iIHE5e%2Fs7Q68TOMw3BclnuN1%2F91zGvlGxnzge%2F5yjMobx7B%2Fz%2FeyvCN0YxabpH0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 622e601a6e7f4e49-FRA
expires: Sat, 27 Feb 2021 07:33:08 GMT

GET
H/1.1 200
OK size2.css
mellowads.com/css/ Frame FFBA 1 KB
1 KB 38ms
11ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size2.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/FD623390B1FD
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d252b095e3be279781e80a6c6b785735e56dfa5cc77c1d68f5b95b74d9cb6a0b

Request headers

Referer: https://mellowads.com/view/FD623390B1FD
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 1974
Cf-Polished: origSize=1583
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da64a900002c4e3b904000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"33854928f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e601aac0b2c4e-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame FFBA 880 B
2 KB 34ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/FD623390B1FD
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/FD623390B1FD
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 2005975
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da64a70000d70df635d000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601aae3bd70d-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK B4A84BBB64CD.gif
banners.mellowads.com/ads/ Frame FFBA 577 KB
578 KB 42ms
14ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/B4A84BBB64CD.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/FD623390B1FD
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d068491743107aff5e086262ad391054252850fb23bb87c5d91ee86eee9167bd

Request headers

Referer: https://mellowads.com/view/FD623390B1FD
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
CF-Cache-Status: HIT
Age: 174951
Cf-Polished: origSize=600088
Connection: keep-alive
Content-Length: 591239
cf-request-id: 0850da64ac00004dbe2a3c1000000001
Last-Modified: Tue, 19 Jan 2021 06:00:04 GMT
Server: cloudflare
ETag: "7cdca75428eed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e601aa8ce4dbe-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 468x60
static.a-ads.com/a-ads-banners/102740/ Frame CEF5 530 KB
530 KB 64ms
62ms Image
image/gif 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/102740/468x60?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/962757?size=468x60
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.85-10-201-130.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6e855832642ebaba981babb974f35313f07fc5d3ba48fbad880d6f3cb9d2d7e2

Request headers

Referer: https://ad.a-ads.com/962757?size=468x60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
Last-Modified: Mon, 09 Dec 2019 09:05:33 GMT
Server: nginx/1.14.0 (Ubuntu)
x-amz-request-id: BE6B3CA5E522EF8D
ETag: "58e7f1d4e72270e4c3ca3a2f7fbc2c24"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 542506
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: Flm3muCc15QsBkGLWk47ZRSi07bLXGHn
x-amz-id-2: UF3TQMT8nLCU0IMjOoauDTOKqZ78cdkIlmHlhnLNdumxTCsimlYw4dFfC2pgznE232allbRjicY=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 3974 1 KB
1 KB 48ms
41ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=rn5qZnEPZHMNsKkC37EfkGyRHZANSiyodSgBtnKt8UU%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=rn5qZnEPZHMNsKkC37EfkGyRHZANSiyodSgBtnKt8UU%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:28 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 3974 84 KB
84 KB 48ms
41ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=rn5qZnEPZHMNsKkC37EfkGyRHZANSiyodSgBtnKt8UU%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=rn5qZnEPZHMNsKkC37EfkGyRHZANSiyodSgBtnKt8UU%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:28 GMT

GET redirect
xml.ezmob.com/ Frame 9EB6 0
0

GET
H/1.1 200
OK 728x90
static.a-ads.com/a-ads-banners/137963/ Frame 673C 210 KB
211 KB 57ms
52ms Image
image/gif 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/137963/728x90?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/962758?size=728x90
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.85-10-201-130.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a08416de6645837cd3d0587e93436ea588d0cd613c6803bd75387d14b89f0225

Request headers

Referer: https://ad.a-ads.com/962758?size=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:28 GMT
Last-Modified: Wed, 03 Feb 2021 19:38:18 GMT
Server: nginx/1.14.0 (Ubuntu)
x-amz-request-id: 2B2E380454842A0F
ETag: "a19b54015b3bbe4ac511adbf0fb44fc3"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 215313
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: 0C0uPJgyO6rk04M6sCDiUxvAKVhFrGTjZ1SK2E6TEcoJVWEp8i9NONQqPHngWsQayeMulP3oFts=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame CEF5 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 673C 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame E6DA 4 KB
2 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/6eebf7aa/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c043e209b26776422fdd7a08a36a8d3a3298577f92401a463145d88ebfa93a01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/pyxSN_WIThM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Feb 2021 06:49:06 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1801
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:28 GMT

GET
H2 200 reklamstore.js Show response
adserver.reklamstore.com/ Frame 909E 98 KB
30 KB 30ms
30ms Script
application/javascript 2600:9000:2127:1000:1c:4bbb:9180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver.reklamstore.com/reklamstore.js
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:1000:1c:4bbb:9180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24cd469812004e3ff995fa887b040ae0fdd6c07ecd5a1bad176515d8b37694ed

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 05:08:44 GMT
content-encoding: gzip
last-modified: Thu, 22 Oct 2020 13:59:17 GMT
server: AmazonS3
age: 52506
etag: "a161b7159234f83f289cea8299395d87"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f18b0bd4a5b62e5fb49428cc4789689f.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
content-length: 30217
x-amz-cf-id: Sjf4km8BZp6YAp25f4wguAMPC-InP2XUXi7aOBPbQntD7e9xI1gc9A==

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 430ms
367ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=IDnBhCFCJfWZRmB4CZPa&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__IDnBhCFCJfWZRmB4CZPa&ref=votreimc.com&_=1613553028428&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 029ec5cc0d8c392b165eec4592b574b7d77ebe0ed4076ef0ce28b211b9a2b4e0

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 8 KB
3 KB 2149ms
2087ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=mezZjul2sV3JEfEEAPeM&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__mezZjul2sV3JEfEEAPeM&ref=votreimc.com&_=1613553028429&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: c82c6d30173887ee25335ec78fc466f35bf2daa3e320e5bd1b0afd878f69490e

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:55 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 4 KB
2 KB 1029ms
597ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=pqSPj3xaHiz84Llu1zMb&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__pqSPj3xaHiz84Llu1zMb&ref=votreimc.com&_=1613553028429&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 0475084cbd157aaed797d0356d75471e5f3a978bf66e242b8c808ad5af67bf34

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:54 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET adp
ads.rekmob.com/m/ Frame 909E 0
0

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1880ms
787ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=WZkx7ujZ1NW4JXwGoBPU&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__WZkx7ujZ1NW4JXwGoBPU&ref=votreimc.com&_=1613553028429&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 122e1119d71ec0a72dcb1f854061f79fdafe15aaf76fe8b3e8cb3f3b38414541

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:55 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 7 KB
3 KB 3413ms
1532ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=5mcKBvKH6hJN0osANGti&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__5mcKBvKH6hJN0osANGti&ref=votreimc.com&_=1613553028429&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: d2614fb1444432c1794a59ede7aaa7cba4fe8a3d77ce8491574c58ad7aa8e62b

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 4 KB
2 KB 3751ms
2136ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=nUvJBb04cE383lCoWWkY&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__nUvJBb04cE383lCoWWkY&ref=votreimc.com&_=1613553028429&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: eb0d5c51e810f17aadccb79f45918fd097b906c1b4d2350ab26965390a4845cf

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:57 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET adp
ads.rekmob.com/m/ Frame 909E 0
0

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1677ms
418ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=ioENvJNfdHs115vwgDIM&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__ioENvJNfdHs115vwgDIM&ref=votreimc.com&_=1613553028430&crtg=-1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: a0605867e19fa56cab3d42dca0a2605faa52c66a0b5d00e0108b4ac94e1ef625

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:57 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 / Show response
g.cash-ads.com/ Frame F886 498 B
638 B 73ms
72ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=uQbNWNfhVACn9VGoEjv03tVCfHSbzWOV4TVGekvszr4%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

c2dc22163388ee4bba2f4acf37e777fbbc7413a38204229d650a8de745827dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:28 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ Frame 0C2A 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=728x90
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 1392
date: Wed, 17 Feb 2021 08:47:16 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 10:47:16 GMT

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 909E 114 KB
37 KB 51ms
51ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6e2f7e4abb0af99fe128f3e943c469d74d97cd446ff9395ef51fe068ed799209

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:36 GMT
server: nginx
etag: W/"601bd2e4-1c8de"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Thu, 18 Feb 2021 09:10:28 GMT

GET
H/1.1

200
OK

pix
ads.rekmob.com/retarget/ Frame 909E
Redirect Chain

https://x.bidswitch.net/sync?ssp=reklamstore
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=reklamstore&bsw_custom_parameter=33c17b42-9fd5-4a53-89da-3c8319a20c95
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=reklamstore&bsw_custom_parameter=33c17b42-9fd5-4a53-89da-3c8319a20c95
https://x.bidswitch.net/sync?dsp_id=4&user_id=6fd84452-dd27-4a61-81c2-4b6e2961e7c4&ssp=reklamstore&expires=30&user_group=5&bsw_param=33c17b42-9fd5-4a53-89da-3c8319a20c95
https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1

35 B
403 B

2608ms
36ms

Image
image/gif

146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Server: nginx/1.9.6
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

location: //ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
date: Wed, 17 Feb 2021 09:10:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 148ms
57ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ Frame 909E 77 KB
31 KB 50ms
50ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NCM67V&l=rsdataLayer

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3bfdf9c2e279ff9f38138213e5047c76a29446fbe2e78db5b0be0ab808feda63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31158
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:28 GMT

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 185ms
35ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 243ms
62ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 239ms
34ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 294ms
61ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 342ms
47ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 909E 271 B
592 B 392ms
48ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=1098730
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 91c42365f41b5d4bdfa94bae9413511931b8991b075c09f20aa167ad2588bde2

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:53 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame F886 5 KB
5 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:28 GMT

GET
H2 200 11e1eaddc7104ac7aa3ee76e02a9c7c3.jpg
cdn.cryptobrowser.store/media/pb/90/ Frame 787A 11 KB
11 KB 81ms
80ms Image
image/jpeg 2606:4700:3030::6815:45ed
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cryptobrowser.store/media/pb/90/11e1eaddc7104ac7aa3ee76e02a9c7c3.jpg

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:45ed , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fd8faedf0d1a4f62f9118126d20382f97b5797d84de13b00968b963e4876398

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"max_age":604800,"report_to":"cf-nel"}
content-length: 10787
cf-request-id: 0850da66ac0000dfefbf898000000001
last-modified: Fri, 22 Nov 2019 14:25:53 GMT
server: cloudflare
etag: "5dd7eff1-2a23"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qTYQHPwaVFVNLh3WBKYKbp3wdoRxGOlZZMz9E1RYPX2xar4UR8en9mP%2B6B2k6X2azA2s3RUapWqLZd3Op9N65fsXtXpnqbe7jxPVKiBnRpsP1zUzJo7yQPWYWmv367vBXPxMVw%3D%3D"}],"max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e601de85adfef-FRA

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1734ms
704ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=8Qantiwoq7LiLU7FOvt2&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__8Qantiwoq7LiLU7FOvt2&ref=www.votreimc.com&_=1613553028794&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 8251153aea9b4d489183f607659fa05fe992b72a0fcad97666e0bda79c69dbd8

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:57 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 63ms
63ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=49166108868
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:27 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1317ms
444ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=2Uspgnzi41ntT7jLO8W0&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__2Uspgnzi41ntT7jLO8W0&ref=www.votreimc.com&_=1613553028862&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 8803f9adf993d66d2e9693b53fc9a6d1e48c65014990bf4e91b504c19553a1f6

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 44ms
43ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=59519244470
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:28 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1300ms
397ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=7iaVoW3FfI876uQIjCGT&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__7iaVoW3FfI876uQIjCGT&ref=www.votreimc.com&_=1613553028866&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 82e7cbed721c05f237e788042feb07351595857ece816ef6575287448f581d6f

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 57ms
56ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=9590474821
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:28 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 / Show response
g.cash-ads.com/ Frame F886 1 KB
1 KB 51ms
48ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=yJ%2Fa7AJRpT%2Fvf4pxajEsqiX1P5IH95ofWnHHwaIYZGs%3D

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=728x90

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

b450f3643a4c6cf96b518962be5e39b2c7958b0c75280ecbff0ba77c3f8a79d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=yJ%2Fa7AJRpT%2Fvf4pxajEsqiX1P5IH95ofWnHHwaIYZGs%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:28 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 291e2d955b9b4381934b0820ee42314f.jpg
cdn.cryptobrowser.store/media/pb/388/ Frame 2DB4 18 KB
18 KB 58ms
57ms Image
image/jpeg 2606:4700:3030::6815:45ed
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cryptobrowser.store/media/pb/388/291e2d955b9b4381934b0820ee42314f.jpg

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:45ed , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b63bdc8e97b4d959f1da83c790d958e227e923f4c41845a69513b28cae64614

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
vary: Accept-Encoding
cf-cache-status: REVALIDATED
nel: {"max_age":604800,"report_to":"cf-nel"}
content-length: 17980
cf-request-id: 0850da67310000dfef9831d000000001
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
server: cloudflare
etag: "5dd7f05a-463c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jlRhWgS9GmkCeq3dq%2B%2BwE568DogxDmiZvqa%2FTyz5jxudBzgN42ld0PGz6ThNHlBnYjyjbLA9mAc7KbS6wbsCknOh3ljhDELYn6XQwTvaqEuwBtB2lMeq1NR5l0XiaS5761iVyA%3D%3D"}],"max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e601eb907dfef-FRA

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 909E 113 B
447 B 1302ms
453ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=f3bb5ae9c193436aba0670b5d79bd2e3&ufid=IBTMWvqysFoYmXP3Sk8x&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__IBTMWvqysFoYmXP3Sk8x&ref=www.votreimc.com&_=1613553028968&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: cbf73ff7555a5700ea49536a95b7b53c79d2daabf2438da82b1188f0910e2106

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 41ms
41ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=52702983182
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:28 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 144048596.jpg
static.adclerks.com/ads/202102/ Frame AA13 11 KB
11 KB 21ms
21ms Image
image/jpeg 2606:4700:3034::6815:3b49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adclerks.com/ads/202102/144048596.jpg
Requested by: Host: www.kissanime1.ml
URL: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:3b49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f1aaf302be6a667d289ee15c368af0f4252e425b28d1715936ea202256d5294

Request headers

Referer: https://www.kissanime1.ml/2020/12/noblesse-episode-11-english-subbed.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:28 GMT
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
x-cache: HIT
content-length: 11181
cf-request-id: 0850da676e00004e490ea56000000001
last-modified: Fri, 12 Feb 2021 21:24:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AIqZOIV55bVMqZfhd%2FSBKtWQf7TO%2FFGDorgnt1nZJ383tmY3MUYyEUOkZfQDct10XdIAOpwIAzV0vkb4CMC0okcDr%2FAjlT2WpkXewfY%3D"}],"group":"cf-nel"}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=864000
accept-ranges: bytes
cf-ray: 622e601f1c644e49-FRA
expires: Mon, 22 Feb 2021 21:24:28 GMT

GET adp
ads.rekmob.com/m/ Frame 909E 0
0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 75ms
74ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=44807037014
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:28 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 index.php Show response
www.gab.ag/ Frame EE11 14 KB
3 KB 3823ms
3823ms Document
text/html 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/index.php?view=register
Requested by: Host: ad.gab.ag
URL: https://ad.gab.ag/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e17349720b5a7289ad5edca94d9346f2eb1206ddcca88f0a5177c784a372dcde

Request headers

:method: GET
:authority: www.gab.ag
:scheme: https
:path: /index.php?view=register
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.gab.ag/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ad.gab.ag/

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=da073622b1d54dffcb8a6ea4ca420ba4a1613553029; expires=Fri, 19-Mar-21 09:10:29 GMT; path=/; domain=.gab.ag; HttpOnly; SameSite=Lax evo_session=6hrjfbkj1aeh85gadlglbn8fscrlifjn; expires=Wed, 17-Feb-2021 11:10:32 GMT; Max-Age=7200; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 0850da67870000fa78ff0f7000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pZroGnAqSZD58SmAJeBIPK14DWKb6KbIy0qgv3pPmIH2%2FnzhUT4m8szu6oFnETIR52Z61Ph5wAUCkJ9x3SrNYJEqZCc0Od1My6KO1xBwB62HVmx1QFBm"}],"max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 622e601f3c32fa78-AMS
content-encoding: br

GET adp
ads.rekmob.com/m/ Frame 909E 0
0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 47ms
46ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=69581252488
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:28 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET adp
ads.rekmob.com/m/ Frame 909E 0
0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 909E 0
146 B 41ms
41ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=208&cb=70845700740
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.votreimc.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.votreimc.com
date: Wed, 17 Feb 2021 09:10:28 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame F886 1 KB
1 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=yJ%2Fa7AJRpT%2Fvf4pxajEsqiX1P5IH95ofWnHHwaIYZGs%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=yJ%2Fa7AJRpT%2Fvf4pxajEsqiX1P5IH95ofWnHHwaIYZGs%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:29 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:29 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame F886 84 KB
84 KB 40ms
39ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=yJ%2Fa7AJRpT%2Fvf4pxajEsqiX1P5IH95ofWnHHwaIYZGs%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=yJ%2Fa7AJRpT%2Fvf4pxajEsqiX1P5IH95ofWnHHwaIYZGs%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:29 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:29 GMT

GET redirect
xml.ezmob.com/ Frame E7C7 0
0

GET
H/1.1 200
OK e5926316d63f494186a38cc60e6d8fd4
adimg.rekmob.com/ Frame 379E 15 KB
15 KB 158ms
55ms Image
image/gif 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/e5926316d63f494186a38cc60e6d8fd4
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc88d800d27ee6a73c545ef7d47d3bb64903c45818f2ae4e836114bc7d8a158f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 06:42:52 GMT
Via: 1.1 7e8e21f463faf38ee9cfcd5ec5e09b6d.cloudfront.net (CloudFront)
Last-Modified: Thu, 21 May 2020 07:18:48 GMT
Server: AmazonS3
Age: 8873
ETag: "31125bec90c91b4779510c9cffb899d1"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 15319
X-Amz-Cf-Id: DTkVCijiKjVh27GFRityGQhEe9AyYLNNh8V97Ow4ugG0R3QaXzXS0Q==

GET
H2 200 creatives
sgreen.erne.co/ Frame 9C04 30 KB
30 KB 40ms
39ms Image
image/jpeg 94.23.73.243
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sgreen.erne.co/creatives?id=SNHSNggUicfEzmAbjbO5
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR),
Reverse DNS: ip243.ip-94-23-73.eu
Software: openresty /
Resource Hash: 06a108dc09c6691695f40cfbb092a68cd15e058837a6326f4a1111de4613a186

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/jpeg
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Tue, 02 Mar 2021 16:06:37 GMT

GET
H2

200

impressions
green.erne.co/ Frame 9C04
Redirect Chain

https://aws-fr.bidswitch.net/impf/0.1389/BSWhttps_A_B_Bgreen.erne.co_Bimpressions_Cid_RqjwjYWTZFaH3RiqjFRQzshoiuNU52CdwlLYYvzU10UeUgLMbcwiWPQWNo5ye9E6J_Jwp_R_I_WAUCTION__PRICE_X/c_u-TTepQ5NtqCBRovk...
https://green.erne.co/impressions?id=qjwjYWTZFaH3RiqjFRQzshoiuNU52CdwlLYYvzU10UeUgLMbcwiWPQWNo5ye9E6J&wp=0.15025

35 B
266 B

39ms
39ms

Image
image/gif

94.23.73.243
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://green.erne.co/impressions?id=qjwjYWTZFaH3RiqjFRQzshoiuNU52CdwlLYYvzU10UeUgLMbcwiWPQWNo5ye9E6J&wp=0.15025

Requested by

Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR),

Reverse DNS

ip243.ip-94-23-73.eu

Software

openresty /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
server: openresty
content-type: image/gif
content-length: 35
strict-transport-security: max-age=0; includeSubDomains;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location: https://green.erne.co/impressions?id=qjwjYWTZFaH3RiqjFRQzshoiuNU52CdwlLYYvzU10UeUgLMbcwiWPQWNo5ye9E6J&wp=0.15025
date: Wed, 17 Feb 2021 09:10:30 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

sync
x.bidswitch.net/ Frame 9C04
Redirect Chain

https://aws-fr-sync.bidswitch.net/sync?ssp=reklamstore&dsp_id=270&imp=1
https://pixel.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=fidelity&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=fidelity&gdpr=1&user_id=Oskmh2idLNIhmHCCPMA5hTSfINQhnCfQNMrHYbIi

43 B
145 B

32ms
32ms

Image
image/gif

35.157.168.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=fidelity&gdpr=1&user_id=Oskmh2idLNIhmHCCPMA5hTSfINQhnCfQNMrHYbIi
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.168.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-168-25.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=fidelity&gdpr=1&user_id=Oskmh2idLNIhmHCCPMA5hTSfINQhnCfQNMrHYbIi
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 /
aws-fr.bidswitch.net/imp_s2s/0.1389/BSWhttp_A_B_Bgreen.erne.co_Bbidswitch_Bnotify_Cid_RqjwjYWTZFaH3RiqjFRQzshoiuNU52CdwlLYYvzU10UeUgLMbcwiWPQWNo5ye9E6J_Jwp_R_I_WAUCTION__PRICE_X/c_u-TTepQ5NtqCBRovk... Frame 9C04 43 B
108 B 46ms
46ms Image
image/gif 35.157.168.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aws-fr.bidswitch.net/imp_s2s/0.1389/BSWhttp_A_B_Bgreen.erne.co_Bbidswitch_Bnotify_Cid_RqjwjYWTZFaH3RiqjFRQzshoiuNU52CdwlLYYvzU10UeUgLMbcwiWPQWNo5ye9E6J_Jwp_R_I_WAUCTION__PRICE_X/c_u-TTepQ5NtqCBRovkFPTJOOemwnrmZDczJcz0-yOIiKc3ftBf1W6vVLtHPAGo0vZDk6UkMCaRVC31BSsOokDanoT5T7X83bAtKK6INWyv-fEAZkn1Jc00try0aBBC7RL4wM1ZTDZAigC82gS0HvO4dvTHs3vMNXSYlmh36Gfs7vCTh98h296E7QtRGNHVZYZJpXNwIcDSqY3iW2Tw_IMAz6vU70rHx1Wy_s_9q_Hzs38GcIojMiKZr4Wufx2ByuKftua0baKBgAYsxxH77yfYpjzx8UJTS1YDcDKRLaaj_CiNP5tt-d0Xs8Dumdwn8eviTH7VlRPfBN_ddwcT808Exw_V2mt7lz2yfxk7_gXmM9maxx1BrVJWUVQG65azeHii4Qj4wXMyrP9ajLuY2RxBJXZKlGhGyXKTlRb5k_xUa9ad8Uw7GYMRP7iYRAjh7-633KcO5wz4UHbHDdLNFmmtpT2hXTDSRtbnsypVnNnVprb0ks-RHWqP5v7NFAQoPO2wdUBj0qVaYIof-aH1vmTcVP_7IfrKBXKOtiA3yrlchb0-Rw5DSsBEDCLmP1ocwtV8dBrBcaMTWqU-NIS1Orxf0Rk7ndk_LdXf43FGme-kHd4bkzRmzB-p67Dw5RrXsX8lsqn5FILUqNqMJr_wUowc2mz5k6tfPJ6dh-BIoLePS0YntQOgHNp7IpPDvaj_ZLtMiIqAyJnSpTDdqpAGIJarUhjD9u9dDPJR_8GxOqljXt0Zw3GkUpZtlBQinci1y5ewp5bgqrod6gaKncd0bCVLQkTSIsCwDSpWc827xI7gkbBWtig3c-EvNKSvotbAf1dFLUdCFEqr_bs7sLXw7q6huQQw1SDU-2_9fozAd-GOFFbmLaPdJ_4a3H1HWkXPC3lvwEOn3a_Lo3P4SlcD-GytHAxREYMYI7-HkBHnD8ocFUw/
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.168.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-168-25.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-length: 43
content-type: image/gif

