urlscan.io logo urlscan.io
SecurityTrails logo

www.jefffm.de Open in urlscan Pro
188.165.203.71  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.jefffm.de/
Submission: On December 05 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 32 IPs in 8 countries across 30 domains to perform 93 HTTP transactions. The main IP is 188.165.203.71, located in France and belongs to OVH, FR. The main domain is www.jefffm.de.
TLS certificate: Issued by R3 on November 21st 2022. Valid for: 3 months.
This is the only time www.jefffm.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 188.165.203.71 16276 (OVH)
8 18 104.20.46.59 13335 (CLOUDFLAR...)
1 192.243.61.227 39572 (ADVANCEDH...)
5 116.203.68.201 24940 (HETZNER-AS)
1 52.215.107.50 16509 (AMAZON-02)
13 2606:4700:1::... 13335 (CLOUDFLAR...)
1 116.203.114.203 24940 (HETZNER-AS)
1 2600:9000:225... 16509 (AMAZON-02)
3 6 3.66.53.110 16509 (AMAZON-02)
1 2a02:2638::3 44788 (ASN-CRITE...)
1 2a00:1450:400... 15169 (GOOGLE)
4 146.185.142.91 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
3 3 18.196.91.53 16509 (AMAZON-02)
2 2 52.58.191.156 16509 (AMAZON-02)
4 7 3.68.5.1 16509 (AMAZON-02)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:f48:1008... 47447 (TTM)
1 2 37.157.2.234 198622 (ADFORM)
1 185.184.8.90 204995 (RTB-HOUSE...)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 3 88.99.66.132 24940 (HETZNER-AS)
2 104.16.200.58 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 141.95.98.64 16276 (OVH)
2 2001:41d0:701... 16276 (OVH)
2 162.19.138.117 16276 (OVH)
4 198.244.155.26 16276 (OVH)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
2 4 141.95.108.187 16276 (OVH)
1 178.250.0.157 44788 (ASN-CRITE...)
2 4 45.77.230.212 20473 (AS-CHOOPA)
2 18.66.97.14 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
93 32
11    188.165.203.71 (France)

ASN16276 (OVH, FR)
PTR: klick4bier.de
www.jefffm.de
18    104.20.46.59 (None, )

ASN13335 (CLOUDFLARENET, US)
hads.adcocktail.com
tt.adcocktail.com
1    192.243.61.227 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
www.highconvertingformats.com
5    116.203.68.201 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: ads4allweb.de
www.ads4allweb.de
1    52.215.107.50 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-107-50.eu-west-1.compute.amazonaws.com
listen.openstream.co
13    2606:4700:1::6813:844e (United States)

ASN13335 (CLOUDFLARENET, US)
jsc.mgid.com
c.mgid.com
cdn.mgid.com
servicer.mgid.com
s-img.mgid.com
cm.mgid.com
1    116.203.114.203 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: wp.hansespace.de
www.happygoals.de
1    2600:9000:2251:f400:1c:4bbb:9180:93a1 (United States)

ASN16509 (AMAZON-02, US)
adserver.reklamstore.com
6    3.66.53.110 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: portal-cockpit.noctemque.com
turbopreise.de
1    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
4    146.185.142.91 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
ads.rekmob.com
1    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    18.196.91.53 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-91-53.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    52.58.191.156 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-191-156.eu-central-1.compute.amazonaws.com
ads.creative-serving.com
7    3.68.5.1 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: portal.noctemque.com
dealsrazor.com
1    2606:4700:10::6816:3643 (United States)

ASN13335 (CLOUDFLARENET, US)
www.billiger.de
1    2a00:f48:1008::230:234:10 (Germany)

ASN47447 (TTM, DE)
www.badart-shop.de
2    37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)
adx.adform.net
1    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
prebid-eu.creativecdn.com
2    2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
3    88.99.66.132 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: serv.ab-webservice.de
www.werbeflut.net
2    104.16.200.58 (None, )

ASN13335 (CLOUDFLARENET, US)
pixel.yabidos.com
2    2606:4700::6810:76c3 (United States)

ASN13335 (CLOUDFLARENET, US)
pre.glotgrx.com
2    141.95.98.64 (France)

ASN16276 (OVH, FR)
PTR: ns3216658.ip-141-95-98.eu
lb.eu-1-id5-sync.com
2    2001:41d0:701:1000::31ee (France)

ASN16276 (OVH, FR)
lbs.eu-1-id5-sync.com
2    162.19.138.117 (France)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu
id5-sync.com
4    198.244.155.26 (London, United Kingdom)

ASN16276 (OVH, FR)
takebest-prizes.life
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
4    141.95.108.187 (France)

ASN16276 (OVH, FR)
58.aspfefeel.live
1    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
4    45.77.230.212 (London, United Kingdom)

ASN20473 (AS-CHOOPA, US)
PTR: 45.77.230.212.vultrusercontent.com
appcloudgoal.com
2    18.66.97.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-14.fra56.r.cloudfront.net
adimg.rekmob.com
2    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
play.google.com
Apex Domain
Subdomains		 Transfer
18 adcocktail.com
hads.adcocktail.com — Cisco Umbrella Rank: 906889
tt.adcocktail.com — Cisco Umbrella Rank: 767518
5 KB
13 mgid.com
jsc.mgid.com — Cisco Umbrella Rank: 7611
c.mgid.com — Cisco Umbrella Rank: 5697
cdn.mgid.com — Cisco Umbrella Rank: 10293
servicer.mgid.com — Cisco Umbrella Rank: 7790
s-img.mgid.com — Cisco Umbrella Rank: 5272
cm.mgid.com — Cisco Umbrella Rank: 1514
169 KB
11 jefffm.de
www.jefffm.de
97 KB
7 dealsrazor.com
dealsrazor.com — Cisco Umbrella Rank: 557663
3 KB
6 rekmob.com
ads.rekmob.com — Cisco Umbrella Rank: 322679
adimg.rekmob.com — Cisco Umbrella Rank: 745751
27 KB
6 turbopreise.de
turbopreise.de
6 KB
5 ads4allweb.de
www.ads4allweb.de — Cisco Umbrella Rank: 767904
33 KB
4 appcloudgoal.com
appcloudgoal.com — Cisco Umbrella Rank: 198998
1 KB
4 aspfefeel.live
58.aspfefeel.live
3 KB
4 takebest-prizes.life
takebest-prizes.life
80 KB
4 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1209
lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1431
1 KB
4 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1107
id5-sync.com — Cisco Umbrella Rank: 476
34 KB
3 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 429
mug.criteo.com — Cisco Umbrella Rank: 2441
7 KB
3 werbeflut.net
www.werbeflut.net — Cisco Umbrella Rank: 931315
1 KB
3 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 322
1 KB
2 google.com
play.google.com — Cisco Umbrella Rank: 28
2 glotgrx.com
pre.glotgrx.com — Cisco Umbrella Rank: 7732
318 B
2 yabidos.com
pixel.yabidos.com — Cisco Umbrella Rank: 7609
25 KB
2 adform.net
adx.adform.net — Cisco Umbrella Rank: 4061
1 KB
2 creative-serving.com
ads.creative-serving.com — Cisco Umbrella Rank: 4400
1 KB
1 creativecdn.com
prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6154
180 B
1 badart-shop.de
www.badart-shop.de
1 billiger.de
www.billiger.de — Cisco Umbrella Rank: 101979
925 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65
41 KB
1 googleapis.com
imasdk.googleapis.com — Cisco Umbrella Rank: 437
124 KB
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 675
40 KB
1 reklamstore.com
adserver.reklamstore.com — Cisco Umbrella Rank: 357676
29 KB
1 happygoals.de
www.happygoals.de
497 B
1 openstream.co
listen.openstream.co — Cisco Umbrella Rank: 364938
1 highconvertingformats.com
www.highconvertingformats.com — Cisco Umbrella Rank: 470645
93 30
Domain Requested by
14 tt.adcocktail.com 8 redirects www.jefffm.de
tt.adcocktail.com
www.happygoals.de
www.werbeflut.net
11 www.jefffm.de www.jefffm.de
7 dealsrazor.com 4 redirects tt.adcocktail.com
6 turbopreise.de 3 redirects tt.adcocktail.com
5 www.ads4allweb.de www.jefffm.de
www.ads4allweb.de
4 appcloudgoal.com 2 redirects 58.aspfefeel.live
4 58.aspfefeel.live 2 redirects takebest-prizes.life
4 takebest-prizes.life tt.adcocktail.com
takebest-prizes.life
4 ads.rekmob.com adserver.reklamstore.com
www.ads4allweb.de
4 jsc.mgid.com www.ads4allweb.de
jsc.mgid.com
4 hads.adcocktail.com www.jefffm.de
hads.adcocktail.com
3 www.werbeflut.net 1 redirects www.happygoals.de
www.werbeflut.net
3 x.bidswitch.net 3 redirects
2 play.google.com appcloudgoal.com
2 adimg.rekmob.com www.ads4allweb.de
2 gum.criteo.com 1 redirects static.criteo.net
2 id5-sync.com cdn.id5-sync.com
2 lbs.eu-1-id5-sync.com cdn.id5-sync.com
2 lb.eu-1-id5-sync.com cdn.id5-sync.com
2 pre.glotgrx.com www.ads4allweb.de
2 pixel.yabidos.com adserver.reklamstore.com
pixel.yabidos.com
2 cdn.id5-sync.com jsc.mgid.com
2 cm.mgid.com jsc.mgid.com
2 s-img.mgid.com www.ads4allweb.de
2 adx.adform.net 1 redirects www.ads4allweb.de
2 servicer.mgid.com jsc.mgid.com
2 cdn.mgid.com www.ads4allweb.de
2 ads.creative-serving.com 2 redirects
1 mug.criteo.com www.jefffm.de
1 prebid-eu.creativecdn.com adserver.reklamstore.com
1 www.badart-shop.de www.jefffm.de
1 www.billiger.de 1 redirects
1 c.mgid.com jsc.mgid.com
1 www.googletagmanager.com adserver.reklamstore.com
1 imasdk.googleapis.com adserver.reklamstore.com
1 static.criteo.net adserver.reklamstore.com
1 adserver.reklamstore.com www.ads4allweb.de
1 www.happygoals.de www.ads4allweb.de
1 listen.openstream.co www.jefffm.de
1 www.highconvertingformats.com www.jefffm.de
93 40

This site contains no links.

Subject Issuer Validity Valid
jefffm.de
R3		 2022-11-21 -
2023-02-19		 3 months crt.sh
*.adcocktail.com
Thawte RSA CA 2018		 2022-03-17 -
2023-04-17		 a year crt.sh
highconvertingformats.com
R3		 2022-10-21 -
2023-01-19		 3 months crt.sh
ads4allweb.de
R3		 2022-11-01 -
2023-01-30		 3 months crt.sh
*.openstream.co
Amazon		 2022-08-18 -
2023-09-15		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-05-11 -
2023-05-11		 a year crt.sh
happygoals.de
R3		 2022-11-22 -
2023-02-20		 3 months crt.sh
adserver2.reklamstore.com
Amazon		 2022-05-24 -
2023-06-21		 a year crt.sh
turbopreise.de
R3		 2022-11-29 -
2023-02-27		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-11-08 -
2023-02-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
ads.rekmob.com
Sectigo RSA Domain Validation Secure Server CA		 2022-05-06 -
2023-05-08		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
dealsrazor.com
R3		 2022-11-19 -
2023-02-17		 3 months crt.sh
badart-shop.de
Sectigo RSA Domain Validation Secure Server CA		 2022-06-01 -
2023-06-01		 a year crt.sh
*.creativecdn.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-17 -
2023-04-12		 a year crt.sh
werbeflut.net
R3		 2022-11-28 -
2023-02-26		 3 months crt.sh
*.eu-1-id5-sync.com
R3		 2022-11-09 -
2023-02-07		 3 months crt.sh
*.id5-sync.com
R3		 2022-11-09 -
2023-02-07		 3 months crt.sh
takebest-prizes.life
R3		 2022-10-11 -
2023-01-09		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-10-31 -
2023-01-26		 3 months crt.sh
*.aspfefeel.live
R3		 2022-12-04 -
2023-03-04		 3 months crt.sh
appcloudgoal.com
R3		 2022-11-16 -
2023-02-14		 3 months crt.sh
adimg.rekmob.com
Amazon		 2022-05-01 -
2023-05-30		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh

This page contains 20 frames:

Primary Page: https://www.jefffm.de/
Frame ID: 554B1AB962C5E32C671A8AE6914037AA
Requests: 20 HTTP requests in this frame

Frame: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Frame ID: CCE79631CD94BE6529D0F7E03F65D4D0
Requests: 1 HTTP requests in this frame

Frame: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Frame ID: A20E9C4636AC7F108F4E0715057C07C8
Requests: 31 HTTP requests in this frame

Frame: https://www.ads4allweb.de/ads/textlinks.php
Frame ID: 2D776CFAEF9E03F4B89E341A9660A0C7
Requests: 13 HTTP requests in this frame

Frame: https://www.happygoals.de/ttrota.php
Frame ID: 618FCFF630D0B8FD69E04924BFEEFEBB
Requests: 1 HTTP requests in this frame

Frame: https://tt.adcocktail.com/tt_maaa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Frame ID: EECCD819DE5331AA43148C2E0087D904
Requests: 1 HTTP requests in this frame

Frame: https://www.badart-shop.de/antoniolupi-meteo-xxl-decken-einbaukopfbrause-mit-wasserfall-mit-led-edelstahl-poliert-weiss-meteoxxl-bal
Frame ID: C33781E84CF9B2C33B0A2D8276F463F9
Requests: 3 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1670227855284400033228
Frame ID: 229232BAC1CB95D19C3DC82F080D0953
Requests: 1 HTTP requests in this frame

Frame: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Frame ID: 31D26ADCFD9AA7B490B96C13A60ED369
Requests: 1 HTTP requests in this frame

Frame: https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
Frame ID: E0EFC6208DDC1E475D45D6611DAE0C26
Requests: 1 HTTP requests in this frame

Frame: https://www.werbeflut.net/kamp/frame_forced.php?code=dWlkPTE0MDMmYmlkPTQ4NDM0Mzcmc2lkPTE2MDImdjE9JnYyPSZyZWZlcmVyPWh0dHBzOi8vd3d3LmhhcHB5Z29hbHMuZGUv
Frame ID: 4D5C667AFC2A22C0EDA6B4809EFB6E3F
Requests: 1 HTTP requests in this frame

Frame: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Frame ID: 120B8D2225B36588788396FD5A09216F
Requests: 1 HTTP requests in this frame

Frame: https://tt.adcocktail.com/tt_maaa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Frame ID: 4BD804E49838394FE60BBC445F99CB4E
Requests: 1 HTTP requests in this frame

Frame: https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Frame ID: 880740BAB31DC67E9974E2D772C3238E
Requests: 6 HTTP requests in this frame

Frame: https://tt.adcocktail.com/tt_maaa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Frame ID: 9F3CFF211539A557F0B0DB70172596CD
Requests: 1 HTTP requests in this frame

Frame: https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Frame ID: 57B73BB19E4DD3A41382171C298479A0
Requests: 6 HTTP requests in this frame

Frame: https://takebest-prizes.life/media/mainstream/frame.html
Frame ID: 374790C737FE8F3E63C1EED8D6372FE6
Requests: 1 HTTP requests in this frame

Frame: https://takebest-prizes.life/media/mainstream/frame.html
Frame ID: A18FD35D16D6322AECC6F9A815530F9B
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.jefffm.de
Frame ID: 8261039C12C5C8AB5877B5236CB5D8B5
Requests: 2 HTTP requests in this frame

Frame: https://adimg.rekmob.com/logos/rs-b.png
Frame ID: EF32E4A4B8229E91E82E01D7B49563C0
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

JEFFFM.DE - CRAZY RADIO!

