stfly.me Open in urlscan Pro
172.64.173.13 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://stfly.me/GryUvBMJ
Submission: On September 16 via manual (September 16th 2021, 4:37:46 pm UTC) from SG — Scanned from DE

Summary HTTP 56 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 4 countries across 17 domains to perform 56 HTTP transactions. The main IP is 172.64.173.13, located in United States and belongs to CLOUDFLARENET, US. The main domain is stfly.me.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 19th 2021. Valid for: a year.

This is the only time stfly.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	172.64.173.13 172.64.173.13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.185.234 142.250.185.234	15169 (GOOGLE) (GOOGLE)
6	104.21.48.154 104.21.48.154	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
1	23.109.82.72 23.109.82.72	7979 (SERVERS-COM) (SERVERS-COM)
3	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
5	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
1	142.250.74.195 142.250.74.195	15169 (GOOGLE) (GOOGLE)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	104.26.8.123 104.26.8.123	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
1	172.67.152.146 172.67.152.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	142.250.185.97 142.250.185.97	15169 (GOOGLE) (GOOGLE)
5	142.250.180.225 142.250.180.225	15169 (GOOGLE) (GOOGLE)
3	142.250.186.161 142.250.186.161	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2	139.45.195.254 139.45.195.254	9002 (RETN-AS) (RETN-AS)
56	22

7 172.64.173.13 (United States)

ASN13335 (CLOUDFLARENET, US)

stfly.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.21.48.154 (None, )

ASN13335 (CLOUDFLARENET, US)

account.adstripe.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

omchanseyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.109.82.72 (Netherlands)

ASN7979 (SERVERS-COM, US)

gimpybedderump.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

toglooman.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.8.123 (United States)

ASN13335 (CLOUDFLARENET, US)

static.lalaping.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.68 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.152.146 (United States)

ASN13335 (CLOUDFLARENET, US)

itsguider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.97 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f1.1e100.net

c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.180.225 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s34-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.254 (United Kingdom)

ASN9002 (RETN-AS, GB)

o.wowreality.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	google.com 1 redirects www.google.com adservice.google.com	36 KB
7	stfly.me stfly.me	65 KB
6	googlesyndication.com c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	23 KB
6	adstripe.net account.adstripe.net	91 KB
5	ampproject.org cdn.ampproject.org	102 KB
5	doubleclick.net securepubads.g.doubleclick.net googleads.g.doubleclick.net	151 KB
5	toglooman.com toglooman.com	124 KB
3	dozubatan.com dozubatan.com	30 KB
2	wowreality.info o.wowreality.info	395 B
2	rtmark.net my.rtmark.net	1 KB
2	omchanseyr.com omchanseyr.com	22 KB
1	google.de adservice.google.de	853 B
1	itsguider.com itsguider.com	907 B
1	lalaping.com static.lalaping.com	34 KB
1	gstatic.com fonts.gstatic.com	15 KB
1	gimpybedderump.com gimpybedderump.com	1 KB
1	googleapis.com fonts.googleapis.com	1 KB
56	17

	Domain	Requested by
7	stfly.me	stfly.me
6	www.google.com	1 redirects stfly.me
6	account.adstripe.net	stfly.me account.adstripe.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	toglooman.com	omchanseyr.com toglooman.com
4	securepubads.g.doubleclick.net	itsguider.com securepubads.g.doubleclick.net
3	tpc.googlesyndication.com	itsguider.com securepubads.g.doubleclick.net
3	dozubatan.com	omchanseyr.com dozubatan.com
2	o.wowreality.info	static.lalaping.com
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
2	my.rtmark.net	omchanseyr.com dozubatan.com
2	omchanseyr.com	stfly.me omchanseyr.com
1	googleads.g.doubleclick.net	itsguider.com
1	c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	itsguider.com	account.adstripe.net
1	static.lalaping.com	toglooman.com
1	fonts.gstatic.com	fonts.googleapis.com
1	gimpybedderump.com	stfly.me
1	fonts.googleapis.com	stfly.me
56	21