GET
H2 200 bootstrap.min.css
www.gab.ag/assets/components/bootstrap/css/ Frame 48D7 152 KB
21 KB 32ms
29ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/bootstrap/css/bootstrap.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:21 GMT
server: cloudflare
age: 5290
etag: W/"5df12465-2606e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f0%2FDEek9c2culszOFAncdTGTVpRUfCYNbzvqboqNIZGvpJUcJwTbgjEwfisoN4SuF4wygXoVQzYP%2B0Wwep2fFN5bj5vsxZdTBi2LXuLTsT2lKpsIFRw%2B"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b5935fa78-AMS
cf-request-id: 0850da6f130000fa78063c3000000001

GET
H2 200 font-awesome.min.css
www.gab.ag/assets/components/font-awesome/css/ Frame 48D7 30 KB
7 KB 28ms
25ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/font-awesome/css/font-awesome.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:38 GMT
server: cloudflare
age: 4424
etag: W/"5df12476-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KAG%2Bqh2rooZ8RPL7XKJUlKxcK60vH%2BhlXHJIE9mhWx8qmhCn6%2BxP4gSfUKvTYjnQ0vS6RcZxoCgX4Dx7x%2BSx%2FKGdCgy%2F2XojObxIQeZFrw%2BSnA0Lp%2FKX"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b5939fa78-AMS
cf-request-id: 0850da6f130000fa784935c000000001

GET
H2 200 jquery.min.js Show response
www.gab.ag/assets/jquery/ Frame 48D7 95 KB
32 KB 40ms
37ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jquery/jquery.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a69fb479b5382d113b7dd50923eeb1e743dfa6841500d28ab96b11a93f0abeea

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:11:33 GMT
server: cloudflare
age: 5264
etag: W/"59c687b5-17ba0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xTur664IjG%2F6IQ0n4fEoNxBoodebrbD3ueljKFO8W0bx0pzV04H0B2qUD9Z7YoL%2FPO0J4y%2Fw9ARh93qehuP1ymfASmbZZLRkd%2FDvloDVEJcehopiYqTt"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b593dfa78-AMS
cf-request-id: 0850da6f130000fa78c6bb6000000001

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ Frame 48D7 21 KB
7 KB 9ms
5ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.gab.ag
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 641477
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 7510
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
x-served-by: cache-fra19125-FRA, cache-hhn4054-HHN
date: Wed, 17 Feb 2021 09:10:30 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ Frame 48D7 59 KB
16 KB 30ms
9ms Script
text/javascript 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.gab.ag
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 28 Nov 2019 17:52:52 GMT
etag: "1574963572"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 15919

GET
H2 200 jquery-ui.min.js Show response
www.gab.ag/assets/jqueryui/ Frame 48D7 248 KB
63 KB 54ms
50ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jqueryui/jquery-ui.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9852ccf03b383d1b3855c1983e18258fbdf07999ff77a68327ed0413466db4f2

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:11:37 GMT
server: cloudflare
age: 5264
etag: W/"59c687b9-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Cx7BjXZf3XE6Ftp9wRlMmBM7%2FEBnEH1QuFlcwz0GY5iqXds8oJw6tapryrKcrgnrou1EITzK%2FpcHae4sVvcYevOoipXfzvw5Wk3c73U4BGxGIiWgECfF"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b5946fa78-AMS
cf-request-id: 0850da6f150000fa784f0e1000000001

GET
H2 200 evolutionscript.js Show response
www.gab.ag/assets/evolution/js/ Frame 48D7 14 KB
4 KB 42ms
39ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/js/evolutionscript.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8be2a4d9b5c58396029b73f7f4786649bf20be679133cccf2130741f3786348d

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 16:39:08 GMT
server: cloudflare
age: 5231
etag: W/"5df11bac-37e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=imY7RNpm1aKLuGFAvO8ZcV7V%2B%2BtU%2BvJ8CYYqpDvBlTiiZfxFW6dWIgI03SmVrSaeD%2BegXfRIgR%2FocR8SLbVVLj7nQPcMi8GAeeg1C8JmFqXoWI%2BpyVIc"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b5948fa78-AMS
cf-request-id: 0850da6f150000fa78c6bb7000000001

GET
H2 200 l2blockit.js Show response
www.gab.ag/assets/evolution/js/ Frame 48D7 4 KB
2 KB 25ms
22ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/js/l2blockit.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba57ba8c83b63763e70005c9b1840d8d7e8c71611969265aa5675aae93ead18

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 16:39:09 GMT
server: cloudflare
age: 5231
etag: W/"5df11bad-f2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VQcPUa2MsQdWPdn%2FZxXB98h5nWc6QrqfRIcv1X%2FzP8qGlcQAeYmVGMoFQ8D95SJek%2FSlD03fTW0WvgmdJzilNHW7AASLCShbi%2BZyKP7Euc2qMeZ2txLo"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b5949fa78-AMS
cf-request-id: 0850da6f150000fa78e8a7b000000001

GET
H2 200 bootstrap.bundle.min.js Show response
www.gab.ag/assets/components/bootstrap/js/ Frame 48D7 77 KB
21 KB 51ms
48ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/bootstrap/js/bootstrap.bundle.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:30 GMT
server: cloudflare
age: 5264
etag: W/"5df1246e-1332b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BU%2BzBmufnbZkMm4PVuJfIXiDVYjgXUL1kBOV862RM%2BMLcrHRZHXKWowxytHIAJSxiYoFaH8CmNWXRWnpwkNyZJLfIhiXeyTr5GVKDZ%2Bi2MALcMXh%2BsLS"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b6974fa78-AMS
cf-request-id: 0850da6f200000fa78db8a1000000001

GET
H2 200 sdmenu.js Show response
www.gab.ag/assets/evolution/css/33brushes-styles/js/ Frame 48D7 4 KB
1 KB 53ms
50ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/js/sdmenu.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9342eaeb6d2acb526ecb319ddbe84a493bd115040df5be3c83ec88ff3e337dde

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:02:15 GMT
server: cloudflare
age: 4489
etag: W/"59f0c397-e20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RIqeK8ebn9ZHuvNB1foPUqscftHofnu3SXqWL%2FpQi2VE0CJSEE7I0KPA6U1afxqm3dPuN3AzNNwiTuXuQc2gwsfqzv2%2Fb1fDY8BqhyurMrJhUQ19G5s6"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b6976fa78-AMS
cf-request-id: 0850da6f1f0000fa787e945000000001

GET
H2 200 jquery-ui.min.css
www.gab.ag/assets/jqueryui/css/ Frame 48D7 31 KB
7 KB 25ms
22ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jqueryui/css/jquery-ui.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efaaa09c3b1e7b374e13123fe496ba19e53ac74386fa136d09fdb34701c76755

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:14:26 GMT
server: cloudflare
age: 5247
etag: W/"59c68862-7b5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Noz0Rb9oUUX53QlHxkd%2FRKa4RrU8qQM0DiL67q9rUL9%2FWzqauQMV%2Fav7A1agHBUJg8dfToFmXFDzhrJ5Hnh6w9Gpbzeb2bmfww1tSuCnBtqIGlN3L%2FYq"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b5944fa78-AMS
cf-request-id: 0850da6f140000fa7865341000000001

GET
H2 200 global.css
www.gab.ag/assets/evolution/css/ Frame 48D7 21 KB
5 KB 28ms
26ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/global.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ae20896f1fa269e4a066a4f15cb0d0c0263c78f1bc3f69caacaa5e15f66aea0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 Dec 2019 20:27:25 GMT
server: cloudflare
age: 5247
etag: W/"5df93a2d-55e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YQSgXH1h4WAX%2BD8HoNCskCaK%2FoWtdNZo0yTjPssEnosFsXX7l5Mzr4%2Fa63NOj0xe7BbLXQ4xJ6bf8%2B3IStWAxdliO%2B8%2Fjr4CGfESr6S2Q4BoBBrapm%2Bl"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b594bfa78-AMS
cf-request-id: 0850da6f170000fa784b88c000000001

GET
H2 200 site.css
www.gab.ag/assets/evolution/css/ Frame 48D7 25 KB
6 KB 27ms
25ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/site.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae757987affdde9f2411be14b4cd5f17a0ad6eaa744e9f7ecca8338466055bbc

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 Dec 2019 20:22:00 GMT
server: cloudflare
age: 4799
etag: W/"5df938e8-62c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m0%2FzBmGuWLLmiS72a8wDAd9K9jOIla%2BJKFBzKdXHoeyA3XUP%2BXMQoqb938tKxbLxuZHHp0CYEvRp58jYNtUkCUlxEux3UGIzYl%2FbOlypDdsV7u39Auyw"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b594dfa78-AMS
cf-request-id: 0850da6f170000fa78d13bd000000001

GET
H2 200 core.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 48D7 43 KB
7 KB 37ms
35ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/core.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd62e8a4e85eae2ab9c3143ffb85ec24428af4b98b2df89e75903ea7bc33493f

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 13 Dec 2019 20:45:01 GMT
server: cloudflare
age: 4416
etag: W/"5df3f84d-ac4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Cu%2FE8xak4VjRw%2Bo2Nd8eQBSIIWFDOO0gfxIBwDbT7p66xGUn7UamclgBdZK8mgShMr%2Bks1%2F9mZ6m0XfXkuTGonN0CCu4WhnU3JBklM7jPIch%2FlmirbMK"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b5950fa78-AMS
cf-request-id: 0850da6f170000fa78011d7000000001

GET
H2 200 33brushes-custom.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 48D7 114 KB
18 KB 49ms
47ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b1376c0b817203f501f2be50a8bc4ca8b67e4e069f3dbd7775eaa7ef9b65c77

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Dec 2019 07:07:51 GMT
server: cloudflare
age: 5247
etag: W/"5dfb21c7-1c74a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CEONKeQQwVNrEuR%2BdTFilQOEyH8hEBLC81TT2fWDV%2BGseZ2S4NVPifd%2BA3dzCGhtixtEgxiK%2F9lYv5iRIP6VUT8MBSJ3QOR0GZPGpimjg03OndD7O5H7"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b696dfa78-AMS
cf-request-id: 0850da6f1e0000fa784935e000000001

GET
H2 200 cus-icons.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 48D7 36 KB
5 KB 41ms
39ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/cus-icons.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c00d3d5af73123689b9baf2b54f0f7a08ec93f68cd6c15c61dbae8ebb7db90e

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:01:46 GMT
server: cloudflare
age: 5247
etag: W/"59f0c37a-91ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xXJTFuiFA5sRaMwjChndT%2B3ZsCtkxfbbhzd%2BIT3qcE7QNusXOtmdn0chwMw3RAKAjwDb%2BTJnBHGyQzrvV%2BWXyoOp2071jzJjflu6jj86mB3bB5026Y95"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b696ffa78-AMS
cf-request-id: 0850da6f1e0000fa78bd313000000001

GET
H2 200 sdmenu.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame 48D7 2 KB
1 KB 41ms
39ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/sdmenu.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5f0aaeb1391bc2af45ecc74f7db25f1bb39a5fa82c7e721c3118d2273725291

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:01:43 GMT
server: cloudflare
age: 5247
etag: W/"59f0c377-8f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YGhIcDCTNK0bazAZMyAQbSlo0PWjx6ZJ0CBro%2F9M44YhKKqj4Z8aZJ4Y1ukAbrPI5m9%2F65xenJsTkPgapfmd2ILOwAn0yla2ow%2FFDWRShESbFPx0LWws"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602b6972fa78-AMS
cf-request-id: 0850da6f1f0000fa784999d000000001

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 48D7 6 KB
713 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d67ca5d28f1dd6fc58ae8f8ab79b70755b30a52eb04572a6df8e50869ff748e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:54:07 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:30 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 48D7 1 KB
543 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans+Caption

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

99af12e0514caeb32e89a80b5b8d20ab522738fe78ad369e149f33d32f5a0bdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:05:42 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:30 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 48D7 9 KB
775 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

340fb3e379311ed1ceadf7dd53577a337b47d6b1fc52a003ec959bb46cd004b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:01:57 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:30 GMT

GET
H/1.1 200
OK 3959740.gif
s4is.histats.com/stats/i/ Frame 48D7 2 KB
2 KB 370ms
122ms Image
image/png 198.27.80.143
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s4is.histats.com/stats/i/3959740.gif?3959740&103
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.27.80.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ns558056.ip-198-27-80.net
Software: /
Resource Hash: 09e16b81d4ce72ba41f4cc2a0c0eb4e07caae3a050630e0e8dfd24571ca5bd1a

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Connection: close
ETag: 696208251
Content-Length: 2253
Content-Type: image/png

GET
H2 200 969200 Show response
adhitzads.com/ Frame 48D7 447 B
999 B 118ms
72ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/969200
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fb0956632beb2db3c5099d6000ac4875a7373695db584327aa079b582e838da

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2djfaoemyzQ2TITmVKkG4OSAK689oObN%2FVYxO7EJf3kwjvojccAzEBl6ZCImvCFaEVg8SxBKlj5yJrjwFV7M4shDdqhke7zzj2d%2FZDIn"}],"max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 622e602c69337373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da6fbd00007373aa81f000000001
expires: Wed, 17 Feb 2021 10:10:31 GMT

GET
H2 200 1047672 Show response
adhitzads.com/ Frame 48D7 448 B
580 B 111ms
72ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/1047672
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd4d63ec221017a4be24d2194abe9188f300b98946f29a1e2ddb0e7ce64e374

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vio%2FzYwyXbtHmEh2db72CJTIWeJiVXcT%2BZRm2DOyOdeXfQru1Jvegl3IKBkSl90REFwYmuoqia8zrTeHM2Je40fCSmqcr49oKQedayXF"}],"max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 622e602c69367373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da6fbd00007373d9854000000001
expires: Wed, 17 Feb 2021 10:10:31 GMT

GET
H2 200 uGtr2LB.png
i.imgur.com/ Frame 48D7 184 B
508 B 98ms
32ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/uGtr2LB.png

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d0db53c29f47ea31122d7c6b88a22220ca50ce9a298abea4471d36f76d26b8cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
x-content-type-options: nosniff
age: 1737752
x-cache: HIT, HIT
content-length: 184
x-served-by: cache-bwi5124-BWI, cache-fra19144-FRA
last-modified: Wed, 01 May 2019 01:25:45 GMT
server: cat factory 1.0
x-timer: S1613553031.227689,VS0,VE0
etag: "07b3d6c272c58faaa685ec68acd61b3c"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 11

GET
H2 200 reklamstore.js Show response
adserver.reklamstore.com/ Frame 48D7 98 KB
30 KB 17ms
14ms Script
application/javascript 2600:9000:2127:1000:1c:4bbb:9180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver.reklamstore.com/reklamstore.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:1000:1c:4bbb:9180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 68284b54549982043696b0843c2d605a99815785311b379a91d4b8ad2ea721e1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 05:08:44 GMT
content-encoding: gzip
last-modified: Thu, 22 Oct 2020 13:59:17 GMT
server: AmazonS3
age: 52509
etag: "a161b7159234f83f289cea8299395d87"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f18b0bd4a5b62e5fb49428cc4789689f.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
content-length: 30217
x-amz-cf-id: bEmr0HAHQv34CtF7sxTsK6kTnI-n_awMUwNwtvsbON3nbmEUhXtYag==

GET
H2 200 969390 Show response
adhitzads.com/ Frame 48D7 447 B
581 B 71ms
68ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/969390
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f5e5250f5e145b8941a549bd962a93b3ba45c55868cb13e9e439fd2f02a5763

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dSMlsR9PM6zF02PUcj%2F7BLcsUa1GE2xsQYA2lJePdQB7vOeqrtD0ctUU%2BRtQQf7EO8ExPp5BB3LRU92RSHuY688jDJ6glSLoLg%2B1GqiU"}],"max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 622e602cb9ce7373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da6ff500007373842b7000000001
expires: Wed, 17 Feb 2021 10:10:31 GMT

GET
H2 200 jquery.blockUI.js Show response
www.gab.ag/assets/components/blockui/ Frame 48D7 19 KB
6 KB 65ms
62ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/blockui/jquery.blockUI.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a106b0f8926e51c250f5055831c1673f12020d3fa1bfcfa4bb14f614dcd31a17

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:05 GMT
server: cloudflare
age: 5193
etag: W/"5df12455-4dfe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JUuhBr1sGJCrsatXVim0iID6L3szyPChAkZFE3gAi%2Fcrr89K2YEclPiNjI4hp4HqD04%2FHkWC%2FanlJqvRy92WJ45gBIegDy8MGSJeQZoV%2FqF%2F%2BpUa3%2Ffi"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602cbd0cfa78-AMS
cf-request-id: 0850da6ff60000fa785935b000000001

GET
H2 200 ajaxSubmit.js Show response
www.gab.ag/assets/components/ajax_form/ Frame 48D7 2 KB
844 B 44ms
41ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/ajaxSubmit.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3474f9e42f470faef4db25d456e1370e9cdacef7deab620d90362e86f2d933e

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:03 GMT
server: cloudflare
age: 2425
etag: W/"5df12453-77a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WFbPfx6e%2BXHDzD1DoQ%2B3CPOJxkjjsvqhGjVjEye4rzJzaQrLa63jOJnDBDR3xuMPyPtm4t51WjQPJyesOaw593Z2NpHwsav7NSibmfGoz%2FZSZtobZveL"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602cbd10fa78-AMS
cf-request-id: 0850da6ff30000fa786535d000000001

GET
H2 200 alerts.js Show response
www.gab.ag/assets/components/ajax_form/ Frame 48D7 1 KB
676 B 48ms
46ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/alerts.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6491f4fd82597aa8a54e50b21a3d98427153039ad0dbc6bd99639a77e90cade2

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:03 GMT
server: cloudflare
age: 5263
etag: W/"5df12453-497"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k2mVlrvjnqhMA0hC4vBqnx%2F0kaFjwW2oLJRfDrTFRINU%2FXolDXe4UKBhJqd%2FMQWUsnGgb2G7KkOB6nhSRVx%2BKmpNIjgMjwIzKBSC3weRs7jDIjcNfmy7"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602cbd15fa78-AMS
cf-request-id: 0850da6ff90000fa78db8c3000000001

GET
H2 200 forms.js Show response
www.gab.ag/assets/components/ajax_form/ Frame 48D7 4 KB
1 KB 40ms
38ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/forms.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcca172fb8956a6cb32cc2e0938b4658afc275ddabe650e890cfdd13924c9d44

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Jul 2020 23:29:29 GMT
server: cloudflare
age: 2308
etag: W/"5f1f6359-10bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ls6M4WBDEgGkShT6LK65ezN5HJLblChDaKmG9%2Foa6mnnM44Oof3zGV1PafSG1et9Bva345AtM1mPUgtLuIRboiciZNwcrxwLK9ZyrrNBmRXNK%2F3VYQfO"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602cbd17fa78-AMS
cf-request-id: 0850da6ff60000fa78e8a9a000000001

GET
H2 200 uicons.css
www.gab.ag/assets/evolution/css/ Frame 48D7 71 KB
8 KB 25ms
25ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/uicons.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/global.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b3e012f4506ee657c139ef677a5b5e8ce4504655cb7ac403a2cfe6e5a1af425

Request headers

Referer: https://www.gab.ag/assets/evolution/css/global.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:13:32 GMT
server: cloudflare
age: 4797
etag: W/"59c6882c-11cf1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rqzFe8HYT8Z34moFzJsstMl1Eo4%2FCkwYU%2BVso7B3IgD7zXj%2B0GkFfZQ4f7f3C59WSqBSNUNUMHQFD52NaZZ1LKJQaQfWZeVjOgQ2Qx4sDPep6vaYWTK8"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e602c3be9fa78-AMS
cf-request-id: 0850da6fa50000fa784b8a2000000001

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ Frame 48D7 45 KB
17 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 2688
date: Wed, 17 Feb 2021 08:25:43 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 17 Feb 2021 10:25:43 GMT

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame 8C88 2 KB
2 KB 264ms
251ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1040936e8d4812632af9b2103f619c35364becd28b8f17bc8788ac33ad511b9

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=de148a1f9f620b6eb681e4ff4d382233d1613553031; expires=Fri, 19-Mar-21 09:10:31 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:42 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da6ff90000d6c175886000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e602ccd21d6c1-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK 860840 Show response
ad.a-ads.com/ Frame FCED 6 KB
2 KB 119ms
47ms Document
text/html 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/860840?size=468x60

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) / Phusion Passenger

Resource Hash

87e020414195953d9444eee81ea70b3455415413233a80d3bc2cbb74bb4d0e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger
X-Original-Referer: https://www.gab.ag/index.php?view=register
Content-Encoding: gzip

GET
H2 200 wrapper.jpg
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame 48D7 77 KB
78 KB 43ms
42ms Image
image/jpeg 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/wrapper.jpg
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19f8b06b5a73ee52551631b6c30b25218eb9efcb2cbb5e1b8818de7accff1f62

Request headers

Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4942
content-length: 79061
cf-request-id: 0850da701b0000fa78cf200000000001
last-modified: Wed, 25 Oct 2017 17:01:53 GMT
server: cloudflare
etag: "59f0c381-134d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Jk4R27ovZmHtr%2B4heaG%2B93JbOuzpQw4OuNNzd0t%2F6%2FA%2F3KkHj1JpPUMwAM7tSf80xJdcllCFTRDfEECV7HgOnqch%2BdsNy%2BnbllyBFCZcvP88Nuk1CiR%2F"}],"max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e602cfdb9fa78-AMS
cf-bgj: h2pri

GET
H2 200 logo.png
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame 48D7 19 KB
19 KB 26ms
25ms Image
image/png 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/logo.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d2f44d1c5763fd34f43813d77acf6a6ff6a96b5443450331321645866c425b4

Request headers

Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2367
content-length: 18944
cf-request-id: 0850da701c0000fa78499c2000000001
last-modified: Wed, 25 Oct 2017 17:02:06 GMT
server: cloudflare
etag: "59f0c38e-4a00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HoyMcomm3KhbKHGJM1eEJ%2FWn7og8B28BTTTvP1DL4cJQ2Q2mj8513AqLuLUvEwsFEdO0Be%2FCuWMTOnsl0c2WgTbjaJgSg2rD74m3%2BhDJJNYpfUSnFX%2Br"}],"max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e602cfdc1fa78-AMS

GET
H3-Q050 200 0FlMVP6Hrxmt7-fsUFhlFXNIlpcaeg_xYS2ixw.woff2
fonts.gstatic.com/s/ptsanscaption/v13/ Frame 48D7 12 KB
12 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsanscaption/v13/0FlMVP6Hrxmt7-fsUFhlFXNIlpcaeg_xYS2ixw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans+Caption