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

93
Requests

90 %
HTTPS

35 %
IPv6

30
Domains

40
Subdomains

32
IPs

8
Countries

722 kB
Transfer

1798 kB
Size

15
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://tt.adcocktail.com/tt_rota.php?uid=101162&wsid=219521 HTTP 302
  • https://tt.adcocktail.com/tt.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0 HTTP 302
  • https://tt.adcocktail.com/tt_ma.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de HTTP 302
  • https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Request Chain 39
  • https://x.bidswitch.net/sync?ssp=reklamstore HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=reklamstore HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=reklamstore&bsw_custom_parameter=5d3388c3-3929-4e65-8ece-e69a6a260add HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=reklamstore&bsw_custom_parameter=5d3388c3-3929-4e65-8ece-e69a6a260add HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=5995efaf-b547-4d66-bdc0-ba5a2ced2574&ssp=reklamstore&expires=30&user_group=5&bsw_param=5d3388c3-3929-4e65-8ece-e69a6a260add HTTP 302
  • https://ads.rekmob.com/retarget/pix?id=bs&cv=5d3388c3-3929-4e65-8ece-e69a6a260add&d=1
Request Chain 42
  • https://turbopreise.de/b/b-c1/de/distribution.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct&&m=1 HTTP 302
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct
Request Chain 46
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct&&m=1 HTTP 302
  • https://dealsrazor.com/co/co.php?locale=de&key=YmFuZy00LWJ1Y2s6Y2xpY2s6ZGF0YTpkZToxNjcwMjI3ODU1OlYxWkRFMDAxMTY3MDIyNzg1NTEzODlSMTAyMzA3 HTTP 302
  • https://www.billiger.de/common/modules/api/cmodul?mc=LlZ91pz8Oy9E&p=NcVvUc4vaJe7psz1QJeMbU95S-QCe_AmN6L0l9rGxGKojiPePuJYWVtzE57cpuHQP-wRhFHcFDwOyxeLE62OIEsCR3Xzb2PBZ9PZutTE04nx6m2crFSVTrB1JTimAMe9AnzovuV1WwN43dlgNy7pxw&id=4670364089&log=1cfc6955bcdc5611e3217a5e6c496624 HTTP 302
  • https://www.badart-shop.de/antoniolupi-meteo-xxl-decken-einbaukopfbrause-mit-wasserfall-mit-led-edelstahl-poliert-weiss-meteoxxl-bal
Request Chain 47
  • https://adx.adform.net/adx/?rp=4&bWlkPTE1ODAxMTY%3D&callback=adf__CIP2rNhhMtFw8UePuPyn HTTP 302
  • https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTE1ODAxMTY%3D&callback=adf__CIP2rNhhMtFw8UePuPyn
Request Chain 54
  • https://tt.adcocktail.com/tt_rota.php?uid=1867&wsid=212366 HTTP 302
  • https://tt.adcocktail.com/tt.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ== HTTP 302
  • https://tt.adcocktail.com/tt_ma.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de HTTP 302
  • https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Request Chain 55
  • https://www.werbeflut.net/kamp/rot.php?art=traffic&uid=1403&sid=1602 HTTP 302
  • https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
Request Chain 61
  • https://tt.adcocktail.com/tt.php?uid=5352&wid=35190&wsid=10088 HTTP 302
  • https://tt.adcocktail.com/tt_ma.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net HTTP 302
  • https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Request Chain 66
  • https://turbopreise.de/b/b-c1/de/distribution.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct&&m=1 HTTP 302
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct
Request Chain 68
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct&&m=1 HTTP 302
  • https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14
Request Chain 71
  • https://turbopreise.de/b/b-c1/de/distribution.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct&&m=1 HTTP 302
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct
Request Chain 72
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct&&m=1 HTTP 302
  • https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5
Request Chain 86
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=www.ads4allweb.de&sn=ChromeSyncframe&so=0&topUrl=www.jefffm.de&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=GzmarXxMeEVteDU2MWd4QTFGOXo0MnVncVJFKy8xQkQ4WkdOUGF0VjIzWlhERDk4eXhYb2VTR0ZkOGw1MmhsUVBSdmJPdkhPdzZMMVMvL3ZoS2lCd1dhMTNpK295cm5GUnQ0Z0p6elpIaDkxZURNaE5TQ1lBSnRXUUx3ZUlCNkVJV0dESGU4c0Vkc0JMZjFlc0IwMnVYdnpacUxHVzNMbWx0TDJGNFRrL0Jhcm1BNjRrVkg1ZnhFUlgxMVNoRDJZdGtNcThvLzJXdUdFSmNsNWZNVkc5QWNwbmUyeE1abkhWM1NpN3FlWlN4Q1pQUm5TRjNLa0tjUE44aUlXNy9BOGxkYWxLd2lxd3ZYT3dwb0N0K3ZzVmhVcCsvaDFNbDV3bFh1T3J5L0dYVFNuZTZCbz18&cppv=2
Request Chain 88
  • https://58.aspfefeel.live/web/?sid=t1~gm1fsroyz520h1i5qxybam4l HTTP 302
  • https://appcloudgoal.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
  • https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Request Chain 92
  • https://58.aspfefeel.live/web/?sid=t1~qpdzxozepjzw2zws1c0k5nu5 HTTP 302
  • https://appcloudgoal.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D HTTP 302
  • https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D

93 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.jefffm.de/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.jefffm.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
a167bf2e505e798a66b5fe6897f3b58e4716a944cef9d85ea69781b370dbfa9c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:53 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
style.css
www.jefffm.de/ 		2 KB
1004 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.jefffm.de/style.css
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
1ebd484ba31b9baa99927a85e0d885d9969e6a390faff9abd7644b7bfdb90c92

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:53 GMT
Content-Encoding
gzip
Last-Modified
Mon, 28 Feb 2022 22:26:09 GMT
Server
nginx
ETag
W/"621d4c01-845"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
logo.gif
www.jefffm.de/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/logo.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
b58d7f06bae5f9dfccec0c9b53a77640694a38b068bc53687052ddc125b5eb1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:53 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:06 GMT
Server
nginx
ETag
"621d4bfe-63f"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1599
welcome.gif
www.jefffm.de/images/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/welcome.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
9b5eb1d12ee14b27244e1846d6539989615a4714b96c9cc663fa05997dc00ba0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:07 GMT
Server
nginx
ETag
"621d4bff-35ea"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13802
hads.php
hads.adcocktail.com/ 		300 B
443 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hads.adcocktail.com/hads.php?uid=101162&wsid=219521
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25a99be70cd27e69e169dc74712ffb4ad2150204579dcbb2694773d0dddbaf57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:54 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Mon, 05 Dec 2022 08:10:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
note
CACHING IS DISABLED
cf-ray
774b4ed7aa076964-FRA
content-length
174
expires
Wed, 11 Jan 1984 05:00:00 GMT
invoke.js
www.highconvertingformats.com/cabd0dde796700b1dde42a47ad54b9a9/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.highconvertingformats.com/cabd0dde796700b1dde42a47ad54b9a9/invoke.js
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.22.0 /
Resource Hash

Request headers

Referer
https://www.jefffm.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Server
nginx/1.22.0
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
tt_maa.php
tt.adcocktail.com/ Frame CCE7
Redirect Chain
  • https://tt.adcocktail.com/tt_rota.php?uid=101162&wsid=219521
  • https://tt.adcocktail.com/tt.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0
  • https://tt.adcocktail.com/tt_ma.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de
  • https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
527 B
423 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ee329600aa5ce750ea9f3dd4f969f7d17c2138fa316ab7f10bfa0c3fe2db553

Request headers

Referer
https://www.jefffm.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4edd7ee66964-FRA
content-encoding
gzip
content-length
362
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:54 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4edd3e5d6964-FRA
content-encoding
gzip
content-length
20
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:54 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
location
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
rota.php
www.ads4allweb.de/api/kamp/ Frame A20E 		141 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ads4allweb.de/api/kamp/rota.php?sid=97&uid=1055&art=traffic
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
116.203.68.201 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
ads4allweb.de
Software
Apache /
Resource Hash
d96ef32083140658696e46e8f745b46bd5f18208a1409cd8f0e8f2dfea09d22a

Request headers

Referer
https://www.jefffm.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-control
no-cache
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
147
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:54 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Vary
Accept-Encoding
hads.js
hads.adcocktail.com/ 		2 KB
923 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hads.adcocktail.com/hads.js?id=5
Requested by
Host: hads.adcocktail.com
URL: https://hads.adcocktail.com/hads.php?uid=101162&wsid=219521
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfb5a8fbc114168fb6dd7ff8bf5cc5252911de90ec45745de6ab123d0f6173f8

Request headers

Referer
https://www.jefffm.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 05 Dec 2022 08:10:54 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Tue, 13 Feb 2018 09:29:06 GMT
server
cloudflare
etag
"858-56514a04f23c9-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
cf-ray
774b4edc7ce46964-FRA
content-length
798
hads.css
hads.adcocktail.com/ 		1 KB
559 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hads.adcocktail.com/hads.css?id=5
Requested by
Host: hads.adcocktail.com
URL: https://hads.adcocktail.com/hads.php?uid=101162&wsid=219521
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06fdaa80f5368e415d98230f5b8e8af9bb9b82baccecef5cb6e79273233af959

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:54 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Tue, 13 Feb 2018 09:32:08 GMT
server
cloudflare
etag
"4a6-56514ab1eb9c8-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
cf-ray
774b4edc7ce86964-FRA
content-length
449
hads_body.php
hads.adcocktail.com/ 		0
81 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hads.adcocktail.com/hads_body.php?uid=101162&wsid=219521
Requested by
Host: hads.adcocktail.com
URL: https://hads.adcocktail.com/hads.php?uid=101162&wsid=219521
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.jefffm.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:54 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Mon, 05 Dec 2022 08:10:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
note
CACHING IS DISABLED
cf-ray
774b4edc7cea6964-FRA
content-length
20
expires
Wed, 11 Jan 1984 05:00:00 GMT
menu.gif
www.jefffm.de/images/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/menu.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
4ce92d1d582cb3725b38804c9d863c0f2a4511d32dd7145d320e5a4b9fb16e1b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:07 GMT
Server
nginx
ETag
"621d4bff-3485"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13445
header.gif
www.jefffm.de/images/ 		405 B
636 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/header.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
38a10e565ac7992ddfcc46ff24046f7b6df9f246d8467a61fff7239b40cd3cc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:06 GMT
Server
nginx
ETag
"621d4bfe-195"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
405
dj.jpg
www.jefffm.de/images/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/dj.jpg
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
462a80b0d061624d58179eb09e5758adfcef444f776f5bd25468de35359390fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:06 GMT
Server
nginx
ETag
"621d4bfe-ca6e"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
51822
truncated
/ 		382 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type
image/svg+xml
middle.gif
www.jefffm.de/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/middle.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
8073a1533f3958f5b3dbc485bebd4657f223d5e1edc9f2a0471cf2e02327a720

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:07 GMT
Server
nginx
ETag
"621d4bff-997"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2455
middle2.gif
www.jefffm.de/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/middle2.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
3a4bc22ac259efbafe5154cd11cd6dcaa6b36fe0c10fa4e8d067b8426e5e8114

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:07 GMT
Server
nginx
ETag
"621d4bff-fbd"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4029
content.gif
www.jefffm.de/images/ 		354 B
585 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/content.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
2e09a1a6f2de4e6b4824994ded2d40401e1024d68c46ad35b26e1c78a50951dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:06 GMT
Server
nginx
ETag
"621d4bfe-162"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
354
audio.mp3
listen.openstream.co/4379/ 		0
0 		Media
General
Check archive.org
Download Go to
Full URL
https://listen.openstream.co/4379/audio.mp3
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.107.50 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-107-50.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.jefffm.de/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Range
bytes=0-

Response headers
truncated
/ 		180 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		518 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8b92536ccb6012dab68473917dd698973f41212fc7dc1da51c400a30d1e4a2a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Type
image/svg+xml
count.php
www.ads4allweb.de/api/ Frame A20E 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
116.203.68.201 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
ads4allweb.de
Software
Apache /
Resource Hash
81ed1ef8dd073b7278dcb8d9140129278a171d8c79d238d49afd93a0b876af85