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-19` - `2022-05-18`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-23` - `2021-11-15`	3 months	crt.sh
omchanseyr.com R3	`2021-08-13` - `2021-11-11`	3 months	crt.sh
gimpybedderump.com R3	`2021-07-19` - `2021-10-17`	3 months	crt.sh
dozubatan.com R3	`2021-08-10` - `2021-11-08`	3 months	crt.sh
toglooman.com R3	`2021-09-07` - `2021-12-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2020-10-27` - `2021-11-26`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
wowreality.info R3	`2021-07-30` - `2021-10-28`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://stfly.me/GryUvBMJ
Frame ID: 3111D3F0FC8D7A29F318AB15BB2C1318
Requests: 26 HTTP requests in this frame

Frame: https://omchanseyr.com/fac.php
Frame ID: A1360258D083E012EE8B5DC86053E1DE
Requests: 2 HTTP requests in this frame

Frame: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
Frame ID: 83BC75952C901B15C5FE44B1FBB612A7
Requests: 5 HTTP requests in this frame

Frame: https://itsguider.com/336_2.php
Frame ID: 049254751931B91AB946FA24710672C6
Requests: 20 HTTP requests in this frame

Frame: https://c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 8B48230A403596E58396B8AB0BC80CAA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ShrinkMe.io

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

56
Requests

98 %
HTTPS

0 %
IPv6

17
Domains

21
Subdomains

22
IPs

4
Countries

699 kB
Transfer

2008 kB
Size

14
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

56 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request GryUvBMJ Show response
stfly.me/ 2 KB
2 KB 271ms
210ms Document
text/html 172.64.173.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.173.13 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4efa53a774e9e4a27e92eb450a0b6aaecf8285962f876dcf4b5e41c3adc7930

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: stfly.me
:scheme: https
:path: /GryUvBMJ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 16 Sep 2021 16:37:40 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2BpNn%2FBLT%2BS45y4HSimR1aK01zbR9OZ8zrdTqKhYhjKNun989FDSuIXRJWr3PHQjAKpfOry9Cq7y%2FLgHVUOH%2FJOFAUURNlyurkpddXVqjtFuSD%2FVrYUw4WrsGg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68fb8551ca0dee44-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 10 KB
1 KB 87ms
30ms Stylesheet
text/css 142.250.185.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.234 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f10.1e100.net

Software

ESF /

Resource Hash

23f84f0683fabc5b58499c70009645ee060caa794d6d2383024eaf2c99ce0584

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 16:00:20 GMT
server: ESF
date: Thu, 16 Sep 2021 16:37:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H2 200 bootstrap.min.css
stfly.me/customfiles/ 108 KB
18 KB 34ms
32ms Stylesheet
text/css 172.64.173.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/bootstrap.min.css

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.173.13 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /customfiles/bootstrap.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: stfly.me
referer: https://stfly.me/GryUvBMJ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/GryUvBMJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 438546
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1ae1b-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FVpvmiIQHy5ZlusT2RxM6sdcYfwRxh7UYWsz9zC%2B%2FJB0Yn7GGuiBqsY3LWhz%2FPvlUr8%2BFgCB7WVCW0XVaghzsIKXOnwGWRuVXVBHqAyHAjG%2Ba2ibgQ0s1sdybA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 68fb85534b4eee44-CDG
expires: Mon, 11 Oct 2021 14:48:35 GMT

GET
H2 200 main.css
stfly.me/customfiles/ 24 KB
5 KB 27ms
25ms Stylesheet
text/css 172.64.173.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/main.css

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.173.13 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /customfiles/main.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: stfly.me
referer: https://stfly.me/GryUvBMJ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/GryUvBMJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 438546
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"61d1-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wh01Plyx4e41yURevWAlOgng%2FLoer8GsHVY5qNf4aARJatQvApfO64YvN%2FQdTw1%2FIgSm5vSHT%2BpXHEOA1gcKBMKnImGEtJBrHDefEuEn6oOs62LFk8Uf%2Fzrvjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 68fb85534b51ee44-CDG
expires: Mon, 11 Oct 2021 14:48:35 GMT