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e952b8b937351217f10dc03717caeb974450135f3cb704f114177e617149731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=PT+Sans+Caption
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:50 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Sep 2020 05:26:03 GMT
server: sffe
age: 98141
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11808
x-xss-protection: 0
expires: Wed, 16 Feb 2022 05:54:50 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 48D7 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 146718
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:13 GMT

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 48D7 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 146730
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:01 GMT

GET
H2 200 / Show response
p3.adhitzads.com/ Frame 48D7 0
327 B 78ms
77ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=969200&p=1788668810&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=1
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/969200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3BfarFRFTFMHJ4h9JEhZC9yqSieaBPgJjRGXpZ3R9DjBemR3MWhpbrRUPNIGFR2rqPY9wXe0EwbEF8yVVNK6ABY%2B4JLd%2FOJOBZtMI%2BG0UmJm"}],"max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 622e602d2a977373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da703d00007373bda3c000000001

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame 7A3C 2 KB
2 KB 266ms
254ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c863bc4c142b250ad36e25907e3e0f0a4d363661f504b210e618145922c18a23

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d256112d792371466d574a646b4796b931613553031; expires=Fri, 19-Mar-21 09:10:31 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:09:59 GMT; path=/
Cache-Control: private
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da70980000dfcb530e8000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e602dbce7dfcb-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame AA09 2 KB
2 KB 261ms
248ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65888c6de2f6f3b387858299304030b97b77e350c744192a9afc5200ebfab9c

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dbbd4c8e77006859679d711e09698cfc91613553031; expires=Fri, 19-Mar-21 09:10:31 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:45 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da709900004a62e7168000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e602dca4f4a62-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame 1AF6 2 KB
2 KB 263ms
250ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5650cb0736d45bf1cd72adf093b950cec9970723d9911ce40be5df4ea1ff918

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dc7048a7f240a926c2dfc078615ae91611613553031; expires=Fri, 19-Mar-21 09:10:31 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:45 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da709a00002c2647922000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e602dc8882c26-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set B8AE533AA3BB Show response
mellowads.com/view/ Frame AD78 2 KB
2 KB 263ms
251ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/B8AE533AA3BB
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bdd1b44717cfb83bc6d8f69ed99737487ca5343b4fb11114026d4b38b980c29

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=ddd379b9623695bb5ecf1e606c94406e31613553031; expires=Fri, 19-Mar-21 09:10:31 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:33 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da709b0000c26d06898000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e602dcb61c26d-FRA
Content-Encoding: gzip

GET
H2 200 / Show response
p3.adhitzads.com/ Frame 48D7 0
284 B 51ms
50ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=1047672&p=1788668810&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=2
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/1047672
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zIPR2Sixh2mgJdqBgdMibI9fyPibFuKpoQ1iahyb2nDCUsR89fhBKqtgd8qNobnwawMT4edp3X9j4qF9c0%2BEhHC9X%2FsxFQsuwqEyGFPf7JAY"}],"max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 622e602dbb6d7373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da709700007373a31c4000000001

GET
H/1.1 200
OK 468x60
static.a-ads.com/a-ads-banners/138829/ Frame FCED 15 KB
15 KB 52ms
52ms Image
image/gif 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/138829/468x60?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/860840?size=468x60
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.85-10-201-130.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 3ec2ad642a4bd8a7471dd6eb96e7b57d55fedfa4a020142be8c02145e7ab8011

Request headers

Referer: https://ad.a-ads.com/860840?size=468x60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Last-Modified: Tue, 16 Feb 2021 08:15:35 GMT
Server: nginx/1.14.0 (Ubuntu)
x-amz-request-id: DD4B43D8C3B09DEB
ETag: "4e8a9f9dd03821ccd08a43ba05cffdea"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 15147
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: 33uUTNnHqTIpgPxREUcy/NFR/gyhBOZwksIZxd5vDYn6Yv76F+1QNYxH/AuuOh1UnHxoSCzDA8k=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK Cookie set B8AE533AA3BB Show response
mellowads.com/view/ Frame 8348 2 KB
2 KB 261ms
248ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/B8AE533AA3BB
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8df468aa854f9e84003fae34b519112329e16bc87b58bf10d90add9ee05aa6d

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d38607a16acb76f3a9a3b33277cd0d3511613553031; expires=Fri, 19-Mar-21 09:10:31 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:25 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da70e900002b12ab001000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e602e4f0e2b12-FRA
Content-Encoding: gzip

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame 48D7 114 KB
37 KB 32ms
31ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6e2f7e4abb0af99fe128f3e943c469d74d97cd446ff9395ef51fe068ed799209

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:36 GMT
server: nginx
etag: W/"601bd2e4-1c8de"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Thu, 18 Feb 2021 09:10:31 GMT

GET
H/1.1

200
OK

pix
ads.rekmob.com/retarget/ Frame 48D7
Redirect Chain

https://x.bidswitch.net/sync?ssp=reklamstore
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dreklamstore%26expires%3D30%26user_group%3D...
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dreklamstore%26expires%3D30%26user_group%3D...
https://x.bidswitch.net/sync?dsp_id=429&user_id=5f4f949e-4500-5230-99f4-a34bf9d87ecc&ssp=reklamstore&expires=30&user_group=1
https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1

35 B
403 B

177ms
49ms

Image
image/gif

146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Server: nginx/1.9.6
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

location: //ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
date: Wed, 17 Feb 2021 09:10:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 320 B
621 B 98ms
35ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=553524
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5d11062cd88e10df6300906ea84a8d9f1a6f50abbbfac1f8cbff780a9e03d3fb

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ Frame 48D7 77 KB
31 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NCM67V&l=rsdataLayer

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a05853cbc96318a8b5b214214b9723a1bc2f40b7db02f470d190db24a7d73b94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31159
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:31 GMT

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 320 B
620 B 131ms
33ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=555005
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: fb5206f20d403c410fc0e7b8389f3b3f7c3c133fff514917b682ee5a72521d65

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 320 B
621 B 174ms
44ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=553524
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5d11062cd88e10df6300906ea84a8d9f1a6f50abbbfac1f8cbff780a9e03d3fb

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 320 B
620 B 205ms
29ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=555005
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: fb5206f20d403c410fc0e7b8389f3b3f7c3c133fff514917b682ee5a72521d65

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H2 200 / Show response
p3.adhitzads.com/ Frame 48D7 0
294 B 68ms
68ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=969390&p=1788668810&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=3
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/969390
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ytME4r%2BPFKhSHWGI3ypKX5NlcnOekS4ujunhpHIxefCjbi%2FXWq76I%2BJhdQ8K6NIC%2F0%2B1J3o2%2FMdjaQXSDKKTrGsWDR%2BYGW4F46v2OeQyM7aX"}],"max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 622e602e5cdf7373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da70f30000737371a54000000001

GET
DATA 200
OK truncated
/ Frame FCED 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 8C88 395 B
1 KB 23ms
11ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3233
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da713e00004eebaeac7000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e602eca694eeb-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 8C88 880 B
2 KB 106ms
9ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2005978
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da719300004a623ab7c000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602f5c704a62-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 661E77476D80.gif
banners.mellowads.com/ads/ Frame 8C88 332 KB
333 KB 27ms
14ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/661E77476D80.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8efc38d0faa943d4255754451e77ce66065654cfa341804f24ed80dd64cfdaea

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 174972
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 340291
cf-request-id: 0850da714000002bd29c83b000000001
Last-Modified: Tue, 19 Jan 2021 06:01:27 GMT
Server: cloudflare
ETag: "811c558628eed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602ec9792bd2-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 348 B
631 B 150ms
31ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=549123
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5277aeefb207b8d1e25c3bc37c8c946785a3088c3d9e1c971f81aabed177ec35

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 348 B
630 B 154ms
31ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=546313
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 823168087d0cc0af232d6f135f1770d5e946d22d32cfc26dbdbc4e2ae5658fc9

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 348 B
630 B 192ms
43ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=546313
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 823168087d0cc0af232d6f135f1770d5e946d22d32cfc26dbdbc4e2ae5658fc9

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame 48D7 348 B
631 B 189ms
38ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=549123
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5277aeefb207b8d1e25c3bc37c8c946785a3088c3d9e1c971f81aabed177ec35

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:56 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame 9D7F 2 KB
2 KB 247ms
246ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2d51c70350f4df807336cd7e823ef760b019e1152ec75cb6fce2daad296304b

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d107ccd7aad1d75df10f5c7471beb1f6a1613553031; expires=Fri, 19-Mar-21 09:10:31 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:42 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da714a00004eeb8ea24000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e602eda8e4eeb-FRA
Content-Encoding: gzip

GET
H2 200 footer-logo.png
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame 48D7 16 KB
17 KB 38ms
38ms Image
image/png 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/footer-logo.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49bade0723ecad1f86952be492a23c03f449966f68f03021cece8101f41f06ae

Request headers

Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2840
content-length: 16664
cf-request-id: 0850da71510000fa784a9fd000000001
last-modified: Wed, 25 Oct 2017 17:01:55 GMT
server: cloudflare
etag: "59f0c383-4118"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UaM1BPjpFbTV9kbYifzi4ftBChSSZcfpe6IeYskAsuyWiOQ%2FBUS%2BfyJuEh6hrjKVDnxU29uMzGN2NfDajPe8VoEun3V7MOoHTvC91FqAZsI5i1y8j6IY"}],"max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e602eea65fa78-AMS

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame B51A 0
150 B 13ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=smartocom.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=smartocom.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.gab.ag/index.php?view=register
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1765
date: Wed, 17 Feb 2021 09:10:30 GMT
content-length: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
737 B 165ms
95ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.234:80
AN-X-Request-Uuid: 1a82213c-8308-4e9f-9ada-0b0d813b657c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/ Show response
adx.adform.net/adx/ Frame 48D7
Redirect Chain

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__cyZk6Jh5HwJRI7t7tmrD
https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__cyZk6Jh5HwJRI7t7tmrD

33 B
563 B

349ms
349ms

Script
text/javascript

37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__cyZk6Jh5HwJRI7t7tmrD

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

250a88e162d4c7ef13c5a1ae367f9c403400b7f1bac74f9ddf1dc1f52741c66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 157
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
server: nginx
location: https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__cyZk6Jh5HwJRI7t7tmrD
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 4 KB
2 KB 905ms
587ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=192c020147d342b89b44892f054dc030&ufid=cyZk6Jh5HwJRI7t7tmrD&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__cyZk6Jh5HwJRI7t7tmrD&ref=ad.gab.ag&_=1613553031546&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5574ffc1a365d2e317d67f7781de18922f4ebb0501a86699c8ca4047bf40fbe1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:57 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 112ms
41ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
736 B 107ms
41ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.47:80
AN-X-Request-Uuid: e7ca2887-3ac7-4c41-9b88-ffec1fd51a1d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/ Show response
adx.adform.net/adx/ Frame 48D7
Redirect Chain

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDExMQ%3D%3D&callback=adf__sPhVw6CwCbsPl5LUT2ry
https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDExMQ%3D%3D&callback=adf__sPhVw6CwCbsPl5LUT2ry

33 B
563 B

97ms
94ms

Script
text/javascript

37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDExMQ%3D%3D&callback=adf__sPhVw6CwCbsPl5LUT2ry

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

28408296a8973f9ee193b985785adecdbb3c1d3387f36b34addc61fabf44edb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 156
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
server: nginx
location: https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDExMQ%3D%3D&callback=adf__sPhVw6CwCbsPl5LUT2ry
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 4 KB
2 KB 1000ms
619ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=4eef9d94fb6d4baca35d78effe61c3a2&ufid=sPhVw6CwCbsPl5LUT2ry&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__sPhVw6CwCbsPl5LUT2ry&ref=ad.gab.ag&_=1613553031563&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: a09a97afa0b9f65b5f619b3f282cc88052535bf21837291ac20706aa89971420

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:57 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 94ms
40ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
737 B 110ms
38ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.180:80
AN-X-Request-Uuid: 9078f081-4022-4c76-a469-f690ff4f03e5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/ Show response
adx.adform.net/adx/ Frame 48D7
Redirect Chain

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__UDFlEM2SpHqMff2xWboJ
https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__UDFlEM2SpHqMff2xWboJ

33 B
565 B

60ms
58ms

Script
text/javascript

37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__UDFlEM2SpHqMff2xWboJ

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

989391bcc90f5e049faa3688a7eeaf3abb6250795cd4545445de0b994395b585

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 158
expires: -1

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
server: nginx
location: https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__UDFlEM2SpHqMff2xWboJ
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 113 B
447 B 1051ms
377ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=192c020147d342b89b44892f054dc030&ufid=UDFlEM2SpHqMff2xWboJ&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__UDFlEM2SpHqMff2xWboJ&ref=ad.gab.ag&_=1613553031599&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 562116b5ac9c7dec8dc7bd0e79c823c31e9b9ddc1ebe727c40ec91b2518f9d05

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:57 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 59ms
40ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame AA09 395 B
1 KB 11ms
10ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3233
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da71b400004a62060b3000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e602f8cad4a62-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame AA09 880 B
2 KB 13ms
12ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2005978
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da71b40000dfcb5a395000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602f8e71dfcb-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 1AF6 395 B
1 KB 17ms
16ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3233
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da71b60000c26d033a7000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e602f8c58c26d-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 1AF6 880 B
2 KB 24ms
11ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2005978
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da71c20000dfcb20b80000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602f9e7fdfcb-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 63CDAE49E9EF.gif
banners.mellowads.com/ads/ Frame 1AF6 275 KB
276 KB 28ms
11ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/63CDAE49E9EF.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f8c9e2db98a98295579685cc1b96d949f945f567e27bb4313fecba65809a9fe

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 26743
Cf-Polished: origSize=282334
Connection: keep-alive
Content-Length: 281488
cf-request-id: 0850da71c600004ec22dbbf000000001
Last-Modified: Tue, 16 Feb 2021 17:38:39 GMT
Server: cloudflare
ETag: "a9b4e68f8a4d71:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602facd44ec2-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size4.css
mellowads.com/css/ Frame AD78 1 KB
1 KB 22ms
12ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size4.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21de9b90173dd3bd8c897b2c173617ffc15eed321a42b0f9c0b68dda34399ea5

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3444
Cf-Polished: origSize=1482
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da71c100004a6218b36000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"b5b87228f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e602f9cc04a62-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame AD78 880 B
2 KB 22ms
11ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2005978
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da71c200004ee6211e3000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602f9eca4ee6-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 497809C4D2E8.gif
banners.mellowads.com/ads/ Frame AD78 391 KB
392 KB 29ms
12ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/497809C4D2E8.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 153cc3e11b25e68df6b85cb8c3c23eb906abd8c2e039e5ffc4ad4e874b386eb0

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 28425
Cf-Polished: origSize=405072
Connection: keep-alive
Content-Length: 400235
cf-request-id: 0850da71ca00004e1f70bb0000000001
Last-Modified: Tue, 16 Feb 2021 17:37:51 GMT
Server: cloudflare
ETag: "13321d738a4d71:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602fad804e1f-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 7A3C 395 B
1 KB 14ms
13ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3233
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da71d700004ee6e32ff000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e602fbef84ee6-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 7A3C 880 B
2 KB 14ms
12ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2005978
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da71d80000dfcb1bb93000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602fcea1dfcb-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK CACB3CB80637.gif
banners.mellowads.com/ads/ Frame 7A3C 65 KB
65 KB 28ms
13ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/CACB3CB80637.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa232a21d87a8f414d57819642249d553cb2067cf6e182fe6e251933cf23b38

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 89915
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 66166
cf-request-id: 0850da71e500004ab599835000000001
Last-Modified: Wed, 20 May 2020 12:13:46 GMT
Server: cloudflare
ETag: "731aa61ca02ed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e602fda714ab5-FRA
Cf-Bgj: imgq:100,h2pri

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
736 B 60ms
33ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.42:80
AN-X-Request-Uuid: 71a806e5-d0a4-4fab-8956-5edfcb23acc8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 48D7 33 B
561 B 56ms
53ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDExMQ%3D%3D&callback=adf__toVfAhaxuYaIh7yFioqo

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0042912c3491cacbeb6c0a5437bb4e80aca4bca1ed4322f0a45e867ed811544f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 155
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 113 B
447 B 1207ms
411ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=4eef9d94fb6d4baca35d78effe61c3a2&ufid=toVfAhaxuYaIh7yFioqo&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__toVfAhaxuYaIh7yFioqo&ref=ad.gab.ag&_=1613553031683&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 0e8088201208a2e75fb8648fbd6b45dd88b2ff2b7405d3f69bfb3c7fe0f24891

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:57 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 38ms
37ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
736 B 35ms
35ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.43:80
AN-X-Request-Uuid: cd87e2a6-52f1-442e-bacc-9d59acf60227
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 48D7 33 B
563 B 190ms
190ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwNA%3D%3D&callback=adf__N4ttUbr6jC8MpnirDg6N

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

68ef3964a2096f7406b12fc8742dd6807e9a06a378975fe05b175824e06daff0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 156
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 113 B
447 B 2307ms
1410ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=54f6df99caa7486ba63d0c3df54e7ba2&ufid=N4ttUbr6jC8MpnirDg6N&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__N4ttUbr6jC8MpnirDg6N&ref=ad.gab.ag&_=1613553031711&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5ff67788484bedb9a69cccee2de03ad97ce454b9cfad3d3a3152c7578356b8c6

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 36ms
36ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame 48D7 105 B
318 B 104ms
38ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%221rKxG0CPz4QaP2I7odEr%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%22z0XPNMtSKD6kT6HMRLgk%22,%22pid%22:%2222033549%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%2254f6df99caa7486ba63d0c3df54e7ba2%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4cfaee3b3911d53aa6859dfd37b6f7bd0cafd06a6714b3a93e955ef4cd126482

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 105
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
736 B 71ms
43ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.51:80
AN-X-Request-Uuid: 71d80b07-3ff2-4910-aed3-383733a9172d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 48D7 33 B
564 B 181ms
181ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwMg%3D%3D&callback=adf__1N87L2vxXMoWWsRA2F4b

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

06cd4b681725837fd96d883eea2bafe9790d839d33e751ebcb35cb043bf468d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 157
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 113 B
447 B 1689ms
714ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=449301397e8e42a9922ea633e3eb3fda&ufid=1N87L2vxXMoWWsRA2F4b&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__1N87L2vxXMoWWsRA2F4b&ref=ad.gab.ag&_=1613553031717&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 34f09de7ee9c58396f78a42b157764f70cd1d17ae4eaf7066d69dff076915adb

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 37ms
36ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame 48D7 105 B
319 B 99ms
37ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%226jzWmd784g5FKvAjjEpa%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%224wWgPiyyzEuwVlWeKvAx%22,%22pid%22:%2222030222%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%22449301397e8e42a9922ea633e3eb3fda%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1d3dbd0871dfe485be19baf501bcbf814dc1d9085891322fe57b7f888e157121

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 105
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
737 B 36ms
36ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.149:80
AN-X-Request-Uuid: 691ac433-b639-495f-bdf1-4d7a74f0f57a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 48D7 33 B
564 B 162ms
161ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwNA%3D%3D&callback=adf__G8L3pIFrzLdiq3Yl5HlS

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4ed17c10d5ca2f5aff84036b1c9c2175d0b318fea3961192e3ddd5bc88937fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 157
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 113 B
447 B 1383ms
574ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=54f6df99caa7486ba63d0c3df54e7ba2&ufid=G8L3pIFrzLdiq3Yl5HlS&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__G8L3pIFrzLdiq3Yl5HlS&ref=ad.gab.ag&_=1613553031748&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 3cb18647de066cf7498ca0b85ceec700a1d83a86dedbf5c4f1c8610078cb7448

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 39ms
38ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame 48D7 105 B
318 B 67ms
38ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%22ql5H6bgaAsOWzbkHSNd0%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%22hWLRK1cpXD1SN6aLTPKu%22,%22pid%22:%2222033549%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%2254f6df99caa7486ba63d0c3df54e7ba2%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1ba0bb0b27b059155eb2a5b73ea84b0620e8bb3f5b4de0fbd3704eecd09676a3

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 105
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame 48D7 50 B
736 B 44ms
43ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:31 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.37:80
AN-X-Request-Uuid: 1cccd921-289a-426f-8869-c9904dc5329d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 48D7 33 B
565 B 148ms
148ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwMg%3D%3D&callback=adf__TV5NNAd2zZHAS1yZv4lg

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

351003ebc608952436fecb273fe98c3613627552a4936c0d2c4a00d50f7b73d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 158
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame 48D7 113 B
447 B 1154ms
355ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=449301397e8e42a9922ea633e3eb3fda&ufid=TV5NNAd2zZHAS1yZv4lg&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__TV5NNAd2zZHAS1yZv4lg&ref=ad.gab.ag&_=1613553031753&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 7e14b11cd31242714a7d9690c9c004717feba92347436e3ca0a685bf3bb52ec2

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 48D7 0
172 B 35ms
34ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame 48D7 105 B
318 B 64ms
38ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%22BG5bplJ0ekTnCSabrzdY%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%22J3sdAQoIukyP8uQ4JSM6%22,%22pid%22:%2222030222%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%22449301397e8e42a9922ea633e3eb3fda%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1ba73b0fe8df742616102519b0e072641e2fc47371bd848da870cf14da41435a

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:31 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 105
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 200
OK size4.css
mellowads.com/css/ Frame 8348 1 KB
1 KB 11ms
10ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size4.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21de9b90173dd3bd8c897b2c173617ffc15eed321a42b0f9c0b68dda34399ea5

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3444
Cf-Polished: origSize=1482
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da726600004eeb7486c000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"b5b87228f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e6030ad1e4eeb-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 8348 880 B
2 KB 10ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2005978
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da726600004ee61888c000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e6030a84e4ee6-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 40E58CE5A057.gif
banners.mellowads.com/ads/ Frame 8348 878 KB
878 KB 28ms
15ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/40E58CE5A057.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 923d2446e2d940a5f5b72a4482bef889a47a93804e460e32e76187d9dfa0abc9

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2502167
Cf-Polished: origSize=931948
Connection: keep-alive
Content-Length: 898651
cf-request-id: 0850da727300002c199ab94000000001
Last-Modified: Tue, 19 Jan 2021 06:00:46 GMT
Server: cloudflare
ETag: "179de26d28eed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e6030b9d12c19-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 9D7F 395 B
1 KB 11ms
10ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3233
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da72c000004eeb980c9000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e60313de54eeb-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 9D7F 880 B
2 KB 11ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 2005978
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da72c100004ee6dd0ec000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603139284ee6-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK CACB3CB80637.gif
banners.mellowads.com/ads/ Frame 9D7F 65 KB
65 KB 32ms
19ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/CACB3CB80637.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa232a21d87a8f414d57819642249d553cb2067cf6e182fe6e251933cf23b38

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:31 GMT
CF-Cache-Status: HIT
Age: 89915
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 66166
cf-request-id: 0850da72cf0000dffb302cb000000001
Last-Modified: Wed, 20 May 2020 12:13:46 GMT
Server: cloudflare
ETag: "731aa61ca02ed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:31 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e60314b7ddffb-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame 02F7
Redirect Chain

https://aws-fr-sync.bidswitch.net/sync?ssp=reklamstore&dsp_id=270&imp=1
https://ads.avads.net/sync/bsw?bidswitch_ssp_id=index&bidswitch_param=33c17b42-9fd5-4a53-89da-3c8319a20c95&gdpr=&gdpr_consent=
https://ads.avads.net/sync/bsw?bidswitch_ssp_id=index&bidswitch_param=33c17b42-9fd5-4a53-89da-3c8319a20c95&gdpr=&gdpr_consent=&av_tc=true
https://x.bidswitch.net/sync?dsp_id=352&user_id=21d56456-4031-414f-9d23-ab848e354374&expires=2&ssp=index&bsw_param=33c17b42-9fd5-4a53-89da-3c8319a20c95
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=33c17b42-9fd5-4a53-89da-3c8319a20c95
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=33c17b42-9fd5-4a53-89da-3c8319a20c95&C=1