Request headers

Referer
https://www.ads4allweb.de/api/kamp/rota.php?sid=97&uid=1055&art=traffic
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-control
no-cache
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1244
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:54 GMT
Keep-Alive
timeout=5, max=99
Server
Apache
Vary
Accept-Encoding
footer.gif
www.jefffm.de/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.jefffm.de/images/footer.gif
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
188.165.203.71 , France, ASN16276 (OVH, FR),
Reverse DNS
klick4bier.de
Software
nginx /
Resource Hash
ccd7ee273a19c5acf9e6e174f86c66b82518df9622d5ad4059b8f1d30838523d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.jefffm.de/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Mon, 28 Feb 2022 22:26:06 GMT
Server
nginx
ETag
"621d4bfe-1a1d"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6685
jquery-3.3.1.min.js
www.ads4allweb.de/js/ Frame A20E 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ads4allweb.de/js/jquery-3.3.1.min.js
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
116.203.68.201 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
ads4allweb.de
Software
Apache /
Resource Hash
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Nov 2022 07:57:55 GMT
Server
Apache
ETag
"1538f-5ec8c5093e6c0-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
30309
adframe.js
www.ads4allweb.de/api/ad/ Frame A20E 		18 B
298 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ads4allweb.de/api/ad/adframe.js
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
116.203.68.201 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
ads4allweb.de
Software
Apache /
Resource Hash
fb1de05487cbd9748085d35910b6f9877706b2a63c3cd64e2fadb9c318cb0505

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 08:10:54 GMT
Last-Modified
Fri, 16 Aug 2019 11:59:04 GMT
Server
Apache
ETag
"12-5903ab775b200"
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
18
ads4allweb.de.1298509.js
jsc.mgid.com/a/d/ Frame A20E 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jsc.mgid.com/a/d/ads4allweb.de.1298509.js
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af591382e3cddd1386d6d266c4916c2a0c4d5d2a1ff28e741e67b445f945ee28

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:54 GMT
x-amz-version-id
h5QiCXOU9il5gTiBTNL1mngIe1DF6Lvh
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
NC8KAD6HAXQFEJ1F
age
5568
cf-polished
origSize=2344
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
2INuNIz/2juk+jpQGAyfT1v9dHMKJY4C1GWInXkx4m4xpDkPSoIVTUQ0X8oRpTA/rKhQp1xtj7g=
cf-bgj
minify
last-modified
Wed, 23 Nov 2022 11:54:41 GMT
server
cloudflare
etag
W/"3cbe37ce4fcdd14ffbe6cc41ef31d898"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
cf-ray
774b4edd5abf9bd7-FRA
expires
Mon, 05 Dec 2022 11:10:54 GMT
ads4allweb.de.1366229.js
jsc.mgid.com/a/d/ Frame A20E 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jsc.mgid.com/a/d/ads4allweb.de.1366229.js
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9136a17423c8deb6eb906bdb24fca4977e34a129c135d26485c2a414df73247b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:54 GMT
x-amz-version-id
ckn8qxZ8.vj1Es0cmvk6bJtafK8VKXqf
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
7CAZW8XNDYBFTVXW
age
35
cf-polished
origSize=2344
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
AvHJ7wYbvwxaGTVFJcUH2HSU9byiNDVyFffdSUAd1ATB7vTMcAO/bDpZMnzK2NCTBWAHrV21Uck=
cf-bgj
minify
last-modified
Wed, 23 Nov 2022 12:02:06 GMT
server
cloudflare
etag
W/"362a1c803379b418701309ebc14b5655"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
cf-ray
774b4edd5ac29bd7-FRA
expires
Mon, 05 Dec 2022 11:10:54 GMT
textlinks.php
www.ads4allweb.de/ads/ Frame 2D77 		565 B
570 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ads4allweb.de/ads/textlinks.php
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
116.203.68.201 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
ads4allweb.de
Software
Apache /
Resource Hash
db847bfd3f03a0e10da9eeb39d4687c13e359feaf9e70f62f96352c2e606ca07

Request headers

Referer
https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
335
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:54 GMT
Keep-Alive
timeout=5, max=99
Server
Apache
Vary
Accept-Encoding
ttrota.php
www.happygoals.de/ Frame 618F 		349 B
497 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.happygoals.de/ttrota.php
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
116.203.114.203 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
wp.hansespace.de
Software
Apache /
Resource Hash
946c20e23d2d76f1a5a86e4b2ef24094b3740507ba80d361eb99655181d86542

Request headers

Referer
https://www.ads4allweb.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
261
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:55 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Vary
Accept-Encoding
reklamstore.js
adserver.reklamstore.com/ Frame 2D77 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adserver.reklamstore.com/reklamstore.js
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:f400:1c:4bbb:9180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
92e83fdf1ed8bb4a50fb72331cb20f536a1159ce55d523ebfca3441ce8e30294

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 07:39:00 GMT
content-encoding
gzip
via
1.1 0a71d283a25c1e3f082b4dbc9d844dfe.cloudfront.net (CloudFront)
last-modified
Mon, 28 Jun 2021 18:35:51 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
1915
etag
"78cf0f1f296c61b336db981022359dbc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
content-length
29778
x-amz-cf-id
KrmFHulgcgGEnh9dyqAUaHBqnqU1WXcQKw9BiBQ1cKJOYpp6BXGSFg==
ads4allweb.de.1298509.es6.js
jsc.mgid.com/a/d/ Frame A20E 		259 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jsc.mgid.com/a/d/ads4allweb.de.1298509.es6.js
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1298509.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5c35a073a359a534e542a222583313271a8a68cc7cc4e854732b188f6a44ade

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:54 GMT
x-amz-version-id
MuxqW6gDsK_jmGf1DWJD5jw2g_1pwcTi
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
ABYC9PB3C281Y97P
age
4532
cf-polished
origSize=265253
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
4K4+dlvHqUpoaebGohu6/MW2xZxbWVB7jpiyxFLMG70IszHjLKDMrVJF1bOyUHjCIGCAZ1z2De4=
cf-bgj
minify
last-modified
Wed, 23 Nov 2022 11:54:41 GMT
server
cloudflare
etag
W/"e38ec2ce3b2251a4f11841f658f995da"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
cf-ray
774b4edd8b1f9bd7-FRA
expires
Mon, 05 Dec 2022 11:10:54 GMT
ads4allweb.de.1366229.es6.js
jsc.mgid.com/a/d/ Frame A20E 		258 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jsc.mgid.com/a/d/ads4allweb.de.1366229.es6.js
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1366229.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5909bddce0ce42bdaecf445edea2418f01fa4cdaeb278a9428747d98b1bc9f98

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
x-amz-version-id
JGiVhL1LfAkMELteDclGMeVvsecwCjzL
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
ABY2C15SEND75950
cf-polished
origSize=263789
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
nYrLelRjz4IRvLVKjgQJU8XemRSNXWXfR/d5d2W7RaaN/Iahv5bt+wX5zfGxTXSHk5R9cFdRj4k=
cf-bgj
minify
last-modified
Wed, 23 Nov 2022 12:02:06 GMT
server
cloudflare
etag
W/"26a4767cc0e521bde9230851d40e3688"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=10800
cf-ray
774b4edd8b239bd7-FRA
expires
Mon, 05 Dec 2022 11:10:55 GMT
tt_maaa.php
tt.adcocktail.com/ Frame EECC 		184 B
265 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tt.adcocktail.com/tt_maaa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83caca219b854ba467ec47327998ff7d162dcd24d9d63f830ea16f200cf38194

Request headers

Referer
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4eddcf956964-FRA
content-encoding
gzip
content-length
182
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
distribution.php
turbopreise.de/b/b-c1/de/ Frame C337 		308 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://turbopreise.de/b/b-c1/de/distribution.php?t=direct&s=6661&pub=101162&sub=219521&c=0.000500
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.66.53.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
portal-cockpit.noctemque.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
677303ae5fe9e1693f89c09093904fe59835e0aa339d8707adfd0bdacec5e382

Request headers

Referer
https://tt.adcocktail.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
server
nginx/1.18.0 (Ubuntu)
368ea3ae-5560-4303-8977-e887eef71487
https://www.ads4allweb.de/ Frame A20E 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ads4allweb.de/368ea3ae-5560-4303-8977-e887eef71487
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Length
0
Content-Type
text/javascript
df5ad9a5-c099-4337-97a8-250646258e35
https://www.ads4allweb.de/ Frame A20E 		250 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ads4allweb.de/df5ad9a5-c099-4337-97a8-250646258e35
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Length
250
Content-Type
text/javascript
publishertag.js
static.criteo.net/js/ld/ Frame 2D77 		121 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
87f31cded62015a1d11cce6be7a32b77405de2fb36f4b8a7c2c5a4ccabd6a403
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Mon, 24 Oct 2022 11:21:19 GMT
server
nginx
etag
W/"6356752f-1e444"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 06 Dec 2022 08:10:55 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame A20E 		371 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
530040ebbfc1cd7a18f0537709371ccd55ec5ed96756cb4c121c2a56a33f8f19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
126620
x-xss-protection
0
expires
Mon, 05 Dec 2022 08:10:55 GMT
/
ads.rekmob.com/m/props/ Frame 2D77 		295 B
610 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.rekmob.com/m/props/?regionId=1108319
Requested by
Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.9.6 /
Resource Hash
1c7f5d021044f0161131e50b7caae9b013a4831a30fa0ca7141e96645d124ef5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 06:17:30 GMT
Content-Encoding
gzip
Server
nginx/1.9.6
X-Code
DE
Transfer-Encoding
chunked
Access-Control-Allow-Methods
*
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-Code
Vary
Accept-Encoding
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type,X-Code
gtm.js
www.googletagmanager.com/ Frame 2D77 		102 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NCM67V&l=rsdataLayer
Requested by
Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
93778f8f36cbac395e459037bec3d8532aa820b73d8b623165d6a74bfe1223e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41160
x-xss-protection
0
last-modified
Mon, 05 Dec 2022 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Dec 2022 08:10:55 GMT
pix
ads.rekmob.com/retarget/ Frame 2D77
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=reklamstore
  • https://x.bidswitch.net/ul_cb/sync?ssp=reklamstore
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=reklamstore&bsw_custom_parameter=5d3388c3-3929-4e65-8ece-e69a6a260add
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=reklamstore&bsw_custom_parameter=5d3388c3-3929-4e65-8ece-e69a6a260add
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=5995efaf-b547-4d66-bdc0-ba5a2ced2574&ssp=reklamstore&expires=30&user_group=5&bsw_param=5d3388c3-3929-4e65-8ece-e69a6a260add
  • https://ads.rekmob.com/retarget/pix?id=bs&cv=5d3388c3-3929-4e65-8ece-e69a6a260add&d=1
35 B
403 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.rekmob.com/retarget/pix?id=bs&cv=5d3388c3-3929-4e65-8ece-e69a6a260add&d=1
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
HTTP/1.1
Server
146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.9.6 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 06:17:30 GMT
Server
nginx/1.9.6
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
image/gif

Redirect headers

location
//ads.rekmob.com/retarget/pix?id=bs&cv=5d3388c3-3929-4e65-8ece-e69a6a260add&d=1
date
Mon, 05 Dec 2022 08:10:55 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
/
c.mgid.com/pv/ Frame A20E 		0
43 B 		Script
General
Check archive.org
Download Go to
Full URL
https://c.mgid.com/pv/?pv=5&cbuster=1670227855066190707957&uniqId=0de08&lct=1669161600&niet=4g&nisd=false&jsv=es6&iframe=2&ref=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fkamp%2Frota.php%3Fsid%3D97%26uid%3D1055%26art%3Dtraffic&cxurl=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fkamp%2Frota.php%3Fsid%3D97%26uid%3D1055%26art%3Dtraffic&pr=www.ads4allweb.de&lu=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fcount.php%3Fkid%3D22396%26sid%3D97%26uid%3D1055%26ref%3Dhttps%253A%252F%252Fjefffm.de%252F&sessionId=638da78f-0dae2&pageView=1&pvid=184e15686dbaa1ea2ea&site=797848&implVersion=11&dpr=1&tfre=193
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1298509.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
774b4ede4cbf9bd7-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
defdf1ca-a41f-4714-8cd6-43771c33f792
https://www.ads4allweb.de/ Frame A20E 		1 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
blob:https://www.ads4allweb.de/defdf1ca-a41f-4714-8cd6-43771c33f792
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Range
bytes=0-

Response headers

Content-Range
bytes 0-1492/1493
Content-Length
1493
Content-Type
video/mp4
red.php
dealsrazor.com/bc_d/ Frame C337
Redirect Chain
  • https://turbopreise.de/b/b-c1/de/distribution.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct&&m=1
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct
294 B
471 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTAxMTYyfDIxOTUyMXwxNjcwMjI3ODU0&ref=jefffm.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.68.5.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
portal.noctemque.com
Software
nginx /
Resource Hash
b78761d66e69b4d9d394120000fc5018ee85fd2fff318bfe6cc2c4a5729b5578

Request headers

Referer
https://turbopreise.de/b/b-c1/de/distribution.php?t=direct&s=6661&pub=101162&sub=219521&c=0.000500
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