GET
H2 200 custom.css
stfly.me/customfiles/ 47 KB
19 KB 30ms
29ms Stylesheet
text/css 172.64.173.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/custom.css

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.173.13 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /customfiles/custom.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: stfly.me
referer: https://stfly.me/GryUvBMJ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/GryUvBMJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 438546
cf-bgj: minify
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"bddd-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9AsqtgCCw0FGpyPGWpJ9ckEJpumx8xBEqWBz%2Bi6RmNBBLgSUkncsLy82xK6%2Fyo0Fh0QcDgNzwsFE2jTitefDvXTiC4bV13559P5cNDIeX2frdUQEY9BkM6A%2FAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 68fb85534b52ee44-CDG
expires: Mon, 11 Oct 2021 14:48:35 GMT

GET
H2 200 invisible.js Show response
stfly.me/cdn-cgi/challenge-platform/h/b/scripts/ 42 KB
15 KB 63ms
62ms Script
text/javascript 172.64.173.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stfly.me/cdn-cgi/challenge-platform/h/b/scripts/invisible.js
Requested by: Host: stfly.me
URL: https://stfly.me/GryUvBMJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.173.13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b720a83af84849e67725d63838252d4bd1ede75b94d0386bacf1df980cdcf3d2

Request headers

:path: /cdn-cgi/challenge-platform/h/b/scripts/invisible.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: stfly.me
referer: https://stfly.me/GryUvBMJ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/GryUvBMJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fnXDIiOmS84zBf%2BezzgnnEvhhfVQ%2BtVctB8Q5JpwouBHy4bCV8bRazxAw4pAUIPvqREIbDtXeW4J5KKMf%2BwnzmpfVNYTdwSqAzNhmdH61woHjAo6LTbO0mtg4A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 68fb85534b54ee44-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 items.php Show response
account.adstripe.net/display/ 62 KB
12 KB 262ms
205ms Script
application/javascript 104.21.48.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Requested by: Host: stfly.me
URL: https://stfly.me/GryUvBMJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.48.154 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43d249e8f2c858fa9c0928fe1c81eabf2d14fd69c0b30e189df8567557ccdaf7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma: no-cache
last-modified: Thu, 16 Sep 2021 16:37:41 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2l32iz2u6oJJ8ja%2BzBsHWK5SUKaD%2BsKwju3ub%2Bk8J7VKZ3%2ByUGmWcUxPdvXMS4xjbat55qmDwzDdTmEs1vyWwP4s6FQAI69DZcd2HXApobBNy1z%2Fs3X9yhvaLFbQ2REsEs3TQiEmUw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 68fb85539d933b43-CDG
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 apu.php Show response
omchanseyr.com/ 53 KB
21 KB 72ms
27ms Script
application/javascript 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/apu.php?zoneid=3381289

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ba300d8f417e2cbc9072d86692f85f859fc9d63e4bc07bdeec022e60e6ba5256

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: 5d79b7105573d28dfe2a84735790dbc5
pragma: no-cache
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://lilureem.com>; rel="preconnect dns-prefetch"
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK 30732 Show response
gimpybedderump.com/1clkn/ 6 B
1 KB 110ms
25ms Script
application/javascript 23.109.82.72
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://gimpybedderump.com/1clkn/30732

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

23.109.82.72 , Netherlands, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 16 Sep 2021 16:37:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=1
Keep-Alive: timeout=20

GET
H2 200 rocket-loader.min.js Show response
stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 20ms
20ms Script
application/javascript 172.64.173.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.173.13 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: stfly.me
referer: https://stfly.me/GryUvBMJ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/GryUvBMJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Sep 2021 16:30:56 GMT
server: cloudflare
etag: W/"61421fc0-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3TEV%2BVTMi2R3gLVedi49rQpZrZwHXk7j6TL6sdzu%2BqvWKQnYbM9JWqJkAZ64h0ooYtZRy59xgVqbnk3Evsx%2FfhQXY2XKMqBVspZ%2BdgeLWbSOJJ7qsqTgiMMSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68fb85534b55ee44-CDG
vary: Accept-Encoding
expires: Sat, 18 Sep 2021 16:37:41 GMT