43 B
1021 B

61ms
61ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=33c17b42-9fd5-4a53-89da-3c8319a20c95&C=1
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:32 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 17 Feb 2021 09:10:32 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:32 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=33c17b42-9fd5-4a53-89da-3c8319a20c95&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 295
Expires: Wed, 17 Feb 2021 09:10:32 GMT

GET
H2 200 creatives
sgreen.erne.co/ Frame 02F7 80 KB
80 KB 40ms
39ms Image
image/gif 94.23.73.243
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sgreen.erne.co/creatives?id=PkenkayyQWAo748iZaQT
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR),
Reverse DNS: ip243.ip-94-23-73.eu
Software: openresty /
Resource Hash: fb92a3f3c30a8f80649d36710014b8730708b21b053bfb9be73c1a9c7e274eb0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-credentials: true
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires: Tue, 02 Mar 2021 16:06:05 GMT

GET
H2

200

impressions
green.erne.co/ Frame 02F7
Redirect Chain

https://aws-fr.bidswitch.net/impf/0.1353/BSWhttps_A_B_Bgreen.erne.co_Bimpressions_Cid_RqjwjYWTZFaFwwrUunfljX5rA-xwr7ZBWdR6VmrTkJl-vlCDx4WC8vgiPX9kc__4kV_Jwp_R_I_WAUCTION__PRICE_X/KwSAM_RCqA_EO_d63s...
https://green.erne.co/impressions?id=qjwjYWTZFaFwwrUunfljX5rA-xwr7ZBWdR6VmrTkJl-vlCDx4WC8vgiPX9kc_4kV&wp=0.146356

35 B
266 B

40ms
39ms

Image
image/gif

94.23.73.243
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://green.erne.co/impressions?id=qjwjYWTZFaFwwrUunfljX5rA-xwr7ZBWdR6VmrTkJl-vlCDx4WC8vgiPX9kc_4kV&wp=0.146356

Requested by

Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

94.23.73.243 Lisbon, Portugal, ASN16276 (OVH, FR),

Reverse DNS

ip243.ip-94-23-73.eu

Software

openresty /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains;

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
server: openresty
content-type: image/gif
content-length: 35
strict-transport-security: max-age=0; includeSubDomains;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location: https://green.erne.co/impressions?id=qjwjYWTZFaFwwrUunfljX5rA-xwr7ZBWdR6VmrTkJl-vlCDx4WC8vgiPX9kc_4kV&wp=0.146356
date: Wed, 17 Feb 2021 09:10:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2 200 /
aws-fr.bidswitch.net/imp_s2s/0.1353/BSWhttp_A_B_Bgreen.erne.co_Bbidswitch_Bnotify_Cid_RqjwjYWTZFaFwwrUunfljX5rA-xwr7ZBWdR6VmrTkJl-vlCDx4WC8vgiPX9kc__4kV_Jwp_R_I_WAUCTION__PRICE_X/KwSAM_RCqA_EO_d63s... Frame 02F7 43 B
108 B 58ms
57ms Image
image/gif 35.157.168.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aws-fr.bidswitch.net/imp_s2s/0.1353/BSWhttp_A_B_Bgreen.erne.co_Bbidswitch_Bnotify_Cid_RqjwjYWTZFaFwwrUunfljX5rA-xwr7ZBWdR6VmrTkJl-vlCDx4WC8vgiPX9kc__4kV_Jwp_R_I_WAUCTION__PRICE_X/KwSAM_RCqA_EO_d63sGJ8tc1XSPLfVWbIiGMBmJ7oLwbuWcGpUHMGgBfEFikdSp52y6aXCEqcM_n3Tes-GpxXJyGN1tXRTszgvndSfRnaKGzko3543LaMZ8zK-8BUcG6_-Y_Lk-_wbGuYPaOXvIr09feBLR47fRuu4qC8Nky3Mo5ptOi7Wxiy0nZdnFFzr8FuPaUWTkzmu59yzX1ac4U1KUU7dUGFxNPi2_JEweZSsmKijcpiNFrlcv8Oc7EdXS4CyoeYfa5yWAQbliuPktixfLOutD8PgZXKkbUtriXseb4Lf6TFIecpuxmRPWvXRJewO-G5VIvQWvSoe61JueZ3Lndac3b7epUgz-c8x2EvmEyw6EnG9YmjZJExyIUwIKkajO5tEdgT7scpkImO9ZtPfEcKYjKJZWlZiiBbY3aP7ZekTofCjYmiOaU-_i5hBAcaOtPjfVofnmXuT4mSy6mlKFwKzP0X0hN7rq4ao3PkUttKWWsyPOmJk7f5K0bT2KAusIoOvGiS6y8ckjhidiolLSPvLasvaoYs7WYSXh6fFa3tiFDHTsayvL3dJq7xa2UDlI-BjQ83xdNeEe2EpVfQeGJCKREnD4h3KS_HjcACbqr2Q__8NdnrR2QZF1c1PuASX9qyjATTHus71lodb7Bl4eVEzNSPiQpXH2JrkdNzdGgikk4VKBqNylS8LSLX1fRvnyLZd9awH4E8Oazh70PVP9gUNpqgEeHLQKc6bVpINAw05aIa8K4k_7dzDCKcdbsQVQtJZgJAqTZbKH0dyXpP2Fsrb_JDybYXydFDoXaOWx76XeTGFo1A2Xd3cTZv6I0SbPpAhV0NiQngIQPkjr9xYTu6oyh9bjP6o-BGkGH6PiDX7RNRfN9QXtDrmI_0txEYwMGYsEgQbYs4koMDwklgFah7yH0JuG5rpCVorAjEJemfg/
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.168.25 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-168-25.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:31 GMT
content-length: 43
content-type: image/gif

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 48D7 2 KB
1 KB 31ms
31ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=192c020147d342b89b44892f054dc030&nai=&si=24908&pn=&h=90&w=728&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 5295
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6035ad5e10e7-CPH
content-length: 1146
cf-request-id: 0850da758c000010e7f7873000000001
expires: Wed, 17 Feb 2021 11:10:32 GMT

GET
H/1.1 200
OK rs-b.png
adimg.rekmob.com/logos/ Frame EDED 471 B
911 B 147ms
48ms Image
image/png 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/logos/rs-b.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df02aa33acd40ff99ac77551154f9fe7fd5a13dc1f782aac62ffb1a6a0f7f09c

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 03:50:08 GMT
Via: 1.1 eea0826c9064fc2d08f21b43b4a26011.cloudfront.net (CloudFront)
Last-Modified: Thu, 26 Jul 2018 10:20:15 GMT
Server: AmazonS3
Age: 29013
ETag: "5965d59f86a925e809f20a75e26c9d0c"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 471
X-Amz-Cf-Id: p5xLb37EMEBktVTCNaK1v1YfbPCLLOfTziXXiap2G7yNM6YYf6q4bg==

GET
H/1.1 200
OK 32d0e9c9c24a4599b7c35c17bf87e9ae
adimg.rekmob.com/ Frame EDED 42 KB
42 KB 159ms
55ms Image
image/jpeg 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/32d0e9c9c24a4599b7c35c17bf87e9ae
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 057f09a69601da3adc7b756b621f7b98e3b24b50ee89da83314bc45c4ef03ca4

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 05:02:25 GMT
Via: 1.1 3180232852f42d0e8ed2a6999ef03c93.cloudfront.net (CloudFront)
Last-Modified: Wed, 20 May 2020 15:53:13 GMT
Server: AmazonS3
Age: 15278
ETag: "1206c40415c3aa41e749ad6054d636b5"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 42678
X-Amz-Cf-Id: -2Hw12Swk90K8G8UGtkqM2L8uABm7_Yfavr8a0x9GAlf4dWz_kypuA==

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame EDED 2 B
179 B 1071ms
95ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=192c020147d342b89b44892f054dc030&udid=d425185fcfe54de3b744c18acd1e46ab&rid=NjAyY2RkODgwY2YyODdjZTlkZTY0ZDA1&adId=MTM2MA==
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 48D7 2 KB
1 KB 37ms
37ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=4eef9d94fb6d4baca35d78effe61c3a2&nai=&si=24908&pn=&h=90&w=728&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 5295
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e60367ed110e7-CPH
content-length: 1146
cf-request-id: 0850da760c000010e7b3315000000001
expires: Wed, 17 Feb 2021 11:10:32 GMT

GET
H/1.1 200
OK 32d0e9c9c24a4599b7c35c17bf87e9ae
adimg.rekmob.com/ Frame F6D0 42 KB
42 KB 76ms
53ms Image
image/jpeg 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/32d0e9c9c24a4599b7c35c17bf87e9ae
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 057f09a69601da3adc7b756b621f7b98e3b24b50ee89da83314bc45c4ef03ca4

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 05:02:25 GMT
Via: 1.1 eea0826c9064fc2d08f21b43b4a26011.cloudfront.net (CloudFront)
Last-Modified: Wed, 20 May 2020 15:53:13 GMT
Server: AmazonS3
Age: 15278
ETag: "1206c40415c3aa41e749ad6054d636b5"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 42678
X-Amz-Cf-Id: BLHNlySBxfa0d5ilKYncvRltxeZJbf7D3yYS0xMowkwzbFGvkYaEvg==

GET
H/1.1 200
OK rs-b.png
adimg.rekmob.com/logos/ Frame F6D0 471 B
911 B 112ms
50ms Image
image/png 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/logos/rs-b.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df02aa33acd40ff99ac77551154f9fe7fd5a13dc1f782aac62ffb1a6a0f7f09c

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 03:50:08 GMT
Via: 1.1 3180232852f42d0e8ed2a6999ef03c93.cloudfront.net (CloudFront)
Last-Modified: Thu, 26 Jul 2018 10:20:15 GMT
Server: AmazonS3
Age: 29013
ETag: "5965d59f86a925e809f20a75e26c9d0c"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 471
X-Amz-Cf-Id: DHc8uJfKc4lcZqHww_RNLYw68KdRGZ_gK79fig_pWF_sNEI_YLXEOw==

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame F6D0 2 B
179 B 967ms
88ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=4eef9d94fb6d4baca35d78effe61c3a2&udid=5301d81938914f37a8fc79b41a5b3360&rid=NjAyY2RkODgwY2YyOGI1OTkyYzc2MGM0&adId=MTM2MA==
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame 48D7 30 KB
24 KB 31ms
31ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1613553032712&ver1=2.2.3&qid=230383f5530383f5434353&rnd=fpgi4euq03zj&cid=544
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=192c020147d342b89b44892f054dc030&nai=&si=24908&pn=&h=90&w=728&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 1269
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6036bf3110e7-CPH
content-length: 23972
cf-request-id: 0850da7632000010e79f2d0000000001
expires: Wed, 17 Feb 2021 11:10:32 GMT

GET
H/1.1 200
OK 3e98d504e9b649c4b90348dbd73ebf0a
adimg.rekmob.com/ Frame CEB1 11 KB
11 KB 51ms
50ms Image
image/gif 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/3e98d504e9b649c4b90348dbd73ebf0a
Requested by: Host: www.votreimc.com
URL: https://www.votreimc.com/blue.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6c3a7af4b5c014cb9378457992e04ccacdde9e15d47cf21ada01d6b56bbc60ce

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 01:11:43 GMT
Via: 1.1 eea0826c9064fc2d08f21b43b4a26011.cloudfront.net (CloudFront)
Last-Modified: Thu, 21 May 2020 07:18:03 GMT
Server: AmazonS3
Age: 28773
ETag: "976f5c21a45780a23a87d284b8c8a7b6"
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 11039
X-Amz-Cf-Id: VHV4YmU6S8k5j0TU-ApnRvW7ZIKt4UsXEOn9ALlqYkIajLkhA2s3Xw==

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame 48D7 26 B
264 B 11ms
10ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1613553032927&rnd=fpgi4euq03zj&ifm=1&uai=1&cid=544&s=ad.gab.ag&p=12328&x=rekmob&adtg=192c020147d342b89b44892f054dc030&ats=0&atf=&nsi=&si=24908&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 3719
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6037eee92bca-FRA
content-length: 26
cf-request-id: 0850da76f000002bca78069000000001
expires: Wed, 17 Feb 2021 11:10:32 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame 48D7 26 B
113 B 13ms
12ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1613553032916127&ver=1.2r81&qid=230383f5530383f5434353&p=12328&s=ad.gab.ag&x=rekmob&cid=544&od1=&od2=&adtg=192c020147d342b89b44892f054dc030&nci=&nai=&si=24908&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=fpgi4euq03zj&impid=&tps=65&ver1=2.2.3&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&os=&mm=&di=&ip=82.102.20.235&ci=&pp=&bp=&w=728&h=90&pn=&1=2b5b962e41940d9b1130dd8e9cd94361&2=1.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=3&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=544&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=3&icpl=24&icp=http%253A//smartocom.com&irfl=22&irf=https%253A//ad.gab.ag/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-22-p-fl-5-s-fl-9-x-fl-6-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-32-nci-fl-0-nai-fl-0-si-fl-5-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-ua-fl-144-os-fl-0-mm-fl-0-di-fl-0-ip-fl-13-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-3-h-fl-2-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andMacIntel&adv=0&det=1&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=1200x1200&gpu=undefined&ncf=4g_9_undefined_null_0_undefined_false&fli=3429136985&flerr=0&trim=&fio=24
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 2886
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6037eeeb2bca-FRA
content-length: 26
cf-request-id: 0850da76f000002bca11af5000000001
expires: Wed, 17 Feb 2021 11:10:32 GMT

GET
H2 200 bootstrap.min.css
www.gab.ag/assets/components/bootstrap/css/ Frame EE11 152 KB
21 KB 31ms
30ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/bootstrap/css/bootstrap.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:21 GMT
server: cloudflare
age: 5292
etag: W/"5df12465-2606e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UmrObu9VPohDWpyOE11Q7E9uExu8uKFEgyNB7uvwaLRaiDdW6t5bgF1oj7a2lB0%2B0gPpgfVBT6s740xiLURnfT2m4zh5xqnLxr2nfIrXh9Wc0hCADPWG"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e6037f8b6fa78-AMS
cf-request-id: 0850da76fe0000fa7890326000000001

GET
H2 200 font-awesome.min.css
www.gab.ag/assets/components/font-awesome/css/ Frame EE11 30 KB
7 KB 32ms
31ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/font-awesome/css/font-awesome.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:38 GMT
server: cloudflare
age: 4426
etag: W/"5df12476-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eBYdMf7s7NX2f%2BGW%2BX9%2FK2KnXoOxjlDF4vvDP4dPHecNxy5oQ5dXWB4cVulRfspmCdzR0PLniShExrrZj81U5LkFKb2r9vr40UItuQdVgN7eQO7jKF95"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e6037f8b8fa78-AMS
cf-request-id: 0850da77000000fa7853ad7000000001

GET
H2 200 jquery.min.js Show response
www.gab.ag/assets/jquery/ Frame EE11 95 KB
32 KB 35ms
35ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jquery/jquery.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a69fb479b5382d113b7dd50923eeb1e743dfa6841500d28ab96b11a93f0abeea

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:11:33 GMT
server: cloudflare
age: 5266
etag: W/"59c687b5-17ba0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a1R%2F%2FJR6eW0hl9ODrxXc5l3TiGStwse1MTdxLJ47JtwGu3oTv8pBxwzKtEors4uNnMvme%2BMzHQ3OmrPalyGqwAaz5gg7hXo1TaGuqI5Cx5c2yCzeR%2BGa"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e6037f8befa78-AMS
cf-request-id: 0850da76fe0000fa78d10c0000000001

GET
H2 200 popper.min.js Show response
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ Frame EE11 21 KB
7 KB 11ms
5ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.gab.ag
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 641479
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 7510
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
x-served-by: cache-fra19125-FRA, cache-hhn4054-HHN
date: Wed, 17 Feb 2021 09:10:32 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/ Frame EE11 59 KB
16 KB 13ms
7ms Script
text/javascript 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.gab.ag
Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 28 Nov 2019 17:52:52 GMT
etag: "1574963572"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 15919

GET
H2 200 jquery-ui.min.js Show response
www.gab.ag/assets/jqueryui/ Frame EE11 248 KB
63 KB 46ms
40ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jqueryui/jquery-ui.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9852ccf03b383d1b3855c1983e18258fbdf07999ff77a68327ed0413466db4f2

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:11:37 GMT
server: cloudflare
age: 5266
etag: W/"59c687b9-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EuxQCRCFXUCqNQu1T5bWMxwC1OAARo5wSfsSveWX412nxOTUIBAtQ%2Faln9cjAG0wQrRH%2BOt0uqzNVTMP22p5KJzOM1nvPSdIsWvQQA8OryayMq3orWzP"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808e8fa78-AMS
cf-request-id: 0850da770a0000fa7849a8f000000001

GET
H2 200 evolutionscript.js Show response
www.gab.ag/assets/evolution/js/ Frame EE11 14 KB
4 KB 45ms
40ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/js/evolutionscript.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8be2a4d9b5c58396029b73f7f4786649bf20be679133cccf2130741f3786348d

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 16:39:08 GMT
server: cloudflare
age: 5233
etag: W/"5df11bac-37e5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ywFSU9xcqWpk%2FcsDDmBQj%2F8OsTEg1u5opl9a77SPH1nK58JcpobDD9%2Bga4ZcNLSncU%2FxTmGBc2mKOM%2BuEmNjySwqwvacAexKOy2dXsNOJ7hBFOTnqdux"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808ebfa78-AMS
cf-request-id: 0850da770c0000fa78f9ba4000000001

GET
H2 200 l2blockit.js Show response
www.gab.ag/assets/evolution/js/ Frame EE11 4 KB
1 KB 29ms
23ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/js/l2blockit.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ba57ba8c83b63763e70005c9b1840d8d7e8c71611969265aa5675aae93ead18

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 16:39:09 GMT
server: cloudflare
age: 5233
etag: W/"5df11bad-f2d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eyWl0ojYmLMnF4YUWpMBAVKK8xGo6a%2B6d5pGJ%2B%2BBUZxMzX2aCef7rcIG3zGqvR1VvAzEa72RBrIWSfBRwq4xlkq50WmzrP%2FTANzmQ4WaJTYld0kNUc84"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808ecfa78-AMS
cf-request-id: 0850da77090000fa78ebaab000000001

GET
H2 200 bootstrap.bundle.min.js Show response
www.gab.ag/assets/components/bootstrap/js/ Frame EE11 77 KB
21 KB 42ms
36ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/bootstrap/js/bootstrap.bundle.min.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:30 GMT
server: cloudflare
age: 5266
etag: W/"5df1246e-1332b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=F6T4SM6yb4sZpgeC0h2rem%2F%2BvD%2B8Dk5L7IllaS8dVSfnQSgaJRZ9yIQ6ng%2BDVXkIbvFSU6JOuZK5HeeO21N5ujX75QqOuq45DrjTxtuX0MWm7mLvufGN"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808effa78-AMS
cf-request-id: 0850da770a0000fa78ed1da000000001

GET
H2 200 sdmenu.js Show response
www.gab.ag/assets/evolution/css/33brushes-styles/js/ Frame EE11 4 KB
1 KB 59ms
54ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/js/sdmenu.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9342eaeb6d2acb526ecb319ddbe84a493bd115040df5be3c83ec88ff3e337dde

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:02:15 GMT
server: cloudflare
age: 4492
etag: W/"59f0c397-e20"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=o2IUnJJOs0mLhXXfBESoh3rUlztv%2F%2BPyi3SDUVlF0VxIvh6ywOhUjZFq%2BBloGRXoVF4ER7lU4cTet8AoVcyKO9QBMSL6sz%2B6tsIpVMjJwyhvc6bs1m7j"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808f0fa78-AMS
cf-request-id: 0850da770a0000fa78012d4000000001

GET
H2 200 jquery-ui.min.css
www.gab.ag/assets/jqueryui/css/ Frame EE11 31 KB
7 KB 42ms
38ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/jqueryui/css/jquery-ui.min.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efaaa09c3b1e7b374e13123fe496ba19e53ac74386fa136d09fdb34701c76755

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:14:26 GMT
server: cloudflare
age: 5249
etag: W/"59c68862-7b5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fBKit5REtnyZUNkriZQxdgAavNM%2Bh8s5aRmihFJb0Rr%2F%2FwjulBDLshWS7CLmUgqJb645fIZlG0fJfPgKvSE1VxSH18NaK2%2BR7bX9%2Fh9lCFQus2vUOABN"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808dcfa78-AMS
cf-request-id: 0850da77060000fa78e0225000000001

GET
H2 200 global.css
www.gab.ag/assets/evolution/css/ Frame EE11 21 KB
5 KB 28ms
24ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/global.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ae20896f1fa269e4a066a4f15cb0d0c0263c78f1bc3f69caacaa5e15f66aea0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 Dec 2019 20:27:25 GMT
server: cloudflare
age: 5249
etag: W/"5df93a2d-55e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6q8acaKbX%2BbxsGrfjne3psQGXaHmSg0t%2Fb8f4Xfj576ioynWMYR%2FUsdws5FFuONaXVyMXuhYgvm1mc6RVpdH1k3H3AMpJLvGyn4Sun1AneQRyuVdteno"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808ddfa78-AMS
cf-request-id: 0850da77070000fa784a3d1000000001

GET
H2 200 site.css
www.gab.ag/assets/evolution/css/ Frame EE11 25 KB
6 KB 36ms
32ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/site.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae757987affdde9f2411be14b4cd5f17a0ad6eaa744e9f7ecca8338466055bbc

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 17 Dec 2019 20:22:00 GMT
server: cloudflare
age: 4801
etag: W/"5df938e8-62c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=T2nRcCoIkHsava9czRjo8pUY3E4rnCcj7l1zybi%2BUvBXegmQrhHP%2FBlLxlVXUT3OsyiHn5royiUknjt%2FlrR5%2BTbkFp23O20wwXXN1JZRqT4BxEiesMCG"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808e0fa78-AMS
cf-request-id: 0850da77070000fa78cf2d6000000001

GET
H2 200 core.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame EE11 43 KB
7 KB 29ms
25ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/core.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd62e8a4e85eae2ab9c3143ffb85ec24428af4b98b2df89e75903ea7bc33493f

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 13 Dec 2019 20:45:01 GMT
server: cloudflare
age: 4418
etag: W/"5df3f84d-ac4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oGc4sH5sz%2F%2FA9AE5hwF5oc0HblAwnU%2F7Ua2dVHkv5ihgxvvdTT6zVF3D%2FDkvTOgfbL%2F4uT1r39vmL8Qf%2FdFoQ2NMUdl73s3JfHy77WgueG%2BnV6u6ZA24"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808e1fa78-AMS
cf-request-id: 0850da77070000fa78ff2b4000000001

GET
H2 200 33brushes-custom.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame EE11 114 KB
18 KB 38ms
34ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b1376c0b817203f501f2be50a8bc4ca8b67e4e069f3dbd7775eaa7ef9b65c77