0
Referrer-Policy
1
origin
cache-control
no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Thu, 1 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
location
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct
server
nginx/1.18.0 (Ubuntu)
mgid_ua.svg
cdn.mgid.com/images/mgid/ Frame A20E 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
BQQZ016TJQM3CQAQ
age
3228
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
H0ihdhm/EJhbcC+homFO+mab68DYYvx/mk6E6cpnOvsu3WasxL/t0xcMLjTuGMaSc4h2RuXW7vE=
last-modified
Tue, 08 Mar 2022 17:05:01 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag
W/"617c205137825561208ef7c1a2d8f319"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
774b4ede4ccf9bd7-FRA
expires
Tue, 06 Dec 2022 08:10:55 GMT
Adchoices.svg
cdn.mgid.com/images/logos/ Frame A20E 		836 B
909 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
HIT
x-amz-request-id
BQQP2P0ZGAY0CMXJ
age
870
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Cxr/h9GEH2cm2grnKHiXrIw5MioqY/kDhHlX9SIKfHkMPhFjrTu42FaOoPgYIABs4KQfQTtjm/c=
last-modified
Wed, 17 Feb 2021 18:15:53 GMT
server
cloudflare
x-amz-meta-s3cmd-attrs
atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag
W/"7d59364b7ed2df3f02507c9f92560df9"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
cf-ray
774b4ede4ccc9bd7-FRA
expires
Tue, 06 Dec 2022 08:10:55 GMT
16
servicer.mgid.com/1298509/ Frame A20E 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://servicer.mgid.com/1298509/16?pv=5&cbuster=1670227855133316915483&uniqId=0de08&lct=1669161600&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=468&h=73&wrongImageSize=1&cols=1&iframe=2&ref=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fkamp%2Frota.php%3Fsid%3D97%26uid%3D1055%26art%3Dtraffic&cxurl=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fkamp%2Frota.php%3Fsid%3D97%26uid%3D1055%26art%3Dtraffic&pr=www.ads4allweb.de&lu=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fcount.php%3Fkid%3D22396%26sid%3D97%26uid%3D1055%26ref%3Dhttps%253A%252F%252Fjefffm.de%252F&sessionId=638da78f-0dae2&pageView=1&pvid=184e15686dbaa1ea2ea&implVersion=11&dpr=1&tfre=259
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1298509.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84aca74504eb72c1fcb26b40c39b4aacc400d12747faf4f5cd334b7efacdebcc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
774b4edeadb09bd7-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
antoniolupi-meteo-xxl-decken-einbaukopfbrause-mit-wasserfall-mit-led-edelstahl-poliert-weiss-meteoxxl-bal
www.badart-shop.de/ Frame C337
Redirect Chain
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct&&m=1
  • https://dealsrazor.com/co/co.php?locale=de&key=YmFuZy00LWJ1Y2s6Y2xpY2s6ZGF0YTpkZToxNjcwMjI3ODU1OlYxWkRFMDAxMTY3MDIyNzg1NTEzODlSMTAyMzA3
  • https://www.billiger.de/common/modules/api/cmodul?mc=LlZ91pz8Oy9E&p=NcVvUc4vaJe7psz1QJeMbU95S-QCe_AmN6L0l9rGxGKojiPePuJYWVtzE57cpuHQP-wRhFHcFDwOyxeLE62OIEsCR3Xzb2PBZ9PZutTE04nx6m2crFSVTrB1JTimAMe9A...
  • https://www.badart-shop.de/antoniolupi-meteo-xxl-decken-einbaukopfbrause-mit-wasserfall-mit-led-edelstahl-poliert-weiss-meteoxxl-bal
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.badart-shop.de/antoniolupi-meteo-xxl-decken-einbaukopfbrause-mit-wasserfall-mit-led-edelstahl-poliert-weiss-meteoxxl-bal
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:f48:1008::230:234:10 , Germany, ASN47447 (TTM, DE),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options deny

Request headers

Referer
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=101162&s=6661&sub=219521&t=direct
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
cache-control
no-cache, private
content-encoding
br
content-length
35018
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
sw-invalidation-states
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
deny

Redirect headers

cache-control
max-age=0, no-cache=Set-Cookie, private
cf-cache-status
DYNAMIC
cf-ray
774b4edeef41914d-FRA
content-type
text/html; charset=us-ascii
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Mon, 05 Dec 2022 08:10:55 GMT
location
https://www.badart-shop.de/antoniolupi-meteo-xxl-decken-einbaukopfbrause-mit-wasserfall-mit-led-edelstahl-poliert-weiss-meteoxxl-bal
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding,User-Agent
x-request-id
85393770-6e30-40ce-9a47-45b213e92b3a
x-robots-tag
noindex
/
adx.adform.net/adx/ Frame 2D77
Redirect Chain
  • https://adx.adform.net/adx/?rp=4&bWlkPTE1ODAxMTY%3D&callback=adf__CIP2rNhhMtFw8UePuPyn
  • https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTE1ODAxMTY%3D&callback=adf__CIP2rNhhMtFw8UePuPyn
33 B
587 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTE1ODAxMTY%3D&callback=adf__CIP2rNhhMtFw8UePuPyn
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
H2
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
458ede8955f25ad0782507d0349a9834c368afd4dff2daeb05a525bb1db99532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
text/javascript
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age
86400
access-control-allow-credentials
true
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1

Redirect headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
location
https://adx.adform.net/adx/?CC=1&rp=4&bWlkPTE1ODAxMTY%3D&callback=adf__CIP2rNhhMtFw8UePuPyn
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
adp
ads.rekmob.com/m/ Frame 2D77 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.rekmob.com/m/adp?uid=313d75c2d9c241758ec863bf244b16c4&ufid=CIP2rNhhMtFw8UePuPyn&mobile_web=1&dt=3&os=3&jsonp=1&callback=rmb__CIP2rNhhMtFw8UePuPyn&ref=www.ads4allweb.de&_=1670227855166&crtg=-1
Requested by
Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.9.6 /
Resource Hash
501c6fc856ea090786c11c635e2e61d3bb8524a82661b2847c31f5dcbd62e457

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 06:17:30 GMT
Content-Encoding
gzip
Server
nginx/1.9.6
X-Code
DE
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/plain;charset=ISO-8859-1
Connection
keep-alive
/
prebid-eu.creativecdn.com/bidder/prebid/bids/ Frame 2D77 		0
180 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-eu.creativecdn.com/bidder/prebid/bids/
Requested by
Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS
ip-185-184-8-90.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ads4allweb.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.ads4allweb.de
date
Mon, 05 Dec 2022 08:10:55 GMT
access-control-allow-credentials
true
vary
Origin
access-control-max-age
3600
access-control-allow-methods
POST
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMS80MzkwMjkvNmVhM...
s-img.mgid.com/g/14776797/492x277/-/ Frame A20E 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/14776797/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0xMS80MzkwMjkvNmVhMTI0ZWJmMzVlN2MxMGQ5ZmVjNDlhZWQyY2Y2MDUucG5n.webp?v=1670227855-UmWTlK6y4eC_Dvp-0kVmVKbZtQTHDjP1KeWwcBX_Wbk
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fd24e7c378968529220d6592a240724568afc277e27fe5ba6efcef00bb0cc02

Request headers

Referer
https://www.ads4allweb.de/
Origin
https://www.ads4allweb.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
cf-cache-status
HIT
last-modified
Thu, 01 Dec 2022 10:38:44 GMT
x-mg-request-uuid
b6970dbe-fa67-4523-ba19-71d91dcdb7fc
server
cloudflare
age
3623
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
774b4edf9a11bb85-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7284
i.js
cm.mgid.com/ Frame A20E 		0
38 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cm.mgid.com/i.js?&cbuster=1670227855277211301626
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1298509.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:55 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
774b4edf8f6f9bd7-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
i-noref.js
cm.mgid.com/ Frame 2292 		0
101 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cm.mgid.com/i-noref.js?cbuster=1670227855284400033228
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1298509.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:55 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, max-age=0
cf-ray
774b4edf8f709bd7-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
id5-api.js
cdn.id5-sync.com/api/1.0/ Frame A20E 		57 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1298509.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 24 Nov 2022 12:48:29 GMT
server
cloudflare
x-amz-request-id
04PKM6SYK215195A
age
2852
etag
W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
774b4edfbe4d9040-FRA
x-amz-id-2
OvDykd+0Q9FmCmCLOA5yMEn7kcUOCbV/3+z5zQG5Kd3VqRKyIpVIEgLWddbqEkGCDY6/T8EUYxQ=
tt_maa.php
tt.adcocktail.com/ Frame 31D2
Redirect Chain
  • https://tt.adcocktail.com/tt_rota.php?uid=1867&wsid=212366
  • https://tt.adcocktail.com/tt.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==
  • https://tt.adcocktail.com/tt_ma.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de
  • https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
529 B
424 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Requested by
Host: www.happygoals.de
URL: https://www.happygoals.de/ttrota.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e0646dce659976e77e1090e577fd3cd7ebfe8f7ca5f1912f73455e1a86c5d36

Request headers

Referer
https://www.happygoals.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4ee07c9f6964-FRA
content-encoding
gzip
content-length
363
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4ee05c4f6964-FRA
content-encoding
gzip
content-length
20
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
location
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
ziel.php
www.werbeflut.net/kamp/ Frame E0EF
Redirect Chain
  • https://www.werbeflut.net/kamp/rot.php?art=traffic&uid=1403&sid=1602
  • https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
861 B
747 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
Requested by
Host: www.happygoals.de
URL: https://www.happygoals.de/ttrota.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.99.66.132 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
serv.ab-webservice.de
Software
Apache /
Resource Hash
66f0e566f633a384afa57e67617f03ad035b3da37380ac8ab0d09fedcee22f7b

Request headers

Referer
https://www.happygoals.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Encoding
gzip
Content-Length
548
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:55 GMT
Server
Apache
Vary
Accept-Encoding

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:55 GMT
Server
Apache
location
https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
fltiu.js
pixel.yabidos.com/ Frame 2D77 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=52939&s=www.ads4allweb.de&x=rekmob&nci=&adtg=313d75c2d9c241758ec863bf244b16c4&nai=&si=45575&pn=&h=60&w=468&bp=&pp=&ci=&ip=37.58.58.243&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/108.0.5359.94%20Safari/537.36
Requested by
Host: adserver.reklamstore.com
URL: https://adserver.reklamstore.com/reklamstore.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.200.58 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04e15c27c7c1e344842fec61d78bfb338739501f6d293a013d57a808efcc3674

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 30 Nov 2022 23:32:03 GMT
server
cloudflare
age
4983
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
774b4edfcfce920d-FRA
content-length
1168
expires
Mon, 05 Dec 2022 10:10:55 GMT
flimpobj.js
pixel.yabidos.com/ Frame 2D77 		31 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.yabidos.com/flimpobj.js?cb=1670227855350&ver1=2.2.3&qid=230383f5530383f5434353&rnd=ujtgdwgx2mia&cid=544
Requested by
Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=230383f5530383f5434353&cid=544&p=52939&s=www.ads4allweb.de&x=rekmob&nci=&adtg=313d75c2d9c241758ec863bf244b16c4&nai=&si=45575&pn=&h=60&w=468&bp=&pp=&ci=&ip=37.58.58.243&ai=&di=&mm=&os=&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/108.0.5359.94%20Safari/537.36
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.200.58 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02d5267190e72466ca3a4ce018b4d9dcbb65839812f366f22dbacaf2d3ef5ae7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 30 Nov 2022 23:32:03 GMT
server
cloudflare
age
3645
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
774b4edff812920d-FRA
content-length
24223
expires
Mon, 05 Dec 2022 10:10:55 GMT
vbl.gif
pre.glotgrx.com/ Frame 2D77 		26 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pre.glotgrx.com/vbl.gif?cb=1670227855395&rnd=ujtgdwgx2mia&ifm=2&uai=2&cid=544&s=www.ads4allweb.de&p=52939&x=rekmob&adtg=313d75c2d9c241758ec863bf244b16c4&ats=0&atf=&nsi=&si=45575&nci=&nai=&pft=0&iip=0&adb=0&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=&idl=&ttduid=&id5=&emh=
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:76c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
cf-cache-status
HIT
last-modified
Wed, 30 Nov 2022 23:31:54 GMT
server
cloudflare
age
1031
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
774b4ee0aaa16937-FRA
content-length
26
expires
Mon, 05 Dec 2022 10:10:55 GMT
nflrc.gif
pre.glotgrx.com/ Frame 2D77 		26 B
87 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pre.glotgrx.com/nflrc.gif?cb=1670227855385156&ver=1.2r81&qid=230383f5530383f5434353&p=52939&s=www.ads4allweb.de&x=rekmob&cid=544&od1=&od2=&adtg=313d75c2d9c241758ec863bf244b16c4&nci=&nai=&si=45575&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=ujtgdwgx2mia&impid=&idl=&ttduid=&id5=&emh=&tps=8&ver1=2.2.3&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/108.0.5359.94%20Safari/537.36&os=&mm=&di=&ip=37.58.58.243&ci=&pp=&bp=&w=468&h=60&pn=&1=78e5e63be085f40f9678f1c30bfc8c79&2=0.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%220%22%3A%22Chrome%2520PDF%2520Plugin%2520-%2520%2520-%2520internal-pdf-viewer%2520-%2520Portable%2520Document%2520Formatfl_br%22%2C%221%22%3A%22Chrome%2520PDF%2520Viewer%2520-%2520%2520-%2520mhjfbmdgcfjbbpaeojofohoefgiehjai%2520-%2520fl_br%22%2C%222%22%3A%22Native%2520Client%2520-%2520%2520-%2520internal-nacl-plugin%2520-%2520fl_br%22%7D%7D&6=2&7={%22e%22:%2211%22,%22m%22:%220%22,%22f%22:%223428%22}&ats=0&atf=&dbgcid=544&ifm=2&penv=b&pt=&ptbp=&tw=0&ldp=2&icpl=25&icp=https%253A//www.jefffm.de&irfl=114&irf=https%253A//www.ads4allweb.de/api/kamp/rota.php%253Fsidfl_eq54497fl_np544uidfl_eq5441055fl_np544artfl_eq544traffic&cty=4&fcs=0&flky=ver-fl-6-qid-fl-22-p-fl-5-s-fl-17-x-fl-6-cid-fl-3-od1-fl-0-od2-fl-0-adtg-fl-32-nci-fl-0-nai-fl-0-si-fl-5-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-idl-fl-0-ttduid-fl-0-id5-fl-0-emh-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-ua-fl-137-os-fl-0-mm-fl-0-di-fl-0-ip-fl-12-ci-fl-0-pp-fl-0-bp-fl-0-w-fl-3-h-fl-2-pn-fl-0-&spfp=0&spfnp=0&sp1=Chromefl_andWindows&sp2=Chromefl_andWindows&adv=0&det=1&adb=0&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=468x60&gpu=Intel%20Iris%20OpenGL%20Engine&ncf=4g_9.7_undefined_null_0_undefined_false&chua={%22architecture%22:%22%22,%22brands%22:[],%22mobile%22:false,%22model%22:%22%22,%22platform%22:%22%22,%22platformVersion%22:%22%22,%22uaFullVersion%22:%22%22}&fli=&flerr=0&trim=&fio=51
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:76c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:55 GMT
cf-cache-status
HIT
last-modified
Wed, 30 Nov 2022 23:31:54 GMT
server
cloudflare
age
5951
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
774b4ee0aaa46937-FRA
content-length
26
expires
Mon, 05 Dec 2022 10:10:55 GMT
frame_forced.php
www.werbeflut.net/kamp/ Frame 4D5C 		207 B
406 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.werbeflut.net/kamp/frame_forced.php?code=dWlkPTE0MDMmYmlkPTQ4NDM0Mzcmc2lkPTE2MDImdjE9JnYyPSZyZWZlcmVyPWh0dHBzOi8vd3d3LmhhcHB5Z29hbHMuZGUv
Requested by
Host: www.werbeflut.net
URL: https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
88.99.66.132 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
serv.ab-webservice.de
Software
Apache /
Resource Hash
21e3e39de64491d0f558a59c5ee788d23be1fa19237223a72a76204818d4ce48