GET
H2 200 4495548 Show response
dozubatan.com/400/ 84 KB
30 KB 82ms
32ms Script
application/javascript 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/400/4495548

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

816bbbd630b5b71b8d8e416231a70a820e499609e8412e9a20f68db1aa84b573

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-trace-id: 9d34c5966ff36755092c739d513690ea
pragma: no-cache
date: Thu, 16 Sep 2021 16:37:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
vary: Origin
content-type: application/javascript
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H2 200 1 Show response
toglooman.com/ 7 KB
4 KB 49ms
14ms Script
text/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/1?z=3968308
Requested by: Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 5812ff53a3e4ae16006720b917d236163b8d3374e063d438cd7289542e962ec1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Sep 2021 16:37:34 GMT
content-encoding: gzip
x-sc: f515Q8rEyX_gGCVIXsrIOI-9fxChpJHn0J6guqtpjLoogaiPzRpAj6uqiNTWGQbgQwOQTFG7_IO3M3fHkxxDRAz7gqI=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fac.php Show response
omchanseyr.com/ Frame A136 203 B
669 B 12ms
12ms Document
text/html 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://omchanseyr.com/fac.php

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/apu.php?zoneid=3381289

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

190a1b3034e75ede482b9ed6df2c50962bedf5040108ca306357cc4e17eea1ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: omchanseyr.com
:scheme: https
:path: /fac.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://stfly.me/
accept-encoding: gzip, deflate, br
cookie: OAID=1cfe2f98f3f341ada3869adcecb17358; oaidts=1631810261
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/

Response headers

server: nginx
date: Thu, 16 Sep 2021 16:37:41 GMT
content-type: text/html; charset=utf8
content-length: 203
x-trace-id: 723afd79f1107fd530e14df7f31022ba
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: * *
strict-transport-security: max-age=1
x-content-type-options: nosniff

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 14 KB
15 KB 79ms
23ms Font
font/woff2 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,400italic,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://stfly.me
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 14:18:31 GMT
x-content-type-options: nosniff
age: 353950
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:25 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Sep 2022 14:18:31 GMT

GET
H3 200 modernizr.min.js Show response
stfly.me/customfiles/ 1 KB
1 KB 23ms
23ms Script
application/javascript 172.64.173.13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stfly.me/customfiles/modernizr.min.js

Requested by

Host: stfly.me
URL: https://stfly.me/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.173.13 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /customfiles/modernizr.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: stfly.me
referer: https://stfly.me/GryUvBMJ
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/GryUvBMJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 438546
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 06 Oct 2020 10:59:12 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f6-5b0fe7d2f8000-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZVP%2F%2BiUuQs44TM5ZsN9PPN6eDZfWBja6FFnc63GfdF2MwTZd%2FVBgkECaP6rnpMykDgLZAGHSu63sBDXTOjmZ8LlvWgyNki7vdoHhrYLcwSTwLS%2FkDF924odvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 68fb8553efaf3317-CDG
expires: Mon, 11 Oct 2021 14:48:35 GMT

GET
H2 200 img.gif
my.rtmark.net/ Frame A136 43 B
491 B 47ms
13ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=1cfe2f98f3f341ada3869adcecb17358

Requested by

Host: omchanseyr.com
URL: https://omchanseyr.com/fac.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://omchanseyr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:37 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 25ee747051666bd9f2160653f1eb4417 Show response
toglooman.com/27/ 363 KB
119 KB 28ms
28ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://toglooman.com/27/25ee747051666bd9f2160653f1eb4417