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 19 Dec 2019 07:07:51 GMT
server: cloudflare
age: 5249
etag: W/"5dfb21c7-1c74a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sqLBb64effx2kY1t0pWp1jKY29ccWV8r3sadd8ZGur6YhlAKgrlKTbgMgpieuSVYvGUmnejuE1085qhbQpwaFEBkEFAw%2FKX%2BMl5PqPLjA%2BxvSMJdyIK3"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808e2fa78-AMS
cf-request-id: 0850da77080000fa785ea6b000000001

GET
H2 200 cus-icons.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame EE11 36 KB
5 KB 29ms
26ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/cus-icons.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c00d3d5af73123689b9baf2b54f0f7a08ec93f68cd6c15c61dbae8ebb7db90e

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:01:46 GMT
server: cloudflare
age: 5249
etag: W/"59f0c37a-91ef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BLZIL8iZGaG5lrxSoIjFzBS9eZ5JVOgvkonMap0lmYBAoBuKjSVGOmGHQtP18fvnjifCA51IK2Qv6QbB%2Fb9m3H06dIRO1TmTZv4Ig1SjhXm4e%2FzusHiU"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808e5fa78-AMS
cf-request-id: 0850da77080000fa78ebaaa000000001

GET
H2 200 sdmenu.css
www.gab.ag/assets/evolution/css/33brushes-styles/css/ Frame EE11 2 KB
1 KB 25ms
22ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/sdmenu.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5f0aaeb1391bc2af45ecc74f7db25f1bb39a5fa82c7e721c3118d2273725291

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:32 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 25 Oct 2017 17:01:43 GMT
server: cloudflare
age: 5249
etag: W/"59f0c377-8f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eWE5IC%2FM03ndUtBGybF1gyjcXVWxOsUtPqelscqHcHi%2Fz9IeL8VxjoiUTUqQPdf1of1xv54HabIARCnWpUDuYhB2iSbCaee%2FrhPNDENcGK7MxeZWM9ci"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e603808e7fa78-AMS
cf-request-id: 0850da77080000fa78e4965000000001

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame EE11 6 KB
759 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d67ca5d28f1dd6fc58ae8f8ab79b70755b30a52eb04572a6df8e50869ff748e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:44:35 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:32 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame EE11 1 KB
474 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans+Caption

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

99af12e0514caeb32e89a80b5b8d20ab522738fe78ad369e149f33d32f5a0bdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 09:01:57 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:32 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame EE11 9 KB
775 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

340fb3e379311ed1ceadf7dd53577a337b47d6b1fc52a003ec959bb46cd004b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 07:42:16 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:32 GMT

GET
H/1.1 200
OK 3959740.gif
s4is.histats.com/stats/i/ Frame EE11 2 KB
2 KB 397ms
121ms Image
image/png 198.27.80.143
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s4is.histats.com/stats/i/3959740.gif?3959740&103
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.27.80.143 , Canada, ASN16276 (OVH, FR),
Reverse DNS: ns558056.ip-198-27-80.net
Software: /
Resource Hash: 09e16b81d4ce72ba41f4cc2a0c0eb4e07caae3a050630e0e8dfd24571ca5bd1a

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Connection: close
ETag: 696208251
Content-Length: 2253
Content-Type: image/png

GET
H2 200 969200 Show response
adhitzads.com/ Frame EE11 447 B
729 B 97ms
97ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/969200
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fb0956632beb2db3c5099d6000ac4875a7373695db584327aa079b582e838da

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bBKTYh3Vhy4DrwEwi7Me6bwE3AcMQUuggXaOQnqBJ0Bx1gHp4eDSh5ucCo8IpS5tx6x8wWja24CLEyo5sTJIPdbqg7v6PX14ADIMQrFw"}],"max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 622e6038bc667373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da7770000073738d343000000001
expires: Wed, 17 Feb 2021 10:10:33 GMT

GET
H2 200 1047672 Show response
adhitzads.com/ Frame EE11 448 B
588 B 70ms
70ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/1047672
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd4d63ec221017a4be24d2194abe9188f300b98946f29a1e2ddb0e7ce64e374

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=l%2FzW679nCMbBPuPsu63Dc4xwgdIABdJM2S51jDdAKruKz7AR3x8LFvMPDbNZaDqJN%2BXxp6MgUsBXUzvfODcvNUhEXyO%2B%2F6PjOIU9%2FkVR"}],"max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 622e6038dcc47373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da778c000073735f113000000001
expires: Wed, 17 Feb 2021 10:10:33 GMT

GET
H2 200 uGtr2LB.png
i.imgur.com/ Frame EE11 184 B
283 B 72ms
33ms Image
image/png 151.101.12.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/uGtr2LB.png

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d0db53c29f47ea31122d7c6b88a22220ca50ce9a298abea4471d36f76d26b8cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
x-content-type-options: nosniff
age: 1737754
x-cache: HIT, HIT
content-length: 184
x-served-by: cache-bwi5124-BWI, cache-fra19144-FRA
last-modified: Wed, 01 May 2019 01:25:45 GMT
server: cat factory 1.0
x-timer: S1613553033.181505,VS0,VE0
etag: "07b3d6c272c58faaa685ec68acd61b3c"
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 12

GET
H2 200 reklamstore.js Show response
adserver.reklamstore.com/ Frame EE11 98 KB
30 KB 52ms
14ms Script
application/javascript 2600:9000:2127:1000:1c:4bbb:9180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver.reklamstore.com/reklamstore.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:1000:1c:4bbb:9180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 68284b54549982043696b0843c2d605a99815785311b379a91d4b8ad2ea721e1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 05:08:44 GMT
content-encoding: gzip
last-modified: Thu, 22 Oct 2020 13:59:17 GMT
server: AmazonS3
age: 52511
etag: "a161b7159234f83f289cea8299395d87"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f18b0bd4a5b62e5fb49428cc4789689f.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
content-length: 30217
x-amz-cf-id: sm4dx0gdSjOzGrCbszNcs9RF6WCNBEE9Zgy75Fc-TMVtUijU-cvaUw==

GET
H2 200 969390 Show response
adhitzads.com/ Frame EE11 447 B
823 B 136ms
96ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://adhitzads.com/969390
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f5e5250f5e145b8941a549bd962a93b3ba45c55868cb13e9e439fd2f02a5763

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zpOnvu%2FYv%2BINvfTZZhJxq2ZD1Y1j58ttQIGQPA95tWUnoKcyLq5eZNB6RjTpw5BAjRfvjid1bdjtCZFWcIOHhCbFvbdUtXPQ2m3m3%2BDf"}],"max_age":604800}
content-type: text/html
cache-control: max-age=3600, public
cf-ray: 622e60395d667373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da77d30000737360244000000001
expires: Wed, 17 Feb 2021 10:10:33 GMT

GET
H2 200 jquery.blockUI.js Show response
www.gab.ag/assets/components/blockui/ Frame EE11 19 KB
6 KB 74ms
34ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/blockui/jquery.blockUI.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a106b0f8926e51c250f5055831c1673f12020d3fa1bfcfa4bb14f614dcd31a17

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:05 GMT
server: cloudflare
age: 5195
etag: W/"5df12455-4dfe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YLlXDm6HS2AkDTwTwIRZE1gJ1gS4TwFE00HGNOtobQf60XDKnJgby%2FtkgIHt83JdIb2cjoQpui1xZXBIq1GApuuaeETZFPIWKTz53P25i0Na1uaOfXfL"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e60394ca9fa78-AMS
cf-request-id: 0850da77d20000fa78c30f9000000001

GET
H2 200 ajaxSubmit.js Show response
www.gab.ag/assets/components/ajax_form/ Frame EE11 2 KB
821 B 66ms
27ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/ajaxSubmit.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3474f9e42f470faef4db25d456e1370e9cdacef7deab620d90362e86f2d933e

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:03 GMT
server: cloudflare
age: 2427
etag: W/"5df12453-77a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2DaV4qjGCtubmDrryFI0DhEtCqdGdum6JojYLMME23Z%2BdJqelDj3kW5EIIhD20j2Uug3xcfPJiPBjey13EZOqRtBltOmhAs%2FkHjMQBfxz6fdtmiimetg"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e60394caffa78-AMS
cf-request-id: 0850da77d50000fa78489ef000000001

GET
H2 200 alerts.js Show response
www.gab.ag/assets/components/ajax_form/ Frame EE11 1 KB
799 B 64ms
24ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/alerts.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6491f4fd82597aa8a54e50b21a3d98427153039ad0dbc6bd99639a77e90cade2

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 11 Dec 2019 17:16:03 GMT
server: cloudflare
age: 5265
etag: W/"5df12453-497"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tffnLiV0AS5AH8v8JNM2wH2ovNb2LOoc%2BkHoEa0DVpr5nyPQXEX07tsrxzY3aC%2Fp5ohQrWU77ah4zHUs%2FezI8IyBKR8yoIp80IkYZ3H5ohVQ%2B84lzdTY"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e60394cb1fa78-AMS
cf-request-id: 0850da77d30000fa78db9bd000000001

GET
H2 200 forms.js Show response
www.gab.ag/assets/components/ajax_form/ Frame EE11 4 KB
1 KB 68ms
29ms Script
application/javascript 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/components/ajax_form/forms.js
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcca172fb8956a6cb32cc2e0938b4658afc275ddabe650e890cfdd13924c9d44

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Jul 2020 23:29:29 GMT
server: cloudflare
age: 2310
etag: W/"5f1f6359-10bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2tS03rf6AiPBKXA4EXlO09QuHmxDzcNOSmYAkzy7MZ0lOdGiMlzm7Iiz8s19xQatM26x1wCdgEpPl9gBTe4i0qLhLpScV6cLKPgS2bHRKbxSSIiLQylM"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e60394cb5fa78-AMS
cf-request-id: 0850da77d60000fa78570fe000000001

GET
H2 200 uicons.css
www.gab.ag/assets/evolution/css/ Frame EE11 71 KB
8 KB 28ms
27ms Stylesheet
text/css 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gab.ag/assets/evolution/css/uicons.css
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/global.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b3e012f4506ee657c139ef677a5b5e8ce4504655cb7ac403a2cfe6e5a1af425

Request headers

Referer: https://www.gab.ag/assets/evolution/css/global.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 23 Sep 2017 16:13:32 GMT
server: cloudflare
age: 4799
etag: W/"59c6882c-11cf1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BCfS0IYi%2FEPocdbdmuM7%2FEdke7UtFXAe%2BG%2FmETnZZNEjIxEfT2ci7AibBWcz1zGWXXjCAv1ZBaIQBgvo437t%2FronI3KVOly6cZN1f8%2FxPFuAyZdUlNzc"}],"max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 622e6038db70fa78-AMS
cf-request-id: 0850da778a0000fa7859035000000001

GET
H3-Q050 200 ga.js Show response
ssl.google-analytics.com/ Frame EE11 45 KB
17 KB 67ms
15ms Script
text/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 2690
date: Wed, 17 Feb 2021 08:25:43 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 17 Feb 2021 10:25:43 GMT

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame 748E 2 KB
2 KB 251ms
248ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5546c183e355c20fc43d9dc4f2efef743f89ea7ca52381b726e3a3ca63423733

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d06a775a052dabfd3673b18bf0207be3a1613553033; expires=Fri, 19-Mar-21 09:10:33 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:44 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da77cd00004ee6fa13a000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e60394d164ee6-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK 860840 Show response
ad.a-ads.com/ Frame 17E2 6 KB
2 KB 151ms
50ms Document
text/html 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/860840?size=468x60

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) / Phusion Passenger

Resource Hash

c104d4dd4fca73a733a75ee20a3b166f6cdd55adb1a17e444b5e9a0be1e7444e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: ad.a-ads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding Accept-Encoding
Status: 200 OK
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger
X-Original-Referer: https://www.gab.ag/index.php?view=register
Content-Encoding: gzip

GET
H2 200 wrapper.jpg
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame EE11 77 KB
78 KB 49ms
49ms Image
image/jpeg 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/wrapper.jpg
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19f8b06b5a73ee52551631b6c30b25218eb9efcb2cbb5e1b8818de7accff1f62

Request headers

Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4944
content-length: 79061
cf-request-id: 0850da77e10000fa787ea5d000000001
last-modified: Wed, 25 Oct 2017 17:01:53 GMT
server: cloudflare
etag: "59f0c381-134d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=y4Mfocy4b9Zph1Fj9UIIMY1g0Z5xNw8ZQkOlJ%2FeVG6hVaYYaErpvuxLHw2QPBKshat%2F1CwJQqzcxdNc6beH7%2Brq5k8On%2FdgiMtEhktUN9ldO%2F2kFyKzf"}],"max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e60396cfefa78-AMS
cf-bgj: h2pri

GET
H2 200 logo.png
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame EE11 19 KB
19 KB 25ms
25ms Image
image/png 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/logo.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d2f44d1c5763fd34f43813d77acf6a6ff6a96b5443450331321645866c425b4

Request headers

Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2369
content-length: 18944
cf-request-id: 0850da77e20000fa78039e0000000001
last-modified: Wed, 25 Oct 2017 17:02:06 GMT
server: cloudflare
etag: "59f0c38e-4a00"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=b2T8syIQCLKM7LZFdgZaPlnU4Wjuhu4XX0yEBk0N3BQxgKcP0%2Fattse1lBgkaKLaC%2BHFYs3NaGwfj1Ka2qkMVMw6AzYhubF%2BamDjI8BhgBbWr2r3mFee"}],"max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e60396d03fa78-AMS

GET
H3-Q050 200 0FlMVP6Hrxmt7-fsUFhlFXNIlpcaeg_xYS2ixw.woff2
fonts.gstatic.com/s/ptsanscaption/v13/ Frame EE11 12 KB
12 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsanscaption/v13/0FlMVP6Hrxmt7-fsUFhlFXNIlpcaeg_xYS2ixw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans+Caption

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e952b8b937351217f10dc03717caeb974450135f3cb704f114177e617149731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=PT+Sans+Caption
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:50 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Sep 2020 05:26:03 GMT
server: sffe
age: 98143
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11808
x-xss-protection: 0
expires: Wed, 16 Feb 2022 05:54:50 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame EE11 9 KB
9 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 146720
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:13 GMT

GET
H3-Q050 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ Frame EE11 9 KB
9 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 15 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 146732
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 15 Feb 2022 16:25:01 GMT

GET
H2 200 / Show response
p3.adhitzads.com/ Frame EE11 0
286 B 75ms
75ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=969200&p=570011371&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=1
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/969200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sXujYJBfzrO2xNtGsIUvVC3ngNPbSdnGT6qsm2MvorV4QCNPwMFKlmFpNe35ZFbOhRcbOFePW0vkZoOmTo4G%2FCg6JVRkE%2ByuCiOeVoS7dn42"}],"max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 622e60397d8e7373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da77eb00007373bdab2000000001

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame C382 2 KB
2 KB 249ms
248ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bab98efbfb1bc6ee954e890f5fd3824b75de86767e034d346a575948ee3c4551

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d608a400969a5d97c1a7676100ddcc50f1613553033; expires=Fri, 19-Mar-21 09:10:33 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:47 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da783000004eeb858eb000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e6039eab74eeb-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame 7DA4 2 KB
2 KB 255ms
254ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80d001812d146d19d81abebad7f0bc4a2a7e6ba20a27ec771afca7f3991996e8

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d96cfa027c08c83631698e621ade0b17e1613553033; expires=Fri, 19-Mar-21 09:10:33 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:01 GMT; path=/
Cache-Control: private
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da78320000dfcb01354000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e6039ef3ddfcb-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame A490 2 KB
2 KB 253ms
252ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7c9b3575eda236ca15af90d017a92c4c130b216b99204991fc7e3b06c5b83a8

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d105038bbf8b834a7628288bcb5b6f2831613553033; expires=Fri, 19-Mar-21 09:10:33 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:47 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da783400002b12813b5000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e6039ecc22b12-FRA
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set B8AE533AA3BB Show response
mellowads.com/view/ Frame 81CE 3 KB
2 KB 248ms
248ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/B8AE533AA3BB
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 025336816b0648a0ba03d3340f5a71a71477a480525f015c5e6a1c5b8631741c

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d77f939a0bc58c14e05ce8e6655ab025d1613553033; expires=Fri, 19-Mar-21 09:10:33 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:44 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da783400004a621289f000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e6039ea474a62-FRA
Content-Encoding: gzip

GET
H2 200 / Show response
p3.adhitzads.com/ Frame EE11 0
286 B 71ms
70ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=1047672&p=570011371&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=2
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/1047672
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=S5HYBIX9YQQh7tHYUz8pVzR2YS0%2B7p%2BC4IJZ9WL0ec6Z6lx4k9QmOet3odRCioL6VNfak7dHx4rS8Z4b2YXM0F8BUNwbCY44MxzzLeC9Rm5x"}],"max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 622e6039fe527373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da783c0000737386387000000001

GET
H/1.1 200
OK 468x60
static.a-ads.com/a-ads-banners/138836/ Frame 17E2 20 KB
20 KB 160ms
90ms Image
image/gif 85.10.201.130
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/138836/468x60?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/860840?size=468x60
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.10.201.130 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.85-10-201-130.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e21f0dd243a247092689dcc3e645302d273baba75682cb71cd262af135ff125d

Request headers

Referer: https://ad.a-ads.com/860840?size=468x60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Last-Modified: Tue, 16 Feb 2021 09:33:57 GMT
Server: nginx/1.14.0 (Ubuntu)
x-amz-request-id: 213D5EAEC4A66C5D
ETag: "dd4f6dfafa0eccd5728f29d4392bc517"
Content-Type: image/gif
Cache-Control: max-age=315360000
Content-Length: 20365
Connection: keep-alive
Accept-Ranges: bytes
x-amz-version-id: null
x-amz-id-2: U3KoBAgjKqkjiLsjGeqd/dqWjNeRZe7fiCQ03B+dFb5YINGuEGbwixY9gJk9kRGhhOYzfisSciI=
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 17E2 305 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95347f5a02237a0ff92fc87be7ad78f0fb44eebc125ffb61edc17da98a6d23d7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK Cookie set B8AE533AA3BB Show response
mellowads.com/view/ Frame 7408 2 KB
2 KB 253ms
253ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/B8AE533AA3BB
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b51d2c2883fe4ccd5147aec71170aa1a6af6ecf3411e530263e0bce6c5212da4

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dcff36963a297954c1fe50b0fe21882c11613553033; expires=Fri, 19-Mar-21 09:10:33 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:35 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da78940000c26de499e000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e603a8b3cc26d-FRA
Content-Encoding: gzip

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ Frame EE11 114 KB
37 KB 28ms
27ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.js
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6e2f7e4abb0af99fe128f3e943c469d74d97cd446ff9395ef51fe068ed799209

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
last-modified: Thu, 04 Feb 2021 10:56:36 GMT
server: nginx
etag: W/"601bd2e4-1c8de"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Thu, 18 Feb 2021 09:10:33 GMT

GET
H/1.1

200
OK

pix
ads.rekmob.com/retarget/ Frame EE11
Redirect Chain

https://x.bidswitch.net/sync?ssp=reklamstore
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dreklamstore%26bsw_pa...
https://x.bidswitch.net/sync?dsp_id=354&user_id=1b644fb7a39747d4a577ebd78727a785&ssp=reklamstore&bsw_param=33c17b42-9fd5-4a53-89da-3c8319a20c95&gdpr=&consent=&gdpr_pd=
https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1

35 B
403 B

140ms
41ms

Image
image/gif

146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Server: nginx/1.9.6
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

Redirect headers

location: //ads.rekmob.com/retarget/pix?id=bs&cv=33c17b42-9fd5-4a53-89da-3c8319a20c95&d=1
date: Wed, 17 Feb 2021 09:10:33 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 320 B
621 B 128ms
32ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=553524
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5d11062cd88e10df6300906ea84a8d9f1a6f50abbbfac1f8cbff780a9e03d3fb

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H3-Q050 200 gtm.js Show response
www.googletagmanager.com/ Frame EE11 77 KB
31 KB 32ms
32ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NCM67V&l=rsdataLayer

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5b1bca0339795fb13d3860e512e0b0ddb007dd0503777af675d76542bfa3e6b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31257
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:33 GMT

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 320 B
620 B 133ms
39ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=555005
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: fb5206f20d403c410fc0e7b8389f3b3f7c3c133fff514917b682ee5a72521d65

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 320 B
621 B 168ms
43ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=553524
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5d11062cd88e10df6300906ea84a8d9f1a6f50abbbfac1f8cbff780a9e03d3fb

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 320 B
620 B 188ms
58ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=555005
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: fb5206f20d403c410fc0e7b8389f3b3f7c3c133fff514917b682ee5a72521d65

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H2 200 / Show response
p3.adhitzads.com/ Frame EE11 0
323 B 87ms
87ms Script
text/html 172.67.220.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://p3.adhitzads.com/?z=969390&p=570011371&l=https%3A//www.gab.ag/index.php%3Fview%3Dregister&r=https%3A//ad.gab.ag/&c=3
Requested by: Host: adhitzads.com
URL: https://adhitzads.com/969390
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.220.145 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/5.6.40
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
x-powered-by: PHP/5.6.40
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=b94llHyvEm7f44Op0YsMlAKo9yze0YG6t0oWerYVOJiO4PLJVUTkDjkQdCi4%2FWG2WMnWVffFshTCKQ0TI%2FQJ8Qu83wgxPBhiYG8hRxswyA2K"}],"max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 622e603aaf537373-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da78a5000073736db70000000001

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 348 B
631 B 128ms
34ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=549123
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5277aeefb207b8d1e25c3bc37c8c946785a3088c3d9e1c971f81aabed177ec35

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 348 B
630 B 126ms
32ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=546313
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 823168087d0cc0af232d6f135f1770d5e946d22d32cfc26dbdbc4e2ae5658fc9

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 348 B
630 B 192ms
67ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=546313
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 823168087d0cc0af232d6f135f1770d5e946d22d32cfc26dbdbc4e2ae5658fc9

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK / Show response
ads.rekmob.com/m/props/ Frame EE11 348 B
631 B 192ms
67ms XHR
application/json 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/props/?regionId=549123
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 5277aeefb207b8d1e25c3bc37c8c946785a3088c3d9e1c971f81aabed177ec35

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:58 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Access-Control-Allow-Methods: *
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Code
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type,X-Code

GET
H/1.1 200
OK Cookie set A860A4556C60 Show response
mellowads.com/view/ Frame DEA6 2 KB
2 KB 290ms
289ms Document
text/html 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/view/A860A4556C60
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca07d46d633fca5282e9e8aa7a621eb0ccd3fd3a6c0cecd4de6263221c15f03b

Request headers

Host: mellowads.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d06a775a052dabfd3673b18bf0207be3a1613553033; expires=Fri, 19-Mar-21 09:10:33 GMT; path=/; domain=.mellowads.com; HttpOnly; SameSite=Lax user=referrer=; expires=Tue, 18-May-2021 08:10:35 GMT; path=/
Cache-Control: private
Vary: Accept-Encoding
X-AspNet-Version: 4.0.30319
CF-Cache-Status: DYNAMIC
cf-request-id: 0850da790100004ee606b1c000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 622e603b3fc34ee6-FRA
Content-Encoding: gzip

GET
H2 200 footer-logo.png
www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/ Frame EE11 16 KB
17 KB 32ms
32ms Image
image/png 2606:4700:20::ac43:4526
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/custom_images/footer-logo.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4526 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49bade0723ecad1f86952be492a23c03f449966f68f03021cece8101f41f06ae