Request headers

Referer
https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Encoding
gzip
Content-Length
207
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:55 GMT
Server
Apache
Vary
Accept-Encoding
tt_maa.php
tt.adcocktail.com/ Frame 120B
Redirect Chain
  • https://tt.adcocktail.com/tt.php?uid=5352&wid=35190&wsid=10088
  • https://tt.adcocktail.com/tt_ma.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net
  • https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
524 B
422 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Requested by
Host: www.werbeflut.net
URL: https://www.werbeflut.net/kamp/ziel.php?uid=1403&bid=4843437&sid=1602
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1052e52fdb7c49acb3bf155ef05ccab90aa25d60a0788ceb1de85054ed954b6

Request headers

Referer
https://www.werbeflut.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4ee13e1d6964-FRA
content-encoding
gzip
content-length
361
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4ee0ed7d6964-FRA
content-encoding
gzip
content-length
20
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
location
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
v1
lb.eu-1-id5-sync.com/lb/ Frame A20E 		33 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
fd8d4aae67a03b6ec9b9101570a16cba82c8f6af2e3eccf9250273097dfcef70
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.ads4allweb.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ads4allweb.de
date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
v1
lbs.eu-1-id5-sync.com/lbs/ Frame A20E 		54 B
231 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lbs.eu-1-id5-sync.com/lbs/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:41d0:701:1000::31ee , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
c726b0c972860735d191d7bd94e94b60f7d726e9eab4e8334c6477a1a4b7e718

Request headers

Referer
https://www.ads4allweb.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ads4allweb.de
date
Mon, 5 Dec 2022 08:10:55 GMT
content-length
54
vary
Origin
content-type
application/json
tt_maaa.php
tt.adcocktail.com/ Frame 4BD8 		188 B
247 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tt.adcocktail.com/tt_maaa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dce828883ae8eab843eafaf3ea9608554b19fc0238f85446c2ea7c1e17f90aa8

Request headers

Referer
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4ee0cd276964-FRA
content-encoding
gzip
content-length
186
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
distribution.php
turbopreise.de/b/b-c1/de/ Frame 8807 		306 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://turbopreise.de/b/b-c1/de/distribution.php?t=direct&s=6661&pub=1867&sub=212366&c=0.000500
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.66.53.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
portal-cockpit.noctemque.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d0978496387ee62c73c01fd3018ca2eee41d637c2ead6ae8e877126e5e4266fe

Request headers

Referer
https://tt.adcocktail.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
server
nginx/1.18.0 (Ubuntu)
red.php
dealsrazor.com/bc_d/ Frame 8807
Redirect Chain
  • https://turbopreise.de/b/b-c1/de/distribution.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct&&m=1
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct
292 B
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.68.5.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
portal.noctemque.com
Software
nginx /
Resource Hash
54ef39256cb7187baed55a268a09a6f67e25d59d02a173b62742cf3d1bb47541

Request headers

Referer
https://turbopreise.de/b/b-c1/de/distribution.php?t=direct&s=6661&pub=1867&sub=212366&c=0.000500
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

0
Referrer-Policy
1
origin
cache-control
no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Thu, 1 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
location
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct
server
nginx/1.18.0 (Ubuntu)
231.json
id5-sync.com/g/v2/ Frame A20E 		216 B
627 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/231.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.117 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533568.ip-162-19-138.eu
Software
/
Resource Hash
0af812103b41cd5d46e00a0ce086868c3708031e5f285a81beb97cfcc8bb8802
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.ads4allweb.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ads4allweb.de
date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
/
takebest-prizes.life/ Frame 8807
Redirect Chain
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct&&m=1
  • https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14
88 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8MTg2N3wyMTIzNjZ8MTY3MDIyNzg1NQ==&ref=happygoals.de/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.244.155.26 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
4ff22280fbac130a421a0821db5ddcf6b454f2b76a2e1412dc2bf5a1e08dd6bc

Request headers

Referer
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=1867&s=6661&sub=212366&t=direct
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
40100
Content-Type
text/html
Date
Mon, 05 Dec 2022 08:10:56 GMT
Server
nginx
cache-control
private
content-encoding
gzip
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Thu, 1 Jan 1970 00:00:00 GMT
location
https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14
pragma
no-cache
server
nginx
tt_maaa.php
tt.adcocktail.com/ Frame 9F3C 		184 B
241 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tt.adcocktail.com/tt_maaa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.20.46.59 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7edf3d63a74793bf5a4aaf9a46be8cae8ab33335b95bd6b490739ff64b3625c0

Request headers

Referer
https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
774b4ee17ea16964-FRA
content-encoding
gzip
content-length
181
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
note
CACHING IS DISABLED
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
distribution.php
turbopreise.de/b/b-c1/de/ Frame 57B7 		305 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://turbopreise.de/b/b-c1/de/distribution.php?t=direct&s=6661&pub=5352&sub=10088&c=0.000500
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.66.53.110 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
portal-cockpit.noctemque.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
26ffe338c82c3755f2cde371f6b21272b7d2fc064127c27497988dea0b9bf5ac

Request headers

Referer
https://tt.adcocktail.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
server
nginx/1.18.0 (Ubuntu)
red.php
dealsrazor.com/bc_d/ Frame 57B7
Redirect Chain
  • https://turbopreise.de/b/b-c1/de/distribution.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct&&m=1
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct
291 B
469 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.68.5.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
portal.noctemque.com
Software
nginx /
Resource Hash
edbac22774c739b8276482c027b631cae8dfa6144546e50e874519abf3a299e8

Request headers

Referer
https://turbopreise.de/b/b-c1/de/distribution.php?t=direct&s=6661&pub=5352&sub=10088&c=0.000500
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

0
Referrer-Policy
1
origin
cache-control
no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Thu, 1 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
location
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct
server
nginx/1.18.0 (Ubuntu)
/
takebest-prizes.life/ Frame 57B7
Redirect Chain
  • https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct&&m=1
  • https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5
88 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5
Requested by
Host: tt.adcocktail.com
URL: https://tt.adcocktail.com/tt_maa.php?adc_tan=MzUxOTB8NTM1MnwxMDA4OHwxNjcwMjI3ODU1&ref=werbeflut.net/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.244.155.26 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
d3009b5f52779718a7ec0746599398766102d4d38d257d7d6eba6e1bc938dbae

Request headers

Referer
https://dealsrazor.com/bc_d/red.php?c=0.000500&pub=5352&s=6661&sub=10088&t=direct
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
40098
Content-Type
text/html
Date
Mon, 05 Dec 2022 08:10:56 GMT
Server
nginx
cache-control
private
content-encoding
gzip
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
date
Mon, 05 Dec 2022 08:10:55 GMT
expires
Thu, 1 Jan 1970 00:00:00 GMT
location
https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5
pragma
no-cache
server
nginx
0245bcdd-7f1e-47ad-809b-e1da2e729854
https://www.ads4allweb.de/ Frame A20E 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ads4allweb.de/0245bcdd-7f1e-47ad-809b-e1da2e729854
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Length
0
Content-Type
text/javascript
a7c71383-9809-4dab-aac7-c2fee0728665
https://www.ads4allweb.de/ Frame A20E 		250 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ads4allweb.de/a7c71383-9809-4dab-aac7-c2fee0728665
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Content-Length
250
Content-Type
text/javascript
b5b3d671-3246-4abc-9afc-8bd582141c9f
https://www.ads4allweb.de/ Frame A20E 		1 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
blob:https://www.ads4allweb.de/b5b3d671-3246-4abc-9afc-8bd582141c9f
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Range
bytes=0-

Response headers

Content-Range
bytes 0-1492/1493
Content-Length
1493
Content-Type
video/mp4
16
servicer.mgid.com/1366229/ Frame A20E 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://servicer.mgid.com/1366229/16?mp4=1&ap=1&w=400&h=0&wrongImageSize=1&cols=1&pv=5&cbuster=1670227855993798365473&uniqId=1079c&lct=1669161600&niet=4g&nisd=false&jsv=es6&iframe=2&ref=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fkamp%2Frota.php%3Fsid%3D97%26uid%3D1055%26art%3Dtraffic&cxurl=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fkamp%2Frota.php%3Fsid%3D97%26uid%3D1055%26art%3Dtraffic&pr=www.ads4allweb.de&lu=https%3A%2F%2Fwww.ads4allweb.de%2Fapi%2Fcount.php%3Fkid%3D22396%26sid%3D97%26uid%3D1055%26ref%3Dhttps%253A%252F%252Fjefffm.de%252F&sessionId=638da78f-0dae2&pageView=0&pvid=184e15686dbaa1ea2ea&implVersion=11&dpr=1&tfre=1120
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1366229.es6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3aeafb3e40df0a0e0086b93f0b5ce8c6d5067e5b7741f547046694a9ea74859f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:56 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
774b4ee3f9799208-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmdvb2Qsd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMDYvNjEzOTM4LzJjMWI4N...
s-img.mgid.com/g/13311285/200x200/-/ Frame A20E 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s-img.mgid.com/g/13311285/200x200/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmdvb2Qsd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMDYvNjEzOTM4LzJjMWI4NzJlYTNlMDBlMjMzMWIyNDM3MGE0M2Y2MDUzLmpwZw.webp?v=1670227856-3ALwzL-VX8j5cxKamfyEdXOuuwyYNA6si2UbV31bkqY
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/api/count.php?kid=22396&sid=97&uid=1055&ref=https%3A%2F%2Fjefffm.de%2F
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:1::6813:844e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7341198e022ecc62c004818ab7da58fc3dc61ec923a864c466ac0e8ad6d375ab

Request headers

Referer
https://www.ads4allweb.de/
Origin
https://www.ads4allweb.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:56 GMT
cf-cache-status
HIT
last-modified
Sun, 04 Sep 2022 18:20:30 GMT
x-mg-request-uuid
77b90028-dbbc-49be-a2d1-fdde66fa534f
server
cloudflare
age
3490990
vary
Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
cache-control
immutable, max-age=31536000
accept-ranges
bytes
cf-ray
774b4ee45e6e9c0d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4184
id5-api.js
cdn.id5-sync.com/api/1.0/ Frame A20E 		57 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: jsc.mgid.com
URL: https://jsc.mgid.com/a/d/ads4allweb.de.1366229.es6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 08:10:56 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 24 Nov 2022 12:48:29 GMT
server
cloudflare
x-amz-request-id
04PKM6SYK215195A
age
2853
etag
W/"9ee82d693d1e83b3a37ee20226716f78"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
774b4ee44f079040-FRA
x-amz-id-2
OvDykd+0Q9FmCmCLOA5yMEn7kcUOCbV/3+z5zQG5Kd3VqRKyIpVIEgLWddbqEkGCDY6/T8EUYxQ=
frame.html
takebest-prizes.life/media/mainstream/ Frame 3747 		39 B
320 B 		Document
General
Check archive.org
Download Go to
Full URL
https://takebest-prizes.life/media/mainstream/frame.html
Requested by
Host: takebest-prizes.life
URL: https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.244.155.26 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

Request headers

Referer
https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-transform
Connection
keep-alive
Content-Length
39
Content-Type
text/html
Date
Mon, 05 Dec 2022 08:10:56 GMT
ETag
"60a50ff7-27"
Last-Modified
Wed, 19 May 2021 13:17:43 GMT
Server
nginx
Vary
Accept-Encoding
frame.html
takebest-prizes.life/media/mainstream/ Frame A18F 		39 B
320 B 		Document
General
Check archive.org
Download Go to
Full URL
https://takebest-prizes.life/media/mainstream/frame.html
Requested by
Host: takebest-prizes.life
URL: https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.244.155.26 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

Request headers

Referer
https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-transform
Connection
keep-alive
Content-Length
39
Content-Type
text/html
Date
Mon, 05 Dec 2022 08:10:56 GMT
ETag
"60a50ff7-27"
Last-Modified
Wed, 19 May 2021 13:17:43 GMT
Server
nginx
Vary
Accept-Encoding
v1
lb.eu-1-id5-sync.com/lb/ Frame A20E 		33 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
523ffb2cc8dce9b6c0656f3633b2a1963be634339d7993e867c4ec859f41a0e0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.ads4allweb.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ads4allweb.de
date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
v1
lbs.eu-1-id5-sync.com/lbs/ Frame A20E 		54 B
231 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lbs.eu-1-id5-sync.com/lbs/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2001:41d0:701:1000::31ee , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
a7520d7199d610f791cbf100927597b28e44abd068285e116ae1d701894c3264

Request headers

Referer
https://www.ads4allweb.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ads4allweb.de
date
Mon, 5 Dec 2022 08:10:56 GMT
content-length
54
vary
Origin
content-type
application/json
syncframe
gum.criteo.com/ Frame 8261 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.jefffm.de
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.ads4allweb.de/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 05 Dec 2022 08:10:56 GMT
server
Kestrel
server-processing-duration-in-ticks
877490
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
58.aspfefeel.live/sagxtadx/ Frame 57B7 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://58.aspfefeel.live/sagxtadx/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5&f=1&sid=t1~gm1fsroyz520h1i5qxybam4l&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrPxwFoLp045cKKwCjMthy%2FqA3bOsi%2FhbR3ZvqCx5AjGZlHSx%2BeX6e6VinM5PhZTKtODGjP%2BVU973ORXYeF%2FZnk0gKQxHbIuLK3ZpdUsVcHEB%2FWL7%2FmhhmtARj1VDbjH4NOuyeCdx21rpbCGH9TLGDUgGiefHtIY1kOIadP3V6Dj9ooMWprIFMkBnsLti2TlTGY%2Fa%2Fy7W8YNrmZ3piZBLDfMQf24s2W%2FzX4GxDQkaYZWJeB3yKsq6xcR0o0eOMBhBEs6pVqynaDoDxjiQt8vj4O1R3XAAjJaPAavfxvc%2FxZEX11Ogakd%2Bd2QzvKP%2FsO%2FdVDX6bKBm78BhBLp5SQn2gNK%2F3VTsLC16HIITIfXRJ001JvgzJfECaYaJ6EbczHUG35%2FvEGOUzOh1G%2Fs0hRXGOPTi0H4JJCihYOtP%2Foeh7baBedJD%2BqbXHnlq7%2BsJJebut4XnRcKGwMRbREcp8gSu6TZu8GnjAaywJrBhYItqhReMesdUmS3qoUz6Vn4%2BVrBWDAWWIBWiFCGDkrSBe%2BZntQM1VUMjVj8toRIm1pMwOzzgIYtaAhLGSALwiG4unCQPpWssFWNLqhOpHrMkhk5E%2FgzZ9IpPbsgjYv3hjjPebxZ%2FmnW3i7NQp2aZWfelJ1%2BLuLXvEjtO1GJY%2BqTYsT3UwaarrF0HyVYJ94VcnaZIX0Iv3KunC4BH3ql485h2j0sE93qk7NhObsJnWuDT9Bji%2F2H5tBRVpNW1ob7qX2CxjNq6N0%2B0utvyRJWd62PeXw2mWzgpHNb1X%2FZ%2F08Q7MwiLr%2B4Y80tWvFfki9IAZZy%2BaHIuzXDs6cSpoGMwSPz9hUOVwq4nkm4CGvkuj8dnOVrwqWLQoaosg6bDBX%2FhRHNblNmVen0aAs1S1APwQL9n3Id1Iy%2B5LxQogUzpplgrN%2Ba4bNj1tVg7fiaevzSRczm8DirK5E6v6FM89UY75f6D7N35NE8Qv22wjFHP6WizPfFFwflxXSfysGYGYPTfK5iHLkVeclHvMD9BJsdds%2FWbavGY4HTKU62EUHo%2BLffTGup0ggSFon8ZCEalkXJZ5rm3F2YHGXPTNPPbCHzBvw3ObBDo%2BX2dXlIIEMAnpKa2iTx3kvMHzzVZIEtwH%2FzxH%2BRgXXozN5b8L8EeLvHYcmvlZzPyxqzoj%2FpkbuCeDFQvBlUUCV1U3NlSeOmQ5rutEoyc%2FzjFw37fOnCoovRhpZbYdQV2b%2FD1aVdmyewvonrYKwCoLH6eYTHAO3d8MmAMhj4iRneagaPkPutl%2BwD047XnalKmeo%3D
Requested by
Host: takebest-prizes.life
URL: https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.108.187 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
7be72162ad1933f998a93f1f6fb262d8fad9fe440ce6ee814140e56300a904ea

Request headers

Referer
https://takebest-prizes.life/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
945
Content-Type
text/html
Date
Mon, 05 Dec 2022 08:10:56 GMT
Server
nginx
cache-control
private
content-encoding
gzip
vary
Accept-Encoding
/
58.aspfefeel.live/mhooicaj/ Frame 8807 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://58.aspfefeel.live/mhooicaj/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14&f=1&sid=t1~qpdzxozepjzw2zws1c0k5nu5&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrPxwFoLp045cKKwCjMthy%2FqA3bOsi%2FhbR3ZvqCx5AjGZlHSx%2BeX6e6VinM5PhZTKtODGjP%2BVU973ORXYeF%2FZnk0gKQxHbIuLK3ZpdUsVcHEB%2FWL7%2FmhhmtARj1VDbjH4NOuyeCdx21rpbCGH9TLGDUgGiefHtIY1kOIadP3V6Dj9ooMWprIFMkBnsLti2TlTGY%2Fa%2Fy7W8YNrmZ3piZBLDfMQf24s2W%2FzX4GxDQkaYZWJeB3yKsq6xcR0o0eOMBhBEs6pVqynaDoDxjiQt8vj4O1R3XAAjJaPAavfxvc%2FxZEX11Ogakd%2Bd2QzvKP%2FsO%2FdVDX6bKBm78BhBLp5SQn2gNK%2F3VTsLC16HIITIfXRJ001JvgzJfECaYaJ6EbczHUG35%2FvEGOUzOh1G%2Fs0hRXGOPTi0H4JJCihYOtP%2Foeh7baBedJD%2BqbXHnlq7%2BsJJebut4XnRcKGwMRbREcp8gSu6TZu8GnjAaywJrBhYItqhReMesdUmS3qoUz6Vn4%2BVrBWDAWWIBWiFCGDkrSBe%2BZntQM1VUMjVj8toRIm1pMwOzzgIYtaAhLGSALwiG4unCQPpWssFWNLqhOpHrMkhk5E%2FgzZ9IpPbsgjYv3hjjPebxZ%2FmnW3i7NQp2aZWfelJ1%2BLuLXvEjtO1GJY%2BqTYsT3UwaarrF0HyVYJ94VcnaZIX0Iv3KunC4BH3ql485h2j0sE93qk7NhObsJnWuDT9Bji%2F2H5tBRVpNW1ob7qX2CxjNq6N0%2B0utvyRJWd62PeXw2mWzgpHNb1X%2FZ%2F08Q7MwiLr%2B4Y80tWvFfki9IAZZy%2BaHIuzXDs6cSpoGMwSPz9hUOVwq4nkm4CGvkuj8dnOVrwqWLQoaosg6bDBX%2FhRHNblNmVen0aAs1S1APwQL9n3Id1Iy%2B5LxQogUzpplgrN%2Ba4bNj1tVg7fiaevzSRczm8DirK5E6v6FM89UY75f6D7N35NE8Qv22wjFHP6WizPfFFwflxXSfysGYGYPTfK5iHLkVeclHvMD9BJsdds%2FWbavGY4HTKU62EUHo%2BLffTGup0ggSFon8ZCEalkXJZ5rm3F2YHN3Z%2BXRKAmYkO%2FshLIcE0LFtugYzesglRpZm2UaTWF0KnTY0xk9xqcQGvrel022IMUI8DZsLp6qw0DVlIs471s4o8dSJX1UqvM0o5RnEE6JhIH5ljUa%2FS%2Bv70WIRTV4VHuhmsbkmcpqQboZJQEX4lEyfYgso3vm5IKrFev8zF72mFjbMzlgPqelowuvIBsqkfUqk9nzA4lPO4W0n6aSYFdI%3D
Requested by
Host: takebest-prizes.life
URL: https://takebest-prizes.life/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.108.187 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
fe871d8827e371bb07de72f8f39b74443e94a2c786344a4179960db1e1f9f918

Request headers

Referer
https://takebest-prizes.life/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
947
Content-Type
text/html
Date
Mon, 05 Dec 2022 08:10:56 GMT
Server
nginx
cache-control
private
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 8261
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=www.ads4allweb.de&sn=ChromeSyncframe&so=0&topUrl=www.jefffm.de&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=GzmarXxMeEVteDU2MWd4QTFGOXo0MnVncVJFKy8xQkQ4WkdOUGF0VjIzWlhERDk4eXhYb2VTR0ZkOGw1MmhsUVBSdmJPdkhPdzZMMVMvL3ZoS2lCd1dhMTNpK295cm5GUnQ0Z0p6elpIaDkxZURNaE5TQ1lBSnRXUUx3ZU...
436 B
657 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=GzmarXxMeEVteDU2MWd4QTFGOXo0MnVncVJFKy8xQkQ4WkdOUGF0VjIzWlhERDk4eXhYb2VTR0ZkOGw1MmhsUVBSdmJPdkhPdzZMMVMvL3ZoS2lCd1dhMTNpK295cm5GUnQ0Z0p6elpIaDkxZURNaE5TQ1lBSnRXUUx3ZUlCNkVJV0dESGU4c0Vkc0JMZjFlc0IwMnVYdnpacUxHVzNMbWx0TDJGNFRrL0Jhcm1BNjRrVkg1ZnhFUlgxMVNoRDJZdGtNcThvLzJXdUdFSmNsNWZNVkc5QWNwbmUyeE1abkhWM1NpN3FlWlN4Q1pQUm5TRjNLa0tjUE44aUlXNy9BOGxkYWxLd2lxd3ZYT3dwb0N0K3ZzVmhVcCsvaDFNbDV3bFh1T3J5L0dYVFNuZTZCbz18&cppv=2
Requested by
Host: www.jefffm.de
URL: https://www.jefffm.de/
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
fbaf2ac354e9aa6247e2e5145ae3b778c353e9cde50525de47ac8b3f5cd49c3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2631401
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Dec 2022 08:10:55 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=GzmarXxMeEVteDU2MWd4QTFGOXo0MnVncVJFKy8xQkQ4WkdOUGF0VjIzWlhERDk4eXhYb2VTR0ZkOGw1MmhsUVBSdmJPdkhPdzZMMVMvL3ZoS2lCd1dhMTNpK295cm5GUnQ0Z0p6elpIaDkxZURNaE5TQ1lBSnRXUUx3ZUlCNkVJV0dESGU4c0Vkc0JMZjFlc0IwMnVYdnpacUxHVzNMbWx0TDJGNFRrL0Jhcm1BNjRrVkg1ZnhFUlgxMVNoRDJZdGtNcThvLzJXdUdFSmNsNWZNVkc5QWNwbmUyeE1abkhWM1NpN3FlWlN4Q1pQUm5TRjNLa0tjUE44aUlXNy9BOGxkYWxLd2lxd3ZYT3dwb0N0K3ZzVmhVcCsvaDFNbDV3bFh1T3J5L0dYVFNuZTZCbz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
623062
content-length
0
expires
0
231.json
id5-sync.com/g/v2/ Frame A20E 		216 B
627 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/231.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.117 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533568.ip-162-19-138.eu
Software
/
Resource Hash
cf9c4a0a107a865e59b1f6c01056acf05e8b87db2c81cff1abf26fc34c8d234d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.ads4allweb.de/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.ads4allweb.de
date
Mon, 05 Dec 2022 08:10:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
away.php
appcloudgoal.com/ Frame 57B7
Redirect Chain
  • https://58.aspfefeel.live/web/?sid=t1~gm1fsroyz520h1i5qxybam4l
  • https://appcloudgoal.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
  • https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
283 B
432 B 		Document
General
Check archive.org
Download Go to
Full URL
https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Requested by
Host: 58.aspfefeel.live
URL: https://58.aspfefeel.live/sagxtadx/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5&f=1&sid=t1~gm1fsroyz520h1i5qxybam4l&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrPxwFoLp045cKKwCjMthy%2FqA3bOsi%2FhbR3ZvqCx5AjGZlHSx%2BeX6e6VinM5PhZTKtODGjP%2BVU973ORXYeF%2FZnk0gKQxHbIuLK3ZpdUsVcHEB%2FWL7%2FmhhmtARj1VDbjH4NOuyeCdx21rpbCGH9TLGDUgGiefHtIY1kOIadP3V6Dj9ooMWprIFMkBnsLti2TlTGY%2Fa%2Fy7W8YNrmZ3piZBLDfMQf24s2W%2FzX4GxDQkaYZWJeB3yKsq6xcR0o0eOMBhBEs6pVqynaDoDxjiQt8vj4O1R3XAAjJaPAavfxvc%2FxZEX11Ogakd%2Bd2QzvKP%2FsO%2FdVDX6bKBm78BhBLp5SQn2gNK%2F3VTsLC16HIITIfXRJ001JvgzJfECaYaJ6EbczHUG35%2FvEGOUzOh1G%2Fs0hRXGOPTi0H4JJCihYOtP%2Foeh7baBedJD%2BqbXHnlq7%2BsJJebut4XnRcKGwMRbREcp8gSu6TZu8GnjAaywJrBhYItqhReMesdUmS3qoUz6Vn4%2BVrBWDAWWIBWiFCGDkrSBe%2BZntQM1VUMjVj8toRIm1pMwOzzgIYtaAhLGSALwiG4unCQPpWssFWNLqhOpHrMkhk5E%2FgzZ9IpPbsgjYv3hjjPebxZ%2FmnW3i7NQp2aZWfelJ1%2BLuLXvEjtO1GJY%2BqTYsT3UwaarrF0HyVYJ94VcnaZIX0Iv3KunC4BH3ql485h2j0sE93qk7NhObsJnWuDT9Bji%2F2H5tBRVpNW1ob7qX2CxjNq6N0%2B0utvyRJWd62PeXw2mWzgpHNb1X%2FZ%2F08Q7MwiLr%2B4Y80tWvFfki9IAZZy%2BaHIuzXDs6cSpoGMwSPz9hUOVwq4nkm4CGvkuj8dnOVrwqWLQoaosg6bDBX%2FhRHNblNmVen0aAs1S1APwQL9n3Id1Iy%2B5LxQogUzpplgrN%2Ba4bNj1tVg7fiaevzSRczm8DirK5E6v6FM89UY75f6D7N35NE8Qv22wjFHP6WizPfFFwflxXSfysGYGYPTfK5iHLkVeclHvMD9BJsdds%2FWbavGY4HTKU62EUHo%2BLffTGup0ggSFon8ZCEalkXJZ5rm3F2YHGXPTNPPbCHzBvw3ObBDo%2BX2dXlIIEMAnpKa2iTx3kvMHzzVZIEtwH%2FzxH%2BRgXXozN5b8L8EeLvHYcmvlZzPyxqzoj%2FpkbuCeDFQvBlUUCV1U3NlSeOmQ5rutEoyc%2FzjFw37fOnCoovRhpZbYdQV2b%2FD1aVdmyewvonrYKwCoLH6eYTHAO3d8MmAMhj4iRneagaPkPutl%2BwD047XnalKmeo%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.77.230.212 London, United Kingdom, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.230.212.vultrusercontent.com
Software
openresty /
Resource Hash
03ca2af6185143f6d7090408d133bdae215cb3a518834fdb91fb1abee7b3a198