Request headers

Referer: https://www.gab.ag/assets/evolution/css/33brushes-styles/css/33brushes-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:33 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 2842
content-length: 16664
cf-request-id: 0850da79080000fa78ebae9000000001
last-modified: Wed, 25 Oct 2017 17:01:55 GMT
server: cloudflare
etag: "59f0c383-4118"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dKwxdlsFLlkxqjTu7dRv1a%2FJHhxyHl5Ee%2F%2FmssETKV5U2wbQx8lY3sOL32QggO3KyAzddwo5i7dpkBeBRxjiz9hx32XDXmUgoTJD%2B077x7JUUVM9cezO"}],"max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e603b493bfa78-AMS

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 725E 0
150 B 14ms
13ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=smartocom.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=smartocom.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.gab.ag/index.php?view=register
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1657
date: Wed, 17 Feb 2021 09:10:33 GMT
content-length: 0

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 748E 395 B
1 KB 23ms
9ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3235
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da792a00004eeb76a77000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e603b7ce64eeb-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 748E 880 B
2 KB 27ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 2005980
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da792d00004a62153fe000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603b7c504a62-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK DE3FD06D15B4.jpg
banners.mellowads.com/ads/ Frame 748E 13 KB
14 KB 27ms
12ms Image
image/jpeg 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/DE3FD06D15B4.jpg
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96b4b34f529abf4fe158ab45fb2b5ed69203690e69128792c55d7568add5e998

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 41602
Cf-Polished: origSize=15797
Connection: keep-alive
Content-Length: 13757
cf-request-id: 0850da792b000005d4a4b74000000001
Last-Modified: Sat, 23 May 2020 21:01:34 GMT
Server: cloudflare
ETag: "a472b3574531d61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/jpeg
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603b796405d4-FRA
Cf-Bgj: imgq:100,h2pri

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
736 B 97ms
32ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.36:80
AN-X-Request-Uuid: b3ed6c13-ff8f-49e8-8f12-2331a21c61a0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
564 B 51ms
50ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__MftzZ17KcPVIV4RJtinh

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8823f65aa27c38dc4dc4517adca11ac4465c8673d3b18812c268cbcaffea0d08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 158
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 4 KB
2 KB 4161ms
3921ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=192c020147d342b89b44892f054dc030&ufid=MftzZ17KcPVIV4RJtinh&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__MftzZ17KcPVIV4RJtinh&ref=ad.gab.ag&_=1613553033513&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e09b74fe648e6c9459eb9d24abfe9372399ea7bd86b3abf4027cef02b5380679

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:40:02 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 44ms
43ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
736 B 142ms
76ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.81:80
AN-X-Request-Uuid: b4fdcd78-7378-44b1-8145-88c88973fbff
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
565 B 81ms
77ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDExMQ%3D%3D&callback=adf__BpKmPO6KDpxq5U3vf5L2

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c1db1808260509ca3f6dc2a629457a39fa06848aec964ad67d7d29d0c2571575

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 159
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 113 B
447 B 632ms
394ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=4eef9d94fb6d4baca35d78effe61c3a2&ufid=BpKmPO6KDpxq5U3vf5L2&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__BpKmPO6KDpxq5U3vf5L2&ref=ad.gab.ag&_=1613553033518&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 7dd3bc454bd9a20c1bad923592ac7cd9ca6737108ab52d1a2d15ae7b36c34580

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 39ms
36ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
737 B 101ms
73ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.154:80
AN-X-Request-Uuid: 90f8345b-3201-4334-b52a-655e856a637d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
562 B 78ms
77ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwOQ%3D%3D&callback=adf__m3ewQhM3tbLhnkE3oN3q

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9578ed7798c0bc0476a50ebfe7cac6f20110857e04d052342c216ea2146a69ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 156
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 113 B
447 B 597ms
379ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=192c020147d342b89b44892f054dc030&ufid=m3ewQhM3tbLhnkE3oN3q&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__m3ewQhM3tbLhnkE3oN3q&ref=ad.gab.ag&_=1613553033583&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: cd569f60514ca9563a8a0d8b213a9e30a9b4bf3fdc23f420e6e0603c926983f0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 75ms
74ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
735 B 120ms
35ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.7:80
AN-X-Request-Uuid: 83f4e3fb-faa5-4595-9cbf-66a9147c66fa
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
562 B 176ms
175ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDExMQ%3D%3D&callback=adf__My8fmkhRhs66mnomGMg6

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a47bc09910e56f79bfe702abd29a7b124e1ebcc7774b8de25092db36a6720707

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 156
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 4 KB
2 KB 1171ms
905ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=4eef9d94fb6d4baca35d78effe61c3a2&ufid=My8fmkhRhs66mnomGMg6&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__My8fmkhRhs66mnomGMg6&ref=ad.gab.ag&_=1613553033585&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: c8aee0bea79fec4d911f7f32642e09a353f049caa047d02388831c0c54ec62cb

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 73ms
73ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame C382 395 B
1 KB 12ms
11ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3235
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da797800004a62d7bcc000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e603bfce94a62-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame C382 880 B
2 KB 12ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 2005980
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da797900004eeb7807e000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603bfd944eeb-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 7D7513AE8153.gif
banners.mellowads.com/ads/ Frame C382 100 KB
100 KB 26ms
11ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/7D7513AE8153.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e0f2192f147f2354360b40a61af53ce95d8dbcead8e4740654ba8bc7c483fe2

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 12828
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 102075
cf-request-id: 0850da798700004e8c153e4000000001
Last-Modified: Mon, 18 May 2020 20:17:18 GMT
Server: cloudflare
ETag: "8864a154512dd61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603c0dd24e8c-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size4.css
mellowads.com/css/ Frame 81CE 1 KB
1 KB 23ms
9ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size4.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21de9b90173dd3bd8c897b2c173617ffc15eed321a42b0f9c0b68dda34399ea5

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3446
Cf-Polished: origSize=1482
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da798600004a62df3f2000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"b5b87228f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e603c0d0e4a62-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 81CE 880 B
2 KB 11ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 2005980
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da797a0000dfcb20bc3000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603bf8d3dfcb-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame A490 395 B
1 KB 24ms
11ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3235
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da798600004eeba93e7000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e603c0db84eeb-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame A490 880 B
2 KB 24ms
11ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 2005980
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da798700004dbefdb70000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603c0dd04dbe-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK 4C9C55D8D99B.gif
banners.mellowads.com/ads/ Frame A490 322 KB
323 KB 65ms
51ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/4C9C55D8D99B.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6570ec6b7a60c9d0721046000d7cda88b4c918bc533e8433bd5c5d377f1a42bd

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 607164
Cf-Polished: origSize=347236
Connection: keep-alive
Content-Length: 329676
cf-request-id: 0850da798900004ac3728de000000001
Last-Modified: Mon, 08 Feb 2021 14:16:08 GMT
Server: cloudflare
ETag: "eefc2df224fed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603c0fe24ac3-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame 7DA4 395 B
1 KB 23ms
10ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3235
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da79860000dfcb39aae000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e603c08e3dfcb-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 7DA4 880 B
2 KB 80ms
10ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 2005980
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da79c000004a62e482f000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603c6d794a62-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK CACB3CB80637.gif
banners.mellowads.com/ads/ Frame 7DA4 65 KB
65 KB 67ms
52ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/CACB3CB80637.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa232a21d87a8f414d57819642249d553cb2067cf6e182fe6e251933cf23b38

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 89917
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 66166
cf-request-id: 0850da798a0000bedd81960000000001
Last-Modified: Wed, 20 May 2020 12:13:46 GMT
Server: cloudflare
ETag: "731aa61ca02ed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603c0acabedd-FRA
Cf-Bgj: imgq:100,h2pri

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
737 B 162ms
90ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.142:80
AN-X-Request-Uuid: 6149567d-c2ee-4104-80ca-72eee17c30bc
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
565 B 107ms
107ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwMg%3D%3D&callback=adf__pkXcI7GYaZi1OVpfYw5P

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5a367befeb719be306ebd67d7b7281fe3ec19d6364427f54b18a143e43b9b462

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 159
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 113 B
447 B 641ms
445ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=449301397e8e42a9922ea633e3eb3fda&ufid=pkXcI7GYaZi1OVpfYw5P&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__pkXcI7GYaZi1OVpfYw5P&ref=ad.gab.ag&_=1613553033598&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 67f63797636b4117986836597d8b73551bf17a19d352632b8d910ee33c3dfa53

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 60ms
60ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame EE11 109 B
322 B 98ms
98ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%22qpYtqpgCfHPpQNcP2GYp%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%22o3sP72A7TRDq0X0ZKpmh%22,%22pid%22:%2222030222%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%22449301397e8e42a9922ea633e3eb3fda%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 5bcb7e5dee8dc7009ecdcc21f46f11e6276f4280eddecac2377da17792c1e346

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 109
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
736 B 110ms
40ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.80:80
AN-X-Request-Uuid: 78e19a1f-bedd-4a9a-b7bc-b8bfc06ef950
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
563 B 63ms
59ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwNA%3D%3D&callback=adf__r8ewgKTSOmG7ogL7vVBL

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1a2bbb8affa85ce43f58cbbe7fc2b68c70d5f6d0c1c486cf3b8cd135e962d8d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 157
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 113 B
447 B 803ms
452ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=54f6df99caa7486ba63d0c3df54e7ba2&ufid=r8ewgKTSOmG7ogL7vVBL&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__r8ewgKTSOmG7ogL7vVBL&ref=ad.gab.ag&_=1613553033600&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 93fdaf7c10ee7e9cefca4ab377650b3ae73d83eeafc06f3851da7418945db9ed

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 56ms
54ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame EE11 109 B
322 B 81ms
80ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%22GkrqmC2jMyNwNbfwD8nW%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%22voSORMw4josPuXpwkMN7%22,%22pid%22:%2222033549%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%2254f6df99caa7486ba63d0c3df54e7ba2%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3c6da34b1dec3c14fd6cf7ccce2875ea8f50f8af7c8f330b4e453ecb392654c3

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 109
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 200
OK size4.css
mellowads.com/css/ Frame 7408 1 KB
1 KB 14ms
13ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size4.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21de9b90173dd3bd8c897b2c173617ffc15eed321a42b0f9c0b68dda34399ea5

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3446
Cf-Polished: origSize=1482
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da79cc00004a62e1a05000000001
Last-Modified: Wed, 15 Nov 2017 09:57:33 GMT
Server: cloudflare
ETag: W/"b5b87228f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e603c7d914a62-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame 7408 880 B
2 KB 10ms
9ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 2005980
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da79cd00004dbe50995000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603c7e6a4dbe-FRA
Cf-Bgj: imgq:100,h2pri

GET
H/1.1 200
OK F19594AC43E4.gif
banners.mellowads.com/ads/ Frame 7408 782 KB
783 KB 21ms
20ms Image
image/gif 2606:4700::6810:8916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banners.mellowads.com/ads/F19594AC43E4.gif
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/B8AE533AA3BB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:8916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f4f96743ec8eb44216bbb7697f490fed60557d3cd0a040eb71a3838e85195bb

Request headers

Referer: https://mellowads.com/view/B8AE533AA3BB
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 87908
Cf-Polished: origSize=831545
Connection: keep-alive
Content-Length: 800582
cf-request-id: 0850da79cd0000bedd9f842000000001
Last-Modified: Mon, 08 Feb 2021 14:15:20 GMT
Server: cloudflare
ETag: "1c9f6bd524fed61:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603c7addbedd-FRA
Cf-Bgj: imgq:100,h2pri

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
737 B 84ms
84ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.135:80
AN-X-Request-Uuid: 12696d04-746a-4224-b921-caf53d1108a7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
564 B 82ms
81ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwMg%3D%3D&callback=adf__OOYAEpwdYU4yVlwC2RcF

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

fa2a04becd3feb7d6919195b612460d093196ee8d80b1b10f8faa2146b5518d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 158
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 4 KB
2 KB 413ms
412ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=449301397e8e42a9922ea633e3eb3fda&ufid=OOYAEpwdYU4yVlwC2RcF&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__OOYAEpwdYU4yVlwC2RcF&ref=ad.gab.ag&_=1613553033679&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3baeefa345812d224537feb4f61bdb1d6d9dd0cd826066178b8da5f4817b899

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 79ms
78ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame EE11 105 B
318 B 80ms
79ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%22r6LJEo2V5gOCVJExg0TA%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%22RMpxwjnjHQqUJuHrGRUG%22,%22pid%22:%2222030222%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%22449301397e8e42a9922ea633e3eb3fda%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: cd88d918a30d1694a675fd1cc0a8729c022ebff428a7886775bd5054ab66649f

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 105
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v2/ Frame EE11 50 B
737 B 74ms
73ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v2/prebid

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:33 GMT
X-Proxy-Origin: 82.102.20.235; 82.102.20.235; 718.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.155:80
AN-X-Request-Uuid: b13ac2c6-9944-49c1-8efe-17fe329eebec
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.gab.ag
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 50
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame EE11 33 B
565 B 72ms
71ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?rp=4&bWlkPTgyNDEwNA%3D%3D&callback=adf__WjirXQzdUs0ICJYaWxjg

Requested by

Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

af14d3c62f8cf63daaf82b8311dedad951c23fad106b6b457811dc0a91976e4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:33 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 159
expires: -1

GET
H/1.1 200
OK adp Show response
ads.rekmob.com/m/ Frame EE11 113 B
447 B 548ms
548ms Script
text/plain 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rekmob.com/m/adp?uid=54f6df99caa7486ba63d0c3df54e7ba2&ufid=WjirXQzdUs0ICJYaWxjg&mobile_web=1&dt=3&as=1&os=3&jsonp=1&callback=rmb__WjirXQzdUs0ICJYaWxjg&ref=ad.gab.ag&_=1613553033688&crtg=-1
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: 54aa02199c56dd619ddac0fd3f0cd0480174ad02c69c095fb0ca212c5489acd9

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:39:59 GMT
Content-Encoding: gzip
Server: nginx/1.9.6
X-Code: DK
Vary: Accept-Encoding
Content-Type: text/plain;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 204 / Show response
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame EE11 0
172 B 69ms
68ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 hb Show response
ice.360yield.com/ul_cb/ Frame EE11 105 B
318 B 70ms
69ms XHR
application/json 18.195.63.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ice.360yield.com/ul_cb/hb?jsonp={%22bid_request%22:{%22id%22:%22UFveQzRr8Xu5pM3X6WiG%22,%22version%22:%224.2.0-JS-5.1%22,%22imp%22:[{%22id%22:%22vZDyHhXWfle4dwaAKlMz%22,%22pid%22:%2222033549%22,%22banner%22:{%22w%22:300,%22h%22:250},%22tid%22:%2254f6df99caa7486ba63d0c3df54e7ba2%22}]}}
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.63.250 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c1ec3b6063a0fd95ae9f462c157e33de7fc5524a17fe77f7bee1ad650c75527d

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.gab.ag
date: Wed, 17 Feb 2021 09:10:33 GMT
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 105
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 200
OK size0.css
mellowads.com/css/ Frame DEA6 395 B
1 KB 11ms
10ms Stylesheet
text/css 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mellowads.com/css/size0.css?v18
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab678728d50221c34ab637a8db8060f2d87621fced24a19b1f41ee4ca6a3e3ff

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 3235
Cf-Polished: origSize=593
Transfer-Encoding: chunked
Connection: keep-alive
cf-request-id: 0850da7a4f00004ee6de8c3000000001
Last-Modified: Wed, 15 Nov 2017 09:57:32 GMT
Server: cloudflare
ETag: W/"aaacc827f85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/css
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
CF-RAY: 622e603d4ac64ee6-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK minibrand.png
mellowads.com/img/ Frame DEA6 880 B
2 KB 53ms
53ms Image
image/png 2606:4700::6810:e633
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mellowads.com/img/minibrand.png
Requested by: Host: mellowads.com
URL: https://mellowads.com/view/A860A4556C60
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:e633 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e14c1a668a02a6e7d92ccef711b8ecb2d73523c4c2f41f6ec4218da1953c0f0

Request headers

Referer: https://mellowads.com/view/A860A4556C60
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:33 GMT
CF-Cache-Status: HIT
Age: 2005980
Cf-Polished: status=not_needed
Connection: keep-alive
Content-Length: 880
cf-request-id: 0850da7a4f00004a624108e000000001
Last-Modified: Wed, 15 Nov 2017 09:57:38 GMT
Server: cloudflare
ETag: "db70512bf85dd31:0"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/png
Expires: Sat, 20 Mar 2021 09:10:33 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
CF-RAY: 622e603d4e7d4a62-FRA
Cf-Bgj: imgq:100,h2pri

GET
H2 200 / Show response
g.cash-ads.com/ Frame 435A 500 B
640 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=uQbNWNfhVACn9VGoEjv03tVCfHSbzWOV4TVGekvszr4%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

42af986ad6c77bdb9fc8fee73110bb9c1be8942a26d46de53d9ddd222d9a43d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:34 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 118A 46 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cpm-ad.com/serve/show.php?a=5280&b=160x600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 1398
date: Wed, 17 Feb 2021 08:47:16 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Wed, 17 Feb 2021 10:47:16 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 435A 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:34 GMT

GET
H2 200 / Show response
g.cash-ads.com/ Frame 435A 1 KB
1 KB 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=rbjPyRpmmEfgxgLgQaAW%2BAHpnA%2B%2FJnYvYEMgfsz7Uek%3D

Requested by

Host: cpm-ad.com
URL: https://cpm-ad.com/serve/show.php?a=5280&b=160x600

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

becbd6212c4bb5910e687c1cbdee33a52d7e2bfbe53c253899f27f48510edfdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=rbjPyRpmmEfgxgLgQaAW%2BAHpnA%2B%2FJnYvYEMgfsz7Uek%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=IW8MnR05xAQBg7Lpl%2Bmgg5EkgXoZjvkVCvpvFLieHrE%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:34 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 435A 1 KB
1 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=rbjPyRpmmEfgxgLgQaAW%2BAHpnA%2B%2FJnYvYEMgfsz7Uek%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=rbjPyRpmmEfgxgLgQaAW%2BAHpnA%2B%2FJnYvYEMgfsz7Uek%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:34 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 435A 84 KB
84 KB 40ms
40ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=rbjPyRpmmEfgxgLgQaAW%2BAHpnA%2B%2FJnYvYEMgfsz7Uek%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=rbjPyRpmmEfgxgLgQaAW%2BAHpnA%2B%2FJnYvYEMgfsz7Uek%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:34 GMT

GET redirect
xml.ezmob.com/ Frame 0C39 0
0

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame EE11 2 KB
1 KB 48ms
47ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=449301397e8e42a9922ea633e3eb3fda&nai=&si=24908&pn=&h=250&w=300&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 5297
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e60426b5e10e7-CPH
content-length: 1146
cf-request-id: 0850da7d7e000010e702367000000001
expires: Wed, 17 Feb 2021 11:10:34 GMT

GET
H/1.1 200
OK rs-b.png
adimg.rekmob.com/logos/ Frame FB8F 471 B
911 B 162ms
51ms Image
image/png 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/logos/rs-b.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df02aa33acd40ff99ac77551154f9fe7fd5a13dc1f782aac62ffb1a6a0f7f09c

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 03:50:08 GMT
Via: 1.1 e9ebe38de33a70557cf9d9c1d7e5d11f.cloudfront.net (CloudFront)
Last-Modified: Thu, 26 Jul 2018 10:20:15 GMT
Server: AmazonS3
Age: 29015
ETag: "5965d59f86a925e809f20a75e26c9d0c"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 471
X-Amz-Cf-Id: UXar-xwgP3_7RyyQBZ5JTzSyTsUl4XwhEfkkYgDWg29ie7iuw0N_ig==

GET
H/1.1 200
OK 0a6ae0abcb30465ab37c829b201d09a1
adimg.rekmob.com/ Frame FB8F 58 KB
58 KB 170ms
58ms Image
image/jpeg 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/0a6ae0abcb30465ab37c829b201d09a1
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c9fd9081dbd2adb4b3f7810cdaadedf7edb8a0d604b89e43b5770ff74049b7a

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 03:13:11 GMT
Via: 1.1 924bf9febd74cef2bda62c15c8441e00.cloudfront.net (CloudFront)
Last-Modified: Wed, 20 May 2020 16:00:22 GMT
Server: AmazonS3
Age: 28827
ETag: "ae58864fa705b974b2189df65fef8e79"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 59080
X-Amz-Cf-Id: nyTNpU88pf4Mqff7-GpqgpDftJDfmTBn1-Pa009_MAkpsLNGDtlwHg==

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame FB8F 2 B
179 B 332ms
331ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=449301397e8e42a9922ea633e3eb3fda&udid=45e0aaa03ca540b4862cb1a0a4512794&rid=NjAyY2RkOGEwY2YyNDg0MDZkOGVjNjVj&adId=MTM1Mw==
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:40:00 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame EE11 30 KB
24 KB 24ms
24ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1613553034673&ver1=2.2.3&qid=230383f5530383f5434353&rnd=fhyhr07b2o2c&cid=544
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=449301397e8e42a9922ea633e3eb3fda&nai=&si=24908&pn=&h=250&w=300&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 1271
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6042cbfe10e7-CPH
content-length: 23972
cf-request-id: 0850da7dbc000010e7c8818000000001
expires: Wed, 17 Feb 2021 11:10:34 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame EE11 26 B
266 B 11ms
11ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1613553034719&rnd=fhyhr07b2o2c&ifm=1&uai=1&cid=544&s=ad.gab.ag&p=12328&x=rekmob&adtg=449301397e8e42a9922ea633e3eb3fda&ats=0&atf=&nsi=&si=24908&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 3721
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e60434dae2bca-FRA
content-length: 26
cf-request-id: 0850da7e0a00002bca780d6000000001
expires: Wed, 17 Feb 2021 11:10:34 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame EE11 26 B
113 B 13ms
13ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1613553034712599&ver=1.2r81&qid=230383f5530383f5434353&p=12328&s=ad.gab.ag&x=rekmob&cid=544&od1=&od2=&adtg=449301397e8e42a9922ea633e3eb3fda&nci=&nai=&si=24908&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=fhyhr07b2o2c&impid=&tps=64&ver1=2.2.3&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&os=&mm=&di=&ip=82.102.20.235&ci=&pp=&bp=&w=300&h=250&pn=&1=2b5b962e41940d9b1130dd8e9cd94361&2=1.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=3&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=544&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=3&icpl=24&icp=http%253A//smartocom.com&irfl=22&irf=https%253A//ad.gab.ag/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-22-p-fl-5-s-fl-9-x-fl-6-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-32-nci-fl-0-nai-fl-0-si-fl-5-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-ua-fl-144-os-fl-0-mm-fl-0-di-fl-0-ip-fl-13-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-3-h-fl-3-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andMacIntel&adv=0&det=1&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=1200x1200&gpu=undefined&ncf=4g_9_undefined_null_0_undefined_false&fli=3429136985&flerr=0&trim=&fio=15
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 2888
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e60434db42bca-FRA
content-length: 26
cf-request-id: 0850da7e0a00002bca13ba5000000001
expires: Wed, 17 Feb 2021 11:10:34 GMT

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame EE11 2 KB
1 KB 24ms
24ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=4eef9d94fb6d4baca35d78effe61c3a2&nai=&si=24908&pn=&h=90&w=728&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 5297
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6043fdf010e7-CPH
content-length: 1146
cf-request-id: 0850da7e7c000010e706020000000001
expires: Wed, 17 Feb 2021 11:10:34 GMT