Request headers

Referer
https://58.aspfefeel.live/sagxtadx/?u=y85k60t&o=2fupueh&cid=a2ff3247d665ee3f8da95e77588ca2a5&f=1&sid=t1~gm1fsroyz520h1i5qxybam4l&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrPxwFoLp045cKKwCjMthy%2FqA3bOsi%2FhbR3ZvqCx5AjGZlHSx%2BeX6e6VinM5PhZTKtODGjP%2BVU973ORXYeF%2FZnk0gKQxHbIuLK3ZpdUsVcHEB%2FWL7%2FmhhmtARj1VDbjH4NOuyeCdx21rpbCGH9TLGDUgGiefHtIY1kOIadP3V6Dj9ooMWprIFMkBnsLti2TlTGY%2Fa%2Fy7W8YNrmZ3piZBLDfMQf24s2W%2FzX4GxDQkaYZWJeB3yKsq6xcR0o0eOMBhBEs6pVqynaDoDxjiQt8vj4O1R3XAAjJaPAavfxvc%2FxZEX11Ogakd%2Bd2QzvKP%2FsO%2FdVDX6bKBm78BhBLp5SQn2gNK%2F3VTsLC16HIITIfXRJ001JvgzJfECaYaJ6EbczHUG35%2FvEGOUzOh1G%2Fs0hRXGOPTi0H4JJCihYOtP%2Foeh7baBedJD%2BqbXHnlq7%2BsJJebut4XnRcKGwMRbREcp8gSu6TZu8GnjAaywJrBhYItqhReMesdUmS3qoUz6Vn4%2BVrBWDAWWIBWiFCGDkrSBe%2BZntQM1VUMjVj8toRIm1pMwOzzgIYtaAhLGSALwiG4unCQPpWssFWNLqhOpHrMkhk5E%2FgzZ9IpPbsgjYv3hjjPebxZ%2FmnW3i7NQp2aZWfelJ1%2BLuLXvEjtO1GJY%2BqTYsT3UwaarrF0HyVYJ94VcnaZIX0Iv3KunC4BH3ql485h2j0sE93qk7NhObsJnWuDT9Bji%2F2H5tBRVpNW1ob7qX2CxjNq6N0%2B0utvyRJWd62PeXw2mWzgpHNb1X%2FZ%2F08Q7MwiLr%2B4Y80tWvFfki9IAZZy%2BaHIuzXDs6cSpoGMwSPz9hUOVwq4nkm4CGvkuj8dnOVrwqWLQoaosg6bDBX%2FhRHNblNmVen0aAs1S1APwQL9n3Id1Iy%2B5LxQogUzpplgrN%2Ba4bNj1tVg7fiaevzSRczm8DirK5E6v6FM89UY75f6D7N35NE8Qv22wjFHP6WizPfFFwflxXSfysGYGYPTfK5iHLkVeclHvMD9BJsdds%2FWbavGY4HTKU62EUHo%2BLffTGup0ggSFon8ZCEalkXJZ5rm3F2YHGXPTNPPbCHzBvw3ObBDo%2BX2dXlIIEMAnpKa2iTx3kvMHzzVZIEtwH%2FzxH%2BRgXXozN5b8L8EeLvHYcmvlZzPyxqzoj%2FpkbuCeDFQvBlUUCV1U3NlSeOmQ5rutEoyc%2FzjFw37fOnCoovRhpZbYdQV2b%2FD1aVdmyewvonrYKwCoLH6eYTHAO3d8MmAMhj4iRneagaPkPutl%2BwD047XnalKmeo%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:56 GMT
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:56 GMT
Location
/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Server
openresty
Transfer-Encoding
chunked
rs-b.png
adimg.rekmob.com/logos/ Frame EF32 		471 B
911 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adimg.rekmob.com/logos/rs-b.png
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-14.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
df02aa33acd40ff99ac77551154f9fe7fd5a13dc1f782aac62ffb1a6a0f7f09c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Sun, 04 Dec 2022 11:01:25 GMT
Via
1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
Last-Modified
Thu, 26 Jul 2018 10:20:15 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P2
Age
76171
ETag
"5965d59f86a925e809f20a75e26c9d0c"
X-Cache
Hit from cloudfront
Content-Type
image/png
Connection
keep-alive
Content-Length
471
X-Amz-Cf-Id
EuiW0A5qWlaoA4Uel-Of5lQJGb1GAiqk1d1an2uq3G1ozekliyQo3w==
425ed8a5b36d4914aa298c1aa1835fdc
adimg.rekmob.com/ Frame EF32 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adimg.rekmob.com/425ed8a5b36d4914aa298c1aa1835fdc
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-14.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e5eaec74a8d2c88fd80c34040c61e97f366402c2fe8dc8ef6a1b3fd2e9a3c5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 06:51:59 GMT
Via
1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
Last-Modified
Wed, 20 May 2020 15:52:55 GMT
Server
AmazonS3
X-Amz-Cf-Pop
FRA56-P2
Age
4819
ETag
"373bb0579268fdc61771542229bc3701"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Connection
keep-alive
Content-Length
23144
X-Amz-Cf-Id
igLi_c7vDejMPMDE4zP77OnX7tgBbN6spXJrdpq2HZYl4iY-tNClng==
imp
ads.rekmob.com/m/ Frame EF32 		2 B
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.rekmob.com/m/imp?uid=313d75c2d9c241758ec863bf244b16c4&udid=90ed82f34a814c1bb11526dd740d2f6d&rid=NjM4ZGE3OGYwY2YyMDg4YzVhYjQ0M2Yz&adId=MTM1OQ==
Requested by
Host: www.ads4allweb.de
URL: https://www.ads4allweb.de/ads/textlinks.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
146.185.142.91 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.9.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.ads4allweb.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36

Response headers

Date
Mon, 05 Dec 2022 06:17:31 GMT
Server
nginx/1.9.6
Connection
keep-alive
X-Code
DE
Content-Length
2
Content-Type
image/avif;charset=ISO-8859-1
away.php
appcloudgoal.com/ Frame 8807
Redirect Chain
  • https://58.aspfefeel.live/web/?sid=t1~qpdzxozepjzw2zws1c0k5nu5
  • https://appcloudgoal.com/?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
  • https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
283 B
432 B 		Document
General
Check archive.org
Download Go to
Full URL
https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Requested by
Host: 58.aspfefeel.live
URL: https://58.aspfefeel.live/mhooicaj/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14&f=1&sid=t1~qpdzxozepjzw2zws1c0k5nu5&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrPxwFoLp045cKKwCjMthy%2FqA3bOsi%2FhbR3ZvqCx5AjGZlHSx%2BeX6e6VinM5PhZTKtODGjP%2BVU973ORXYeF%2FZnk0gKQxHbIuLK3ZpdUsVcHEB%2FWL7%2FmhhmtARj1VDbjH4NOuyeCdx21rpbCGH9TLGDUgGiefHtIY1kOIadP3V6Dj9ooMWprIFMkBnsLti2TlTGY%2Fa%2Fy7W8YNrmZ3piZBLDfMQf24s2W%2FzX4GxDQkaYZWJeB3yKsq6xcR0o0eOMBhBEs6pVqynaDoDxjiQt8vj4O1R3XAAjJaPAavfxvc%2FxZEX11Ogakd%2Bd2QzvKP%2FsO%2FdVDX6bKBm78BhBLp5SQn2gNK%2F3VTsLC16HIITIfXRJ001JvgzJfECaYaJ6EbczHUG35%2FvEGOUzOh1G%2Fs0hRXGOPTi0H4JJCihYOtP%2Foeh7baBedJD%2BqbXHnlq7%2BsJJebut4XnRcKGwMRbREcp8gSu6TZu8GnjAaywJrBhYItqhReMesdUmS3qoUz6Vn4%2BVrBWDAWWIBWiFCGDkrSBe%2BZntQM1VUMjVj8toRIm1pMwOzzgIYtaAhLGSALwiG4unCQPpWssFWNLqhOpHrMkhk5E%2FgzZ9IpPbsgjYv3hjjPebxZ%2FmnW3i7NQp2aZWfelJ1%2BLuLXvEjtO1GJY%2BqTYsT3UwaarrF0HyVYJ94VcnaZIX0Iv3KunC4BH3ql485h2j0sE93qk7NhObsJnWuDT9Bji%2F2H5tBRVpNW1ob7qX2CxjNq6N0%2B0utvyRJWd62PeXw2mWzgpHNb1X%2FZ%2F08Q7MwiLr%2B4Y80tWvFfki9IAZZy%2BaHIuzXDs6cSpoGMwSPz9hUOVwq4nkm4CGvkuj8dnOVrwqWLQoaosg6bDBX%2FhRHNblNmVen0aAs1S1APwQL9n3Id1Iy%2B5LxQogUzpplgrN%2Ba4bNj1tVg7fiaevzSRczm8DirK5E6v6FM89UY75f6D7N35NE8Qv22wjFHP6WizPfFFwflxXSfysGYGYPTfK5iHLkVeclHvMD9BJsdds%2FWbavGY4HTKU62EUHo%2BLffTGup0ggSFon8ZCEalkXJZ5rm3F2YHN3Z%2BXRKAmYkO%2FshLIcE0LFtugYzesglRpZm2UaTWF0KnTY0xk9xqcQGvrel022IMUI8DZsLp6qw0DVlIs471s4o8dSJX1UqvM0o5RnEE6JhIH5ljUa%2FS%2Bv70WIRTV4VHuhmsbkmcpqQboZJQEX4lEyfYgso3vm5IKrFev8zF72mFjbMzlgPqelowuvIBsqkfUqk9nzA4lPO4W0n6aSYFdI%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.77.230.212 London, United Kingdom, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.230.212.vultrusercontent.com
Software
openresty /
Resource Hash
03ca2af6185143f6d7090408d133bdae215cb3a518834fdb91fb1abee7b3a198

Request headers

Referer
https://58.aspfefeel.live/mhooicaj/?u=y85k60t&o=2fupueh&cid=71bd63fb69dacda08dbc36e3f1806b14&f=1&sid=t1~qpdzxozepjzw2zws1c0k5nu5&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrPxwFoLp045cKKwCjMthy%2FqA3bOsi%2FhbR3ZvqCx5AjGZlHSx%2BeX6e6VinM5PhZTKtODGjP%2BVU973ORXYeF%2FZnk0gKQxHbIuLK3ZpdUsVcHEB%2FWL7%2FmhhmtARj1VDbjH4NOuyeCdx21rpbCGH9TLGDUgGiefHtIY1kOIadP3V6Dj9ooMWprIFMkBnsLti2TlTGY%2Fa%2Fy7W8YNrmZ3piZBLDfMQf24s2W%2FzX4GxDQkaYZWJeB3yKsq6xcR0o0eOMBhBEs6pVqynaDoDxjiQt8vj4O1R3XAAjJaPAavfxvc%2FxZEX11Ogakd%2Bd2QzvKP%2FsO%2FdVDX6bKBm78BhBLp5SQn2gNK%2F3VTsLC16HIITIfXRJ001JvgzJfECaYaJ6EbczHUG35%2FvEGOUzOh1G%2Fs0hRXGOPTi0H4JJCihYOtP%2Foeh7baBedJD%2BqbXHnlq7%2BsJJebut4XnRcKGwMRbREcp8gSu6TZu8GnjAaywJrBhYItqhReMesdUmS3qoUz6Vn4%2BVrBWDAWWIBWiFCGDkrSBe%2BZntQM1VUMjVj8toRIm1pMwOzzgIYtaAhLGSALwiG4unCQPpWssFWNLqhOpHrMkhk5E%2FgzZ9IpPbsgjYv3hjjPebxZ%2FmnW3i7NQp2aZWfelJ1%2BLuLXvEjtO1GJY%2BqTYsT3UwaarrF0HyVYJ94VcnaZIX0Iv3KunC4BH3ql485h2j0sE93qk7NhObsJnWuDT9Bji%2F2H5tBRVpNW1ob7qX2CxjNq6N0%2B0utvyRJWd62PeXw2mWzgpHNb1X%2FZ%2F08Q7MwiLr%2B4Y80tWvFfki9IAZZy%2BaHIuzXDs6cSpoGMwSPz9hUOVwq4nkm4CGvkuj8dnOVrwqWLQoaosg6bDBX%2FhRHNblNmVen0aAs1S1APwQL9n3Id1Iy%2B5LxQogUzpplgrN%2Ba4bNj1tVg7fiaevzSRczm8DirK5E6v6FM89UY75f6D7N35NE8Qv22wjFHP6WizPfFFwflxXSfysGYGYPTfK5iHLkVeclHvMD9BJsdds%2FWbavGY4HTKU62EUHo%2BLffTGup0ggSFon8ZCEalkXJZ5rm3F2YHN3Z%2BXRKAmYkO%2FshLIcE0LFtugYzesglRpZm2UaTWF0KnTY0xk9xqcQGvrel022IMUI8DZsLp6qw0DVlIs471s4o8dSJX1UqvM0o5RnEE6JhIH5ljUa%2FS%2Bv70WIRTV4VHuhmsbkmcpqQboZJQEX4lEyfYgso3vm5IKrFev8zF72mFjbMzlgPqelowuvIBsqkfUqk9nzA4lPO4W0n6aSYFdI%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:56 GMT
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Dec 2022 08:10:56 GMT
Location
/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Server
openresty
Transfer-Encoding
chunked
details
play.google.com/store/apps/ Frame 57B7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Requested by
Host: appcloudgoal.com
URL: https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ZwdxbwW-ezo-f7mNqHUwxw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googletagmanager.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-ZwdxbwW-ezo-f7mNqHUwxw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googletagmanager.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-site
date
Mon, 05 Dec 2022 08:10:56 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-ua-compatible
IE=edge
x-xss-protection
0
details
play.google.com/store/apps/ Frame 8807 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://play.google.com/store/apps/details?id=com.zhiliaoapp.musically&hl=en&gl=US
Requested by
Host: appcloudgoal.com
URL: https://appcloudgoal.com/away.php?url=I4WHKFughjIM4OSrD1FhgflBuuchpNyX022dpkYZcRKOs%2BnHIiVJuj9KMLIJmLpbmQBltWEJtmiCqo%2BCL3smdYsLZJxTOx4KKCslpeNP9Sk06hpPcywqTw%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport script-src 'report-sample' 'nonce-HsT7G4AnuYJPH17a4P-EZg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googletagmanager.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport script-src 'report-sample' 'nonce-HsT7G4AnuYJPH17a4P-EZg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/PlayStoreUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googletagmanager.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="PlayStoreUi"
cross-origin-resource-policy
same-site
date
Mon, 05 Dec 2022 08:10:57 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"PlayStoreUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/PlayStoreUi/external"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-ua-compatible
IE=edge
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| oncontentvisibilityautostatechange object| atOptions undefined| obj function| ADCHADmoveTo function| ADCHADinit function| ADCHADslideDown function| ADCHADslideUp undefined| ns4 undefined| ie4 boolean| ns6 function| hads_addbookmark function| bookmarksite