GET
H/1.1 200
OK 32d0e9c9c24a4599b7c35c17bf87e9ae
adimg.rekmob.com/ Frame 740A 42 KB
42 KB 57ms
56ms Image
image/jpeg 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/32d0e9c9c24a4599b7c35c17bf87e9ae
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 057f09a69601da3adc7b756b621f7b98e3b24b50ee89da83314bc45c4ef03ca4

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 05:02:25 GMT
Via: 1.1 924bf9febd74cef2bda62c15c8441e00.cloudfront.net (CloudFront)
Last-Modified: Wed, 20 May 2020 15:53:13 GMT
Server: AmazonS3
Age: 15280
ETag: "1206c40415c3aa41e749ad6054d636b5"
X-Cache: Hit from cloudfront
Content-Type: image/jpeg
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 42678
X-Amz-Cf-Id: fUrHND0au9vI11LeUh7rRwrweACl6kub9vGe11cd-jugn09s-W2aiQ==

GET
H/1.1 200
OK rs-b.png
adimg.rekmob.com/logos/ Frame 740A 471 B
911 B 51ms
51ms Image
image/png 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/logos/rs-b.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df02aa33acd40ff99ac77551154f9fe7fd5a13dc1f782aac62ffb1a6a0f7f09c

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 03:50:08 GMT
Via: 1.1 e9ebe38de33a70557cf9d9c1d7e5d11f.cloudfront.net (CloudFront)
Last-Modified: Thu, 26 Jul 2018 10:20:15 GMT
Server: AmazonS3
Age: 29015
ETag: "5965d59f86a925e809f20a75e26c9d0c"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 471
X-Amz-Cf-Id: 0UpqwMlBfjVYzBG3_d_jNManAh3xzWrmGWEV5YLahV6VBMC8N9_h2w==

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame 740A 2 B
179 B 128ms
128ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=4eef9d94fb6d4baca35d78effe61c3a2&udid=c27a023705f044e3a9c3ce72d68d32a9&rid=NjAyY2RkOGEwY2YyOGI1OTkyYzc2M2Uz&adId=MTM2MA==
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:40:00 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame EE11 30 KB
24 KB 52ms
52ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1613553034904&ver1=2.2.3&qid=230383f5530383f5434353&rnd=iq44fz5cjpos&cid=544
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=4eef9d94fb6d4baca35d78effe61c3a2&nai=&si=24908&pn=&h=90&w=728&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:34 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 1271
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e60443e7b10e7-CPH
content-length: 23972
cf-request-id: 0850da7ea5000010e7e62fb000000001
expires: Wed, 17 Feb 2021 11:10:34 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame EE11 26 B
113 B 13ms
12ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1613553034999&rnd=iq44fz5cjpos&ifm=1&uai=1&cid=544&s=ad.gab.ag&p=12328&x=rekmob&adtg=4eef9d94fb6d4baca35d78effe61c3a2&ats=0&atf=&nsi=&si=24908&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:35 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 3722
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6044cf962bca-FRA
content-length: 26
cf-request-id: 0850da7f0200002bca4d012000000001
expires: Wed, 17 Feb 2021 11:10:35 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame EE11 26 B
265 B 11ms
11ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1613553034991106&ver=1.2r81&qid=230383f5530383f5434353&p=12328&s=ad.gab.ag&x=rekmob&cid=544&od1=&od2=&adtg=4eef9d94fb6d4baca35d78effe61c3a2&nci=&nai=&si=24908&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=iq44fz5cjpos&impid=&tps=66&ver1=2.2.3&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&os=&mm=&di=&ip=82.102.20.235&ci=&pp=&bp=&w=728&h=90&pn=&1=2b5b962e41940d9b1130dd8e9cd94361&2=1.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=3&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=544&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=3&icpl=24&icp=http%253A//smartocom.com&irfl=22&irf=https%253A//ad.gab.ag/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-22-p-fl-5-s-fl-9-x-fl-6-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-32-nci-fl-0-nai-fl-0-si-fl-5-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-ua-fl-144-os-fl-0-mm-fl-0-di-fl-0-ip-fl-13-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-3-h-fl-2-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andMacIntel&adv=0&det=1&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=1200x1200&gpu=undefined&ncf=4g_9_undefined_null_0_undefined_false&fli=3429136985&flerr=0-a1&trim=&fio=15
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:35 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 2889
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6044df9a2bca-FRA
content-length: 26
cf-request-id: 0850da7f0300002bca0791e000000001
expires: Wed, 17 Feb 2021 11:10:35 GMT

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame EE11 2 KB
1 KB 25ms
25ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=192c020147d342b89b44892f054dc030&nai=&si=24908&pn=&h=90&w=728&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:37 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 5300
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6055d81710e7-CPH
content-length: 1146
cf-request-id: 0850da89a4000010e7aea96000000001
expires: Wed, 17 Feb 2021 11:10:37 GMT

GET
H2 200 ron.reklamstore.com.926917.js Show response
jsc.mgid.com/r/o/ Frame F04F 231 KB
63 KB 81ms
39ms Script
text/javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/r/o/ron.reklamstore.com.926917.js
Requested by: Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82ae7c92a8958b58c869e88276ae63f1b2fe6fd143eea4f5e8861a1ebcd5f943

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:37 GMT
content-encoding: br
cf-cache-status: HIT
age: 4353
cf-polished: origSize=236522
last-modified: Thu, 11 Feb 2021 10:02:08 GMT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: DF07B492F521F13E
x-amz-id-2: MfgoknucyxxlATJMa5EjApuDX1p5NnFQ/M19bLNwQiB4yS2KDNJCcy0zgtXA5P3LCHtHB8TmmRw=
cf-bgj: minify
server: cloudflare
etag: W/"81fd338916b4cdc79d9b5d03f6f6358e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
cf-request-id: 0850da89d400007367123ea000000001
cf-ray: 622e605619477367-CPH
expires: Wed, 17 Feb 2021 12:10:37 GMT

GET
H/1.1 200
OK rs-b.png
adimg.rekmob.com/logos/ Frame F04F 471 B
911 B 54ms
54ms Image
image/png 65.9.20.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adimg.rekmob.com/logos/rs-b.png
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.20.22 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df02aa33acd40ff99ac77551154f9fe7fd5a13dc1f782aac62ffb1a6a0f7f09c

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 03:50:08 GMT
Via: 1.1 924bf9febd74cef2bda62c15c8441e00.cloudfront.net (CloudFront)
Last-Modified: Thu, 26 Jul 2018 10:20:15 GMT
Server: AmazonS3
Age: 29018
ETag: "5965d59f86a925e809f20a75e26c9d0c"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: ZAG50-C1
Content-Length: 471
X-Amz-Cf-Id: ON7ufBJfbmnlOEq0ixxQUfsxKQ51yt_ePhAxl8VLsAwdJf0VtC0quA==

GET
H/1.1 200
OK imp
ads.rekmob.com/m/ Frame F04F 2 B
179 B 230ms
230ms Image
image/avif 146.185.142.91
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.rekmob.com/m/imp?uid=192c020147d342b89b44892f054dc030&udid=a6f198cdc6df48b2a6b6008de4ca09ae&rid=NjAyY2RkOGQwY2YyNDYwZTg0YWY1ODVm&adId=MTM3OQ==
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.9.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 08:40:02 GMT
Connection: keep-alive
Server: nginx/1.9.6
X-Code: DK
Content-Length: 2
Content-Type: image/avif;charset=ISO-8859-1

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame EE11 30 KB
24 KB 27ms
27ms Script
application/javascript 104.16.201.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1613553037759&ver1=2.2.3&qid=230383f5530383f5434353&rnd=6l2hw9iz3m4f&cid=544
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=12328&s=ad.gab.ag&x=rekmob&nci=&adtg=192c020147d342b89b44892f054dc030&nai=&si=24908&pn=&h=90&w=728&bp=&pp=&ci=&ip=82.102.20.235&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:37 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:22 GMT
server: cloudflare
age: 1274
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e6056189010e7-CPH
content-length: 23972
cf-request-id: 0850da89cc000010e79915d000000001
expires: Wed, 17 Feb 2021 11:10:37 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame EE11 26 B
114 B 43ms
42ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1613553037807&rnd=6l2hw9iz3m4f&ifm=1&uai=1&cid=544&s=ad.gab.ag&p=12328&x=rekmob&adtg=192c020147d342b89b44892f054dc030&ats=0&atf=&nsi=&si=24908&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:37 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 3724
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e60565c7a2bca-FRA
content-length: 26
cf-request-id: 0850da89fa00002bca4a0f2000000001
expires: Wed, 17 Feb 2021 11:10:37 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame EE11 26 B
428 B 42ms
41ms Image
image/gif 2606:4700::6810:3f36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1613553037800886&ver=1.2r81&qid=230383f5530383f5434353&p=12328&s=ad.gab.ag&x=rekmob&cid=544&od1=&od2=&adtg=192c020147d342b89b44892f054dc030&nci=&nai=&si=24908&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=6l2hw9iz3m4f&impid=&tps=68&ver1=2.2.3&ua=Mozilla/5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/83.0.4103.61%20Safari/537.36&os=&mm=&di=&ip=82.102.20.235&ci=&pp=&bp=&w=728&h=90&pn=&1=2b5b962e41940d9b1130dd8e9cd94361&2=1.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%7D%7D&6=3&7={%22e%22:%223%22,%22m%22:%220%22,%22f%22:%221380%22}&ats=0&atf=&dbgcid=544&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=3&icpl=24&icp=http%253A//smartocom.com&irfl=22&irf=https%253A//ad.gab.ag/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-22-p-fl-5-s-fl-9-x-fl-6-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-32-nci-fl-0-nai-fl-0-si-fl-5-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-ua-fl-144-os-fl-0-mm-fl-0-di-fl-0-ip-fl-13-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-3-h-fl-2-pn-fl-0-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andMacIntel&adv=0&det=1&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=1200x1200&gpu=undefined&ncf=4g_9_undefined_null_0_undefined_false&fli=3429136985&flerr=0-a1&trim=&fio=15
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6810:3f36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:37 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Feb 2021 21:37:17 GMT
server: cloudflare
age: 2891
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 622e60565c7b2bca-FRA
content-length: 26
cf-request-id: 0850da89fa00002bca24006000000001
expires: Wed, 17 Feb 2021 11:10:37 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame F04F 22 KB
1 KB 16ms
16ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

297b33ba930feb975c6869804a999ec114c2235b151d019e4e844902f3ce41c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:48:39 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:37 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame F04F 2 KB
646 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 17 Feb 2021 08:16:32 GMT
server: ESF
date: Wed, 17 Feb 2021 09:10:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 17 Feb 2021 09:10:37 GMT

GET
H2 200 ByMGID.svg
cdn.mgid.com/images/logos/ Frame F04F 2 KB
1 KB 47ms
46ms Image
image/svg+xml 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/ByMGID.svg
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aae80a8125affd8e33409d76e77ae2918d62c2028ee68e0d9fd6093d41ca0aad

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:37 GMT
content-encoding: br
cf-cache-status: HIT
age: 4507
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: EDD0957952C83C96
x-amz-id-2: 5KTvy9umK7Q9q7ayYfRhARbIRy2XVYo4Q/XpLliaGD20EGMrNCeynM9vzhfKBPhTvzrfw18tEFk=
last-modified: Thu, 07 May 2020 09:36:25 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1588844166/ctime:1588844166/gid:0/gname:root/md5:17534e4d893e6f9d5f70f8483530ae6e/mode:33206/mtime:1588844166/uid:0/uname:root
etag: W/"17534e4d893e6f9d5f70f8483530ae6e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cf-request-id: 0850da8a620000736761b98000000001
cf-ray: 622e60570a487367-CPH

GET
DATA 200
OK truncated
/ Frame F04F 138 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5351cc5fcd84ca5f24714cbc76e6b8f4fbf9a73fb9f7491bec0b523d073987e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame F04F 11 KB
11 KB 7ms
5ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 09:18:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 517945
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Fri, 11 Feb 2022 09:18:12 GMT

GET
H2 200 18 Show response
servicer.mgid.com/926917/ Frame F04F 2 KB
2 KB 74ms
71ms Script
application/x-javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/926917/18?w=728&h=90&cols=3&pv=5&src_id=24908_54890&cbuster=1613553037981901336903&uniqId=09134&niet=4g&nisd=false&iframe=2&ref=https%3A%2F%2Fad.gab.ag%2F&cxurl=https%3A%2F%2Fad.gab.ag%2F&pr=ad.gab.ag&lu=https%3A%2F%2Fwww.gab.ag%2Findex.php%3Fview%3Dregister&pageView=1&pvid=177af41729e93f8df1a&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/r/o/ron.reklamstore.com.926917.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e91fc72aca500800f45d6f7ce90fa70e60d6ba56a30a8954855494d43f95d0cc

Request headers

Referer: https://www.gab.ag/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622e60577ada7367-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8aad0000736769200000000001

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame F04F 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.gab.ag
Referer: https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i,900,900i&display=swap&subset=cyrillic,greek,vietnamese
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Feb 2021 05:54:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 98164
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 16 Feb 2022 05:54:34 GMT

GET
H2 200 i.js Show response
cm.mgid.com/ Frame F04F 1 KB
684 B 82ms
80ms Script
application/javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=1613553038079260202402
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/r/o/ron.reklamstore.com.926917.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97da318201ad61ea82bdf8641d2065adb974888dbb3178802f1756eef328e28f

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: f27f94e1-271a-4f13-be98-f4be5c2e3f5f
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622e60581bc37367-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8b0b0000736762a4b000000001
server: cloudflare

GET
H2 200 i-noref.js Show response
cm.mgid.com/ Frame C940 19 B
465 B 76ms
75ms Script
application/javascript 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1613553038084306333107
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/r/o/ron.reklamstore.com.926917.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31a2141f6b680b8ec183d8de67eaae2ac43bee3ccee46235e0c988761615210c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: 8a35b329-f140-4ced-a189-cec86ed28328
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622e60581bcf7367-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8b1000007367259bf000000001
server: cloudflare

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0LzUwZDIxZmE5N2JmOWM2ZmVlM2UzN2U5ZDlmMTA0ZThiLmpwZWc.webp
s-img.mgid.com/g/8164908/328x328/0x172x820x820/ Frame F04F 14 KB
15 KB 72ms
69ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164908/328x328/0x172x820x820/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDcvMTAxOTI0LzUwZDIxZmE5N2JmOWM2ZmVlM2UzN2U5ZDlmMTA0ZThiLmpwZWc.webp?v=1613553038-ubJ1m3n-FDQuhYTCI-BGM-gTObiyrUHHGAp6SzEjz28
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a447fd620dfe4da984b47db9a3a9ed436673bdf04cb0a08430fb7141ced56899

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: HIT
x-mg-request-uuid: 7da6799b-a7ba-4083-bf4e-5c633040c948
age: 761831
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14714
cf-request-id: 0850da8b130000736769206000000001
last-modified: Mon, 08 Feb 2021 10:21:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 622e60581bdd7367-CPH

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDUvMTAxOTI0LzA2ZWM0NWZkMzdjZmYxNTI4MzVjNjEzMDMxMmE5NjYxLmpwZWc.webp
s-img.mgid.com/g/8164884/328x328/81x0x667x667/ Frame F04F 17 KB
17 KB 71ms
69ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164884/328x328/81x0x667x667/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjAtMDUvMTAxOTI0LzA2ZWM0NWZkMzdjZmYxNTI4MzVjNjEzMDMxMmE5NjYxLmpwZWc.webp?v=1613553038-tBdxcTukm1zMQkplkQl05SReRdUmfcymZlV6NN0wO8U
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82a27787438fb42a1d78db250abc9f4ca19b78ae63f548626d0bfc65bc641a04

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: HIT
x-mg-request-uuid: 7633a336-f0e2-4439-b926-950c7b84902d
age: 769663
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17434
cf-request-id: 0850da8b13000073670b374000000001
last-modified: Mon, 08 Feb 2021 10:20:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 622e60581bdc7367-CPH

GET
H2 200 aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTAvMTAxOTI0LzMwZTFkZDE0NjhhNDUxMjZkNWQzM2RhNjYxODI5ZTRhLmpwZWc.webp
s-img.mgid.com/g/8164901/328x328/71x52x692x692/ Frame F04F 11 KB
11 KB 73ms
70ms Image
image/webp 104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/8164901/328x328/71x52x692x692/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMTktMTAvMTAxOTI0LzMwZTFkZDE0NjhhNDUxMjZkNWQzM2RhNjYxODI5ZTRhLmpwZWc.webp?v=1613553038-JaBkrgOAsPxeQJAx_G0x1ynWkLcjiKGxpaCwbTYjouo
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90282e89f0c9906ac139864965ac91e56f36bd55bb70da10ff0ff98bd03ba57f

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: HIT
x-mg-request-uuid: db396e4a-702d-425e-acbb-14a40a3bdb66
age: 769215
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11450
cf-request-id: 0850da8b14000073673da81000000001
last-modified: Mon, 08 Feb 2021 10:20:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 622e60581bdf7367-CPH

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 974A
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu

291 B
559 B

106ms
38ms

Document
text/html

23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Requested by: Host: cm.mgid.com
URL: https://cm.mgid.com/i.js?&cbuster=1613553038079260202402
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 4ddc003bfd0366a9c5e059509b3bac51972a8e803904b2a90b6b5c5ee7b26720

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.gab.ag/index.php?view=register
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.gab.ag/index.php?view=register

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 28 Sep 2020 17:02:39 GMT
ETag: "40295-123-5b062a240e9c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 238
Content-Type: text/html; charset=UTF-8
Date: Wed, 17 Feb 2021 09:10:38 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Date: Wed, 17 Feb 2021 09:10:38 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2

200

m
cm.mgid.com/ Frame F04F
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=omn67hl&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=omn67hl&ttd_tpi=1
https://cm.mgid.com/m?cdsp=371158&c=faec5728-ca0b-4bd0-8fb4-d5a5e69f20e6&ttl=1616145038

43 B
426 B

87ms
86ms

Image
image/gif

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=371158&c=faec5728-ca0b-4bd0-8fb4-d5a5e69f20e6&ttl=1616145038
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: a5ce8fb4-4ff0-48e2-9404-1dbbd7ac0f7a
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622e605a8fcc7367-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8c94000073677b26b000000001
server: cloudflare

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.mgid.com/m?cdsp=371158&c=faec5728-ca0b-4bd0-8fb4-d5a5e69f20e6&ttl=1616145038
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 205

GET
H2

200

google
cm.mgid.com/ Frame F04F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDFoQ2hlSHEyYmEx&muidn=l1hCheHq2ba1
https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bDFoQ2hlSHEyYmEx&muidn=l1hCheHq2ba1&google_tc=
https://cm.mgid.com/google?muidn=l1hCheHq2ba1&google_ula={guid},5&google_gid=CAESEIyeeIeIanGu1wh0KvPndJU&google_cver=1

0
274 B

71ms
70ms

Image
text/plain

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/google?muidn=l1hCheHq2ba1&google_ula={guid},5&google_gid=CAESEIyeeIeIanGu1wh0KvPndJU&google_cver=1
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: text/plain
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622e6059ff227367-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8c3f0000736778a5f000000001

Redirect headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.mgid.com/google?muidn=l1hCheHq2ba1&google_ula={guid},5&google_gid=CAESEIyeeIeIanGu1wh0KvPndJU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

m
cm.mgid.com/ Frame F04F
Redirect Chain

https://creativecdn.com/cm-notify?pi=mgid
https://ams.creativecdn.com/cm-notify?pi=mgid&tc=1
https://cm.mgid.com/m?cdsp=501037&c=du0wk5RlN1Eo0d1oiJKx&pi=mgid&tc=1

43 B
300 B

56ms
55ms

Image
image/gif

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=501037&c=du0wk5RlN1Eo0d1oiJKx&pi=mgid&tc=1
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 7391a083-457f-4b34-a9a4-d1d283619be3
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622e60597e1e7367-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8be90000736715a66000000001
server: cloudflare

Redirect headers

location: https://cm.mgid.com/m?cdsp=501037&c=du0wk5RlN1Eo0d1oiJKx&pi=mgid&tc=1
pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT, Wed, 17 Feb 2021 09:10:38 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 /
cm.lentainform.com/setmuidn/ Frame F04F 0
621 B 146ms
53ms Image
image/gif 104.19.216.61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.lentainform.com/setmuidn/?muidf=l1hCheHq2ba1
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.216.61 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 622e60593c3210c1-CPH
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8bc2000010c10c36b000000001

GET
H2

200

m
cm.mgid.com/ Frame F04F
Redirect Chain

https://x.bidswitch.net/sync?ssp=mgid
https://x.bidswitch.net/ul_cb/sync?ssp=mgid
https://green.erne.co/bidswitch/cm?bidswitch_ssp_id=mgid&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=270&expires=10&user_id=l8kF570MyK8DeeeMIpLrWVPG&ssp=mgid
https://cm.mgid.com/m?cdsp=433145&c=cc42e640-c282-4cff-9639-09d6c667d443&gdpr=&gdpr_consent=&us_privacy=

43 B
308 B

56ms
4ms

Image
image/gif

104.19.135.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=433145&c=cc42e640-c282-4cff-9639-09d6c667d443&gdpr=&gdpr_consent=&us_privacy=
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.135.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 1215befb-e502-4e91-8bed-eb70997b6f18
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 622e605a1f457367-CPH
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0850da8c53000073672b3db000000001
server: cloudflare

Redirect headers

location: //cm.mgid.com/m?cdsp=433145&c=cc42e640-c282-4cff-9639-09d6c667d443&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 17 Feb 2021 09:10:38 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 /
cm.idealmedia.io/setmuidn/ Frame F04F 0
555 B 146ms
53ms Image
image/gif 104.16.221.74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.idealmedia.io/setmuidn/?muidf=l1hCheHq2ba1
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.221.74 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Feb 2021 09:10:38 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 622e60593f571d22-CPH
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
cf-request-id: 0850da8bc200001d228021a000000001

GET
H/1.1

200
OK

RX-6c84c8ed-6da2-434c-a2ea-3176936bc9c9-003
sync.targeting.unrulymedia.com/csync/ Frame F04F
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=303&user_id=l1hCheHq2ba1
https://x.bidswitch.net/ul_cb/sync?dsp_id=303&user_id=l1hCheHq2ba1
https://sync.1rx.io/usersync/bidswitch/cc42e640-c282-4cff-9639-09d6c667d443?gdpr=&gdpr_consent=
https://sync.1rx.io/usersync/bidswitch/cc42e640-c282-4cff-9639-09d6c667d443?zcc=1&dspret=0&cb=1613553038515
https://sync.targeting.unrulymedia.com/csync/RX-6c84c8ed-6da2-434c-a2ea-3176936bc9c9-003

43 B
452 B

167ms
34ms

Image
image/gif

213.19.147.151
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-6c84c8ed-6da2-434c-a2ea-3176936bc9c9-003
Requested by: Host: www.gab.ag
URL: https://www.gab.ag/index.php?view=register
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 213.19.147.151 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.gab.ag/index.php?view=register
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:38 GMT
Server: Tengine
Connection: keep-alive
Content-Length: 43
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma: no-cache
Date: Wed, 17 Feb 2021 09:10:38 GMT
Server: Tengine
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.targeting.unrulymedia.com/csync/RX-6c84c8ed-6da2-434c-a2ea-3176936bc9c9-003
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 974A 31 KB
10 KB 84ms
84ms Script
text/html 23.37.42.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.42.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-42-132.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 5c5a22c704da51d236b29ae32a979a1a8f06969896795c03807774f6de684507