15 Cookies

Domain/Path Name / Value
.mgid.com/ Name: __cf_bm
Value: pUgfWpqCg.khLjj3goG6dvoH1U52pGZ1Vr.FnMHmmRc-1670227854-0-AUoK5Os42uFmKjMDDM45jPwnxyAfAIYn0YOKt8N4eGOnM5hzt13Q3Bc/dvXCE238yjtH+8S7YVgeiwyJiq4NAUA=
.bidswitch.net/ Name: tuuid
Value: 5d3388c3-3929-4e65-8ece-e69a6a260add
.bidswitch.net/ Name: c
Value: 1670227855
.bidswitch.net/ Name: tuuid_lu
Value: 1670227855
.creative-serving.com/ Name: tuuid
Value: 5995efaf-b547-4d66-bdc0-ba5a2ced2574
.creative-serving.com/ Name: c
Value: 1670227855
.creative-serving.com/ Name: tuuid_lu
Value: 1670227855
.adform.net/ Name: C
Value: 1
www.billiger.de/ Name: billigerderevisit
Value: tag%3Dg8KjckKAznccXas-eo3tSnpEB7YxiJ1DB0geBtil
www.billiger.de/ Name: avVP-ZGPG_HZkYMvDR8GYix-NZeq52Q4UDXCed0_rBmA5pLOLrG-6s
Value: qSKZPafQmyyfK4kzrSJGiDbiAN2hZ0kww
www.billiger.de/ Name: billiger_session
Value: hcBuYOhRAlUg8KjckKAznccXas-eo3tSnpEB7YxiJ1DB0geBtil
.billiger.de/ Name: __cf_bm
Value: 3d7pdwq1yEKqFZcvRIGc7uccWdTXnojYZd4k9BF1Rag-1670227855-0-AeyVR6TELAM5oZW0AfNDihPoqA3GrdgvyGdlEYmihFlJc1yeL0DUGu8Amc3h+eq1/nhUNS3ezJdfUC/eHIwikiuToE7jY/tmtUgjUw0AIqqT
.adform.net/ Name: uid
Value: 2772752021645356110
.criteo.com/ Name: uid
Value: 9f5984d0-cc61-44a8-833f-21673acfe0b1
.google.com/ Name: NID
Value: 511=o-4Ys_KQhFBUd7mrq2zrLdszvC-JXY5ii8PK2GxpxVW5JADZBUxq8Jwk3MoGcV64q4pguzexwPkOMadoIZ8NXcKN1vlAEDTNr8bdgOF8XUh15lYWaWwcJqE6EEwNd-OvhCZWV0qkmDIzc50jh3uWjDKetsYhfBi_Iutn2a8bk98

12 Console Messages

Source Level URL
Text
javascript warning URL: https://www.jefffm.de/(Line 15)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.highconvertingformats.com/cabd0dde796700b1dde42a47ad54b9a9/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.jefffm.de/(Line 15)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.highconvertingformats.com/cabd0dde796700b1dde42a47ad54b9a9/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://www.highconvertingformats.com/cabd0dde796700b1dde42a47ad54b9a9/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://hads.adcocktail.com/hads.php?uid=101162&wsid=219521
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://hads.adcocktail.com/hads.js?id=5, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://hads.adcocktail.com/hads.php?uid=101162&wsid=219521
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://hads.adcocktail.com/hads.js?id=5, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://hads.adcocktail.com/hads.php?uid=101162&wsid=219521(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://hads.adcocktail.com/hads_body.php?uid=101162&wsid=219521, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security error URL: https://www.jefffm.de/(Line 66)
Message:
Mixed Content: The page at 'https://www.jefffm.de/' was loaded over HTTPS, but requested an insecure frame 'http://www.werbe-ads.de/kamp/rot.php?art=traffic&uid=114&sid=142'. This request has been blocked; the content must be served over HTTPS.
javascript warning URL: https://jsc.mgid.com/a/d/ads4allweb.de.1298509.es6.js(Line 324)
Message:
The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.badart-shop.de/' in a frame because it set 'X-Frame-Options' to 'deny'.
javascript warning URL: https://jsc.mgid.com/a/d/ads4allweb.de.1366229.es6.js(Line 276)
Message:
The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://play.google.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://play.google.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

58.aspfefeel.live
adimg.rekmob.com
ads.creative-serving.com
ads.rekmob.com
adserver.reklamstore.com
adx.adform.net
appcloudgoal.com
c.mgid.com
cdn.id5-sync.com
cdn.mgid.com
cm.mgid.com
dealsrazor.com
gum.criteo.com
hads.adcocktail.com
id5-sync.com
imasdk.googleapis.com
jsc.mgid.com
lb.eu-1-id5-sync.com
lbs.eu-1-id5-sync.com
listen.openstream.co
mug.criteo.com
pixel.yabidos.com
play.google.com
pre.glotgrx.com
prebid-eu.creativecdn.com
s-img.mgid.com
servicer.mgid.com
static.criteo.net
takebest-prizes.life
tt.adcocktail.com
turbopreise.de
www.ads4allweb.de
www.badart-shop.de
www.billiger.de
www.googletagmanager.com
www.happygoals.de
www.highconvertingformats.com
www.jefffm.de
www.werbeflut.net
x.bidswitch.net
104.16.200.58
104.20.46.59
116.203.114.203
116.203.68.201
141.95.108.187
141.95.98.64
146.185.142.91
162.19.138.117
178.250.0.157
18.196.91.53
18.66.97.14
185.184.8.90
188.165.203.71
192.243.61.227
198.244.155.26
2001:41d0:701:1000::31ee
2600:9000:2251:f400:1c:4bbb:9180:93a1
2606:4700:10::6816:3556
2606:4700:10::6816:3643
2606:4700:1::6813:844e
2606:4700::6810:76c3
2a00:1450:4001:811::200e
2a00:1450:4001:812::2008
2a00:1450:4001:830::200a
2a00:f48:1008::230:234:10
2a02:2638::1c
2a02:2638::3
3.66.53.110
3.68.5.1
37.157.2.234
45.77.230.212
52.215.107.50
52.58.191.156
88.99.66.132
02d5267190e72466ca3a4ce018b4d9dcbb65839812f366f22dbacaf2d3ef5ae7
03ca2af6185143f6d7090408d133bdae215cb3a518834fdb91fb1abee7b3a198
04e15c27c7c1e344842fec61d78bfb338739501f6d293a013d57a808efcc3674
06fdaa80f5368e415d98230f5b8e8af9bb9b82baccecef5cb6e79273233af959
0af812103b41cd5d46e00a0ce086868c3708031e5f285a81beb97cfcc8bb8802
1c7f5d021044f0161131e50b7caae9b013a4831a30fa0ca7141e96645d124ef5
1e0646dce659976e77e1090e577fd3cd7ebfe8f7ca5f1912f73455e1a86c5d36
1ebd484ba31b9baa99927a85e0d885d9969e6a390faff9abd7644b7bfdb90c92
21e3e39de64491d0f558a59c5ee788d23be1fa19237223a72a76204818d4ce48
25a99be70cd27e69e169dc74712ffb4ad2150204579dcbb2694773d0dddbaf57
26ffe338c82c3755f2cde371f6b21272b7d2fc064127c27497988dea0b9bf5ac
2e09a1a6f2de4e6b4824994ded2d40401e1024d68c46ad35b26e1c78a50951dd
38a10e565ac7992ddfcc46ff24046f7b6df9f246d8467a61fff7239b40cd3cc1
39fae3dc476aaaa594e2c963401633dd5d02eccb3c175eda03912cfe0f91c92e
3a4bc22ac259efbafe5154cd11cd6dcaa6b36fe0c10fa4e8d067b8426e5e8114
3aeafb3e40df0a0e0086b93f0b5ce8c6d5067e5b7741f547046694a9ea74859f
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3fd24e7c378968529220d6592a240724568afc277e27fe5ba6efcef00bb0cc02
458ede8955f25ad0782507d0349a9834c368afd4dff2daeb05a525bb1db99532
462a80b0d061624d58179eb09e5758adfcef444f776f5bd25468de35359390fd
4ce92d1d582cb3725b38804c9d863c0f2a4511d32dd7145d320e5a4b9fb16e1b
4ff22280fbac130a421a0821db5ddcf6b454f2b76a2e1412dc2bf5a1e08dd6bc
501c6fc856ea090786c11c635e2e61d3bb8524a82661b2847c31f5dcbd62e457
523ffb2cc8dce9b6c0656f3633b2a1963be634339d7993e867c4ec859f41a0e0
530040ebbfc1cd7a18f0537709371ccd55ec5ed96756cb4c121c2a56a33f8f19
54ef39256cb7187baed55a268a09a6f67e25d59d02a173b62742cf3d1bb47541
5909bddce0ce42bdaecf445edea2418f01fa4cdaeb278a9428747d98b1bc9f98
5ee329600aa5ce750ea9f3dd4f969f7d17c2138fa316ab7f10bfa0c3fe2db553
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
66f0e566f633a384afa57e67617f03ad035b3da37380ac8ab0d09fedcee22f7b
677303ae5fe9e1693f89c09093904fe59835e0aa339d8707adfd0bdacec5e382
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155
7341198e022ecc62c004818ab7da58fc3dc61ec923a864c466ac0e8ad6d375ab
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7be72162ad1933f998a93f1f6fb262d8fad9fe440ce6ee814140e56300a904ea
7edf3d63a74793bf5a4aaf9a46be8cae8ab33335b95bd6b490739ff64b3625c0
8073a1533f3958f5b3dbc485bebd4657f223d5e1edc9f2a0471cf2e02327a720
81ed1ef8dd073b7278dcb8d9140129278a171d8c79d238d49afd93a0b876af85
83caca219b854ba467ec47327998ff7d162dcd24d9d63f830ea16f200cf38194
84aca74504eb72c1fcb26b40c39b4aacc400d12747faf4f5cd334b7efacdebcc
87f31cded62015a1d11cce6be7a32b77405de2fb36f4b8a7c2c5a4ccabd6a403
8b92536ccb6012dab68473917dd698973f41212fc7dc1da51c400a30d1e4a2a8
9136a17423c8deb6eb906bdb24fca4977e34a129c135d26485c2a414df73247b
92e83fdf1ed8bb4a50fb72331cb20f536a1159ce55d523ebfca3441ce8e30294
93778f8f36cbac395e459037bec3d8532aa820b73d8b623165d6a74bfe1223e4
946c20e23d2d76f1a5a86e4b2ef24094b3740507ba80d361eb99655181d86542
9b5eb1d12ee14b27244e1846d6539989615a4714b96c9cc663fa05997dc00ba0
9e5eaec74a8d2c88fd80c34040c61e97f366402c2fe8dc8ef6a1b3fd2e9a3c5d
a167bf2e505e798a66b5fe6897f3b58e4716a944cef9d85ea69781b370dbfa9c
a7520d7199d610f791cbf100927597b28e44abd068285e116ae1d701894c3264
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
aeb779d96af4bfa1b664c203d52fbd9ef573b84a31b34314668325fc784e1b13
af591382e3cddd1386d6d266c4916c2a0c4d5d2a1ff28e741e67b445f945ee28
b1052e52fdb7c49acb3bf155ef05ccab90aa25d60a0788ceb1de85054ed954b6
b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88
b58d7f06bae5f9dfccec0c9b53a77640694a38b068bc53687052ddc125b5eb1f
b5c35a073a359a534e542a222583313271a8a68cc7cc4e854732b188f6a44ade
b78761d66e69b4d9d394120000fc5018ee85fd2fff318bfe6cc2c4a5729b5578
bfb5a8fbc114168fb6dd7ff8bf5cc5252911de90ec45745de6ab123d0f6173f8
c726b0c972860735d191d7bd94e94b60f7d726e9eab4e8334c6477a1a4b7e718
ccd7ee273a19c5acf9e6e174f86c66b82518df9622d5ad4059b8f1d30838523d
cf9c4a0a107a865e59b1f6c01056acf05e8b87db2c81cff1abf26fc34c8d234d
d0978496387ee62c73c01fd3018ca2eee41d637c2ead6ae8e877126e5e4266fe
d3009b5f52779718a7ec0746599398766102d4d38d257d7d6eba6e1bc938dbae
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
d96ef32083140658696e46e8f745b46bd5f18208a1409cd8f0e8f2dfea09d22a
db847bfd3f03a0e10da9eeb39d4687c13e359feaf9e70f62f96352c2e606ca07
dce828883ae8eab843eafaf3ea9608554b19fc0238f85446c2ea7c1e17f90aa8
df02aa33acd40ff99ac77551154f9fe7fd5a13dc1f782aac62ffb1a6a0f7f09c
e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edbac22774c739b8276482c027b631cae8dfa6144546e50e874519abf3a299e8
fb1de05487cbd9748085d35910b6f9877706b2a63c3cd64e2fadb9c318cb0505
fbaf2ac354e9aa6247e2e5145ae3b778c353e9cde50525de47ac8b3f5cd49c3f
fd8d4aae67a03b6ec9b9101570a16cba82c8f6af2e3eccf9250273097dfcef70
fe871d8827e371bb07de72f8f39b74443e94a2c786344a4179960db1e1f9f918