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Feb 2021 09:10:38 GMT
Content-Encoding: gzip
Last-Modified: Thu, 28 Jan 2021 20:32:24 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=16557
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9309
Expires: Wed, 17 Feb 2021 13:46:35 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 974A 284 B
536 B 171ms
59ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Referer: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=eu
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/jpg

POST
H2 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame E6DA 28 B
319 B 18ms
17ms XHR
application/json 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/6eebf7aa/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 60
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/pyxSN_WIThM
X-YouTube-Client-Version: 1.20210214.0.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtTNmZ2WXZfOGU4ZyiDu7OBBg%3D%3D
X-YouTube-Ad-Signals: dt=1613553027988&flash=0&frm=2&u_tz=60&u_his=3&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=23&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C480%2C270&vis=1&wgl=true&ca_type=image&bid=ANyPxKrE6Px82DLWuLOkvDaAsWS9QyB2gKlUMc_W9-e1lNcQ0NzvyxqouMFgePO8R9IOnlH_4sDGFWrQyO2wo363oyU4x7tnkg

Response headers

date: Wed, 17 Feb 2021 09:10:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 17 Feb 2021 09:10:38 GMT

GET
H2 200 / Show response
cdn.riverhit.com/sdk/slider/ Frame 37C4 62 KB
63 KB 46ms
46ms Script
application/javascript 78.140.182.155
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.riverhit.com/sdk/slider/?zid=1318
Requested by: Host: js1.eurosptp.com
URL: https://js1.eurosptp.com/scri.js?230
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.140.182.155 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 8865e07c9971320854d95fb864c9833d2a3bd99dfc56b4f14d34d4330c396512

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 17 Feb 2021 09:10:38 GMT
etag: eba1903c6bfca88912f87cfe4756fc04
server: nginx/1.16.1
x-time: 1613553038
content-length: 63836
content-type: application/javascript

GET
H2 200 / Show response
t.riverhit.com/2/ Frame 37C4 666 B
908 B 54ms
54ms XHR
application/json 78.140.182.155
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://t.riverhit.com/2/?spot_id=3105
Requested by: Host: cdn.riverhit.com
URL: https://cdn.riverhit.com/sdk/slider/?zid=1318
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.140.182.155 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: eb6f6ec4ad0c4096a017142a7badc2c434069c41002d364ba41ccf43291b4e80

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://www.eurosptp.com
date: Wed, 17 Feb 2021 09:10:38 GMT
access-control-allow-credentials: true
server: nginx/1.16.1
content-length: 666
content-type: application/json

GET
H2 200 49b23f6748ba47f4bfb61ad8da5f0dd5.jpg
cdn.cryptobrowser.store/media/pb/89/ Frame 787A 11 KB
11 KB 12ms
12ms Image
image/jpeg 2606:4700:3030::6815:45ed
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cryptobrowser.store/media/pb/89/49b23f6748ba47f4bfb61ad8da5f0dd5.jpg

Requested by

Host: smartocom.com
URL: http://smartocom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:45ed , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

041e735b9c3b5428bb56c52bd685e7f1dace0352106d7dc867203f9eb352ec32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/5/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:38 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 228
content-length: 11168
cf-request-id: 0850da8db70000dfef8b918000000001
last-modified: Fri, 22 Nov 2019 14:25:53 GMT
server: cloudflare
etag: "5dd7eff1-2ba0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZoRhcCvza%2FiwPI22QT44e9ukXcqKaO2sfuSVD7hyG4S0sxbyd0Bh60I4HlZ6SQhW9hmFRdjKN2BYzcHTX9Fy9WsLaNoPLWKJxYeD8lF%2BNaqCz6JnuDi3F%2F9eUDqgDKdvOySH8g%3D%3D"}],"max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e605c5a5adfef-FRA

GET
H2 200 / Show response
t.riverhit.com/2/ Frame 37C4 973 B
1 KB 35ms
35ms XHR
text/xml 78.140.182.155
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://t.riverhit.com/2/?spot_id=3105&target_id=223475&action=vast&xid=82486572a7ac50ec5f0e32cceaef005c
Requested by: Host: cdn.riverhit.com
URL: https://cdn.riverhit.com/sdk/slider/?zid=1318
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.140.182.155 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 7a1ed6da7465281d2abbec9a6a2f3978f720ac09d7a1e76b231e017935b85b91

Request headers

Accept: application/xml, text/xml, */*; q=0.01
Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

access-control-allow-origin: https://www.eurosptp.com
date: Wed, 17 Feb 2021 09:10:38 GMT
access-control-allow-credentials: true
server: nginx/1.16.1
content-length: 973
content-type: text/xml;charset=UTF-8

GET
H2 200 /
t.riverhit.com/2/ Frame 37C4 0
0 42ms
41ms Image
text/plain 78.140.182.155
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.riverhit.com/2/?spot_id=3105&target_id=223475&action=request&xid=82486572a7ac50ec5f0e32cceaef005c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.140.182.155 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *

GET
H2 206 f6253d10b29b37f4610166706fcdb6c2.mp4
vcdn.rivertraffic.com/ Frame 37C4 43 KB
0 122ms
33ms Media
video/mp4 67.216.91.74
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://vcdn.rivertraffic.com/f6253d10b29b37f4610166706fcdb6c2.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.216.91.74 , United States, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: ucdn/1.18.0 /
Resource Hash

Request headers

Referer: https://www.eurosptp.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 17 Feb 2021 09:10:38 GMT
Content-Range: bytes 0-2210636/2210637
x-trans-id: txd1caf5a9f9fd4fe3bca96-005f58c0a0
last-modified: Fri, 31 May 2019 09:33:25 GMT
server: ucdn/1.18.0
x-ureq-id: PYMqMNZBGwIWZKXReBdrI5EVg17A3HnRKVB6Idcrl7QGAYqkNCp5jNVr8TCxh48qUnZqsHzogNw24dzSbuj1eK7YObsbfUR8tMEP
etag: "3b066102eb0d82b410fb08a1abed293c"
x-served-from: l1
access-control-allow-methods: HEAD, GET, OPTIONS
x-object-meta-mtime: 1550585400.225495
access-control-allow-origin: *
x-timestamp: 1559295204.97902
cache-control: max-age=210073
Content-Length: 2210637
content-type: video/mp4
expires: Fri, 19 Feb 2021 19:31:51 GMT

GET
H2 200 7e89f1fa1ad04c09a0134fc4046b759f.png
cdn.cryptobrowser.store/media/pb/660/ Frame 2DB4 10 KB
11 KB 11ms
11ms Image
image/png 2606:4700:3030::6815:45ed
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cryptobrowser.store/media/pb/660/7e89f1fa1ad04c09a0134fc4046b759f.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:45ed , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be531610c7e14f90aa79d6d51d9f67eb5efc8f6768839f35f96dc763b96ccb0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://get.cryptobrowser.site/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:38 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 5612
content-length: 10139
cf-request-id: 0850da8e420000dfef9abff000000001
last-modified: Fri, 24 Jul 2020 10:25:08 GMT
server: cloudflare
etag: "5f1ab704-279b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NOQKFuc8PDxDVDHKSuoS67vhM%2FQfXQRlVZLBwh7gc1yufeOyR8nmeELHAy4ZQAI4Nu1Q2ugF%2F7OsDReqYhS%2BjQ3jSdkonhGuUui2Oxl%2B%2BdCc8KMb6JOwXevb7aQ4v6HnY%2F7KTQ%3D%3D"}],"max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 622e605d3af5dfef-FRA

GET
H2 206 f6253d10b29b37f4610166706fcdb6c2.mp4
vcdn.rivertraffic.com/ Frame 37C4 47 KB
47 KB 126ms
125ms Media
video/mp4 67.216.91.74
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://vcdn.rivertraffic.com/f6253d10b29b37f4610166706fcdb6c2.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.216.91.74 , United States, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: ucdn/1.18.0 /
Resource Hash: 1aeee8afd0970e7343a4144de9653e1899112eeeebd2853b277fa656c03abdbe

Request headers

Referer: https://www.eurosptp.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=2162688-

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
Content-Range: bytes 2162688-2210636/2210637
x-trans-id: txd1caf5a9f9fd4fe3bca96-005f58c0a0
last-modified: Fri, 31 May 2019 09:33:25 GMT
server: ucdn/1.18.0
x-ureq-id: PYMqMNZBGwIWZKXReBdrI5EVg17A3HnRKVB6Idcrl7QGAYqkNCp5jNVr8TCxh48qUnZqsHzogNw24dzSbuj1eK7YObsbfUR8tMEP
etag: "3b066102eb0d82b410fb08a1abed293c"
x-served-from: l1
access-control-allow-methods: HEAD, GET, OPTIONS
x-object-meta-mtime: 1550585400.225495
access-control-allow-origin: *
x-timestamp: 1559295204.97902
cache-control: max-age=210072
Content-Length: 47949
content-type: video/mp4
expires: Fri, 19 Feb 2021 19:31:51 GMT

GET
H2 200 in4.php Show response
show.adorion.net/ Frame 893D 5 KB
5 KB 41ms
39ms Document
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: 2d6d5b40cd7d3857de15de033754b399ca336ae506db4b160c0391b7e6f641d2

Request headers

:method: GET
:authority: show.adorion.net
:scheme: https
:path: /in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8

GET
H2 206 f6253d10b29b37f4610166706fcdb6c2.mp4
vcdn.rivertraffic.com/ Frame 37C4 2 MB
0 34ms
34ms Media
video/mp4 67.216.91.74
WEBZILLA

General

Check archive.org

Show headers Download Go to

Full URL: https://vcdn.rivertraffic.com/f6253d10b29b37f4610166706fcdb6c2.mp4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.216.91.74 , United States, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: ucdn/1.18.0 /
Resource Hash

Request headers

Referer: https://www.eurosptp.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=32768-

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
Content-Range: bytes 32768-2210636/2210637
x-trans-id: txd1caf5a9f9fd4fe3bca96-005f58c0a0
last-modified: Fri, 31 May 2019 09:33:25 GMT
server: ucdn/1.18.0
x-ureq-id: PYMqMNZBGwIWZKXReBdrI5EVg17A3HnRKVB6Idcrl7QGAYqkNCp5jNVr8TCxh48qUnZqsHzogNw24dzSbuj1eK7YObsbfUR8tMEP
etag: "3b066102eb0d82b410fb08a1abed293c"
x-served-from: l1
access-control-allow-methods: HEAD, GET, OPTIONS
x-object-meta-mtime: 1550585400.225495
access-control-allow-origin: *
x-timestamp: 1559295204.97902
cache-control: max-age=210072
Content-Length: 2177869
content-type: video/mp4
expires: Fri, 19 Feb 2021 19:31:51 GMT

GET
H2 200 3adorion300x250.png
adorion.net/images/banner/img/ Frame 893D 349 KB
349 KB 59ms
59ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adorion.net/images/banner/img/3adorion300x250.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: 2289e2bb4b520af207bc0c7ea7ef0560f1fb7debd6f1db25303677e308e0b903

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Tue, 17 Mar 2020 07:29:04 GMT
server: nginx
accept-ranges: bytes
etag: "5e707c40-5738a"
content-length: 357258
content-type: image/png

GET
H2 200 bovl.png
show.adorion.net/img/ Frame 893D 992 B
1 KB 43ms
42ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://show.adorion.net/img/bovl.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: bec59c57ee20dfc84e3507a0abd51ef5c8ea11468e6154b98b110edff6ea8a05

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Mon, 09 Mar 2020 20:14:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e66a3a0-3e0"
content-length: 992
content-type: image/png

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 893D 215 B
372 B 48ms
47ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

8e96a37c6a1d7cae947321c8aed07ce7deae62287a279184197e767024463c05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 893D 217 B
374 B 48ms
47ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

45e5f2d57dea673608558717dec4b36f55d79ffb43620108e7684b7baba9539e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 893D 216 B
373 B 48ms
47ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

07cfe8c1bbd7db37c4da88cc44e708e70e01edb64929bdc8f54033796c0ea87f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 /
t.riverhit.com/2/ Frame 37C4 0
0 34ms
34ms Image
text/plain 78.140.182.155
WEBZILLA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.riverhit.com/2/?spot_id=3105&target_id=223475&action=imp&xid=82486572a7ac50ec5f0e32cceaef005c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 78.140.182.155 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.eurosptp.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *

GET
H2 200 in4.php Show response
show.adorion.net/ Frame 9AD1 5 KB
5 KB 40ms
39ms Document
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: ea9aab1af8ec83c73785cca82c2200be042d4248e3d724ee29a6db8d1cda1862

Request headers

:method: GET
:authority: show.adorion.net
:scheme: https
:path: /in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/ Frame 8937 496 B
636 B 44ms
43ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f27d8cbd8366310364f6b41ef85af305a0d65a55a0431795079fa8178f7bd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame E736 494 B
634 B 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

102973221a51b6b20afc45370c906bed771c873008a40a990a3430dbdd031887

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A0EE 494 B
634 B 60ms
60ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

f630e44d6eb1b33ecbaaf953e1934436f319cc880784b436232e6491a37381f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 in4.php Show response
show.adorion.net/ Frame 4A9E 5 KB
5 KB 44ms
44ms Document
text/html 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
Requested by: Host: smartocom.com
URL: http://smartocom.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: ffb825c06a5a505f25ec3bd1f110fa264c317191892e5cee9377eb1e2ce170bb

Request headers

:method: GET
:authority: show.adorion.net
:scheme: https
:path: /in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8

GET
H2 200 binance728.jpg
adorion.net/images/ Frame 9AD1 162 KB
162 KB 39ms
37ms Image
image/jpeg 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adorion.net/images/binance728.jpg
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: f8bd2806bab451e0c283124ea5799304c4577cd73c80a31dc09345ae7c1c514d

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Fri, 12 Feb 2021 16:11:30 GMT
server: nginx
accept-ranges: bytes
etag: "6026a8b2-287ba"
content-length: 165818
content-type: image/jpeg

GET
H2 200 bovl.png
show.adorion.net/img/ Frame 9AD1 992 B
1 KB 40ms
39ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://show.adorion.net/img/bovl.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: bec59c57ee20dfc84e3507a0abd51ef5c8ea11468e6154b98b110edff6ea8a05

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Mon, 09 Mar 2020 20:14:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e66a3a0-3e0"
content-length: 992
content-type: image/png

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 9AD1 215 B
372 B 41ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

8e96a37c6a1d7cae947321c8aed07ce7deae62287a279184197e767024463c05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 9AD1 217 B
374 B 42ms
41ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

45e5f2d57dea673608558717dec4b36f55d79ffb43620108e7684b7baba9539e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 9AD1 216 B
373 B 41ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

07cfe8c1bbd7db37c4da88cc44e708e70e01edb64929bdc8f54033796c0ea87f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame E736 5 KB
5 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:39 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 8937 5 KB
5 KB 39ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:39 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame A0EE 5 KB
5 KB 41ms
41ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:39 GMT

GET
H2 200 3adorion468x60.png
adorion.net/images/banner/img/ Frame 4A9E 95 KB
95 KB 44ms
42ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adorion.net/images/banner/img/3adorion468x60.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: 42a09bdb2f605dddb8a70e578de5b26c32a1fbb5cefdbc79d1d086a950e5071c

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Tue, 17 Mar 2020 07:54:20 GMT
server: nginx
accept-ranges: bytes
etag: "5e70822c-17b96"
content-length: 97174
content-type: image/png

GET
H2 200 bovl.png
show.adorion.net/img/ Frame 4A9E 992 B
1 KB 38ms
37ms Image
image/png 94.23.40.196
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://show.adorion.net/img/bovl.png
Requested by: Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.23.40.196 , France, ASN16276 (OVH, FR),
Reverse DNS: s1.hubu-interactive.de
Software: nginx /
Resource Hash: bec59c57ee20dfc84e3507a0abd51ef5c8ea11468e6154b98b110edff6ea8a05

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
last-modified: Mon, 09 Mar 2020 20:14:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e66a3a0-3e0"
content-length: 992
content-type: image/png

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 4A9E 215 B
372 B 40ms
39ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

8e96a37c6a1d7cae947321c8aed07ce7deae62287a279184197e767024463c05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 4A9E 217 B
374 B 41ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

45e5f2d57dea673608558717dec4b36f55d79ffb43620108e7684b7baba9539e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/banner/ Frame 4A9E 216 B
373 B 41ms
40ms Script
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

07cfe8c1bbd7db37c4da88cc44e708e70e01edb64929bdc8f54033796c0ea87f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:39 GMT
server: nginx
x-frame-options: deny
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000; includeSubDomains
content-type: text/html; charset=UTF-8

GET
H2 200 / Show response
g.cash-ads.com/ Frame FEEC 496 B
636 B 41ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f27d8cbd8366310364f6b41ef85af305a0d65a55a0431795079fa8178f7bd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 8291 494 B
634 B 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

102973221a51b6b20afc45370c906bed771c873008a40a990a3430dbdd031887

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame D79F 494 B
634 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

f630e44d6eb1b33ecbaaf953e1934436f319cc880784b436232e6491a37381f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:39 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame C427 496 B
636 B 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=B6AV7UhP3zSVP4QeUIPqlpfYctsDeZg1dHVip975tpo%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

4ff4f68c8fb20794924789819c6b8f3b1dab40e5bf7ce53ebc7c9ab26a067ac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 889B 498 B
638 B 41ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=slJWsxgh8F9R50x01fUpZ1bSbr2rvKdBG1PnOp1mtno%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e37042b97af558be4e3da9908730ef927ef8be2322c284ea1986f08cf84ccded

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame FF69 494 B
634 B 40ms
40ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D

Requested by

Host: g.cash-ads.com
URL: https://g.cash-ads.com/banner/?code=3ijLZmuKELVpfX5JOo4R0Jmhbh%2BQYlJ8%2BYCOri1SKjw%3D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

fa8ddd7f366b1ba1e92fed308ba318878d199f516fecc30786d876dcb275c9be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame E736 1 KB
1 KB 42ms
42ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

d753b53627529f11460cca8123a60316dce4beaa6f6b283c160fdd64e3e4a46c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 8937 1 KB
1 KB 42ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

4977d843ce4b1d8a04131a67e4bd88cab3b674e5ac9e0600cc2437438a5038be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame A0EE 1 KB
1 KB 42ms
41ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=300&h=250&sz=4&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e976d6e289b5e7a43c40be85486739c362f15bd614ccb89aba17944016e03875

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame FEEC 5 KB
5 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 8291 5 KB
5 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame D79F 5 KB
5 KB 43ms
42ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame C427 5 KB
5 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame 889B 5 KB
5 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 lds.gif
g.cash-ads.com/img/ Frame FF69 5 KB
5 KB 40ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/lds.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 5d8b123d692b5e61bc24ee0ec2134ed95bd2f5e9baa788180bee718fc00da8c4

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Thu, 21 Jan 2021 21:02:57 GMT
server: nginx
etag: "6009ec01-14bf"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 5311
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 / Show response
g.cash-ads.com/ Frame FEEC 1 KB
1 KB 120ms
99ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

4977d843ce4b1d8a04131a67e4bd88cab3b674e5ac9e0600cc2437438a5038be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame E736 1 KB
1 KB 59ms
39ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame E736 84 KB
84 KB 59ms
39ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET redirect
xml.ezmob.com/ Frame BC32 0
0

GET
H2 200 / Show response
g.cash-ads.com/ Frame 8291 1 KB
1 KB 100ms
99ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

d753b53627529f11460cca8123a60316dce4beaa6f6b283c160fdd64e3e4a46c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXoorMN10tlmMnRXmDxWR2mw%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame D79F 1 KB
1 KB 99ms
99ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=728&h=90&sz=2&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

e976d6e289b5e7a43c40be85486739c362f15bd614ccb89aba17944016e03875

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXhUaG8JkjtJMKNk55Dj6OFk%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame 8937 1 KB
1 KB 62ms
61ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame 8937 84 KB
84 KB 62ms
61ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmKMpVieaH%2Fji02EdS1MwFI%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET redirect
xml.ezmob.com/ Frame 01C0 0
0

GET
H2 200 bovl1.gif
g.cash-ads.com/img/ Frame A0EE 1 KB
1 KB 99ms
98ms Image
image/gif 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.cash-ads.com/img/bovl1.gif
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 6a311efa0bbd120ad039d952829eda4134bf7820e69c1fa7c881d0c04397dbd3

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Fri, 11 Sep 2020 22:15:28 GMT
server: nginx
etag: "5f5bf700-41f"
content-type: image/gif
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 1055
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET
H2 200 jquery.min.js Show response
g.cash-ads.com/int/ Frame A0EE 84 KB
84 KB 99ms
98ms Script
application/javascript 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://g.cash-ads.com/int/jquery.min.js
Requested by: Host: g.cash-ads.com
URL: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 147.135.220.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3074226.ip-147-135-220.eu
Software: nginx /
Resource Hash: 7bf1676189cf3eafe5008e1f905c101bf78776253edf18030d43505cac297947

Request headers

Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXmBwJDLHQLPG4VoAEuryEYI%3D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Feb 2021 09:10:40 GMT
last-modified: Tue, 03 Nov 2020 05:45:55 GMT
server: nginx
etag: "5fa0ee93-14e08"
content-type: application/javascript
cache-control: max-age=2592000, public
accept-ranges: bytes
content-length: 85512
expires: Fri, 19 Mar 2021 09:10:40 GMT

GET redirect
xml.ezmob.com/ Frame 717A 0
0

GET
H2 200 / Show response
g.cash-ads.com/ Frame C427 1 KB
1 KB 82ms
81ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=8Jjb2oDPQlTAz91npKSGYpcR8mIyKvtAg%2F5ig6Hoar8%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

4977d843ce4b1d8a04131a67e4bd88cab3b674e5ac9e0600cc2437438a5038be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=8Jjb2oDPQlTAz91npKSGYpcR8mIyKvtAg%2F5ig6Hoar8%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXpS0Wbc8wfhKtQD9OKDfoug%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame 889B 1 KB
1 KB 81ms
81ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=8Jjb2oDPQlTAz91npKSGYqpYWlD%2Br%2B3GhVfIbjQefpw%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

d753b53627529f11460cca8123a60316dce4beaa6f6b283c160fdd64e3e4a46c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: g.cash-ads.com
:scheme: https
:path: /?nc=8Jjb2oDPQlTAz91npKSGYqpYWlD%2Br%2B3GhVfIbjQefpw%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://g.cash-ads.com/?nc=Mv5cE6BIWfTdqEfSHiTnXh7uB9hbu%2FdS5KgLXnTj3xw%3D

Response headers

server: nginx
date: Wed, 17 Feb 2021 09:10:40 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=15768000; includeSubDomains
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
g.cash-ads.com/ Frame FF69 1 KB
1 KB 77ms
77ms Document
text/html 147.135.220.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://g.cash-ads.com/?nc=8Jjb2oDPQlTAz91npKSGYnWXqH6CWjhta6fQH7A8Qy8%3D

Requested by

Host: show.adorion.net
URL: https://show.adorion.net/in4.php?uid=480&e=0&s=1&p=1&w=468&h=60&sz=1&name=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

147.135.220.104 , France, ASN16276 (OVH, FR),

Reverse DNS