Requested by

Host: toglooman.com
URL: https://toglooman.com/1?z=3968308

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

800b77de13058f70458365b0040ecef27e7a327167775e23133ca7af3b19a50d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 13 Sep 2021 07:31:52 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 13 Oct 2081 07:31:52 GMT

GET
H2 200 38 Show response
toglooman.com/42/ 0
496 B 51ms
50ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/42/38?z=3968308
Requested by: Host: toglooman.com
URL: https://toglooman.com/1?z=3968308
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Sep 2021 16:37:34 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 online.js Show response
static.lalaping.com/ 84 KB
34 KB 87ms
30ms Script
application/javascript 104.26.8.123
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.lalaping.com/online.js?ver=2.0.0
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/25ee747051666bd9f2160653f1eb4417
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.8.123 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40e9c0f2ebc41712958541bee3b48aa744ef21a0ff1efc5c87d5d683e8f128e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 23 Nov 2020 17:10:39 GMT
server: cloudflare
age: 4333
etag: W/"5fbbed0f-14f3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FKzlSAcUMgXotSrcWW0QCC4m0HCN3p4rp3uafCThgsk8nhQIIXnjNPMz0CHNwKxEVCQEqSd3IjdhE4tGSTnQtMIGbDGWCalwWdvzo5sbtTFs2mzRTfk6qOtwoD5KK1wPJMH9ns%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68fb85552c3365ac-LHR

POST
H2 200 9 Show response
toglooman.com/ 7 B
542 B 16ms
15ms XHR
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2FGryUvBMJ&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Requested by: Host: toglooman.com
URL: https://toglooman.com/27/25ee747051666bd9f2160653f1eb4417
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Request headers

Referer: https://stfly.me/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 16 Sep 2021 16:37:34 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://stfly.me
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 7
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 204 9
toglooman.com/ Frame 0
0 41ms
12ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://toglooman.com/9?z=3968308&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Fstfly.me%2FGryUvBMJ&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=1&sah=1200&drf=&hil=1&ist=0
Protocol: H2
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 16 Sep 2021 16:37:41 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://stfly.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 index.php Show response
account.adstripe.net/display/ Frame 83BC 7 KB
3 KB 230ms
208ms Document
text/html 104.21.48.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/items.php?21&1&336&280&1&0&0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.48.154 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42b0cf0bb031d9464a79b63bcd7090015b1b59173f7d68509f00fdf7d8d8bca9

Request headers

:method: GET
:authority: account.adstripe.net
:scheme: https
:path: /display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://stfly.me/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LF1b33iL8fcRQDfDE1RmNfq1VQBIJYjC8IrKp%2B4WE5Op5Fr2psySxkmc1Bv1B2TEOif%2BcX74DWqFwseY2g5skiBF4Nv9qtMeT4O%2BpGEnciaFp2IgLGoRGmG2DPqV6R9BVD8roxGptw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68fb85551d563b67-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 googlelogo_color_120x44dp.png
www.google.com/images/branding/googlelogo/2x/ 5 KB
6 KB 77ms
28ms Image
image/png 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_120x44dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

sffe /

Resource Hash

29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5087
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/1x/ 6 KB
6 KB 201ms
152ms Image
image/png 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

sffe /

Resource Hash

5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5969
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H2 200 googlelogo_color_272x92dp.png
www.google.com/images/branding/googlelogo/2x/ 13 KB
13 KB 89ms
40ms Image
image/png 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

sffe /

Resource Hash

262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13504
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H2 200 googlelogo_color_160x56dp.png
www.google.com/images/branding/googlelogo/2x/ 7 KB
7 KB 79ms
30ms Image
image/png 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_160x56dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

sffe /

Resource Hash

9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7048
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H2 200 googlelogo_color_90x40dp.png
www.google.com/images/branding/googlelogo/2x/ 4 KB
4 KB 88ms
40ms Image
image/png 142.250.185.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_90x40dp.png

Requested by

Host: stfly.me
URL: https://stfly.me/GryUvBMJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f4.1e100.net

Software

sffe /

Resource Hash

a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3934
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
538 B 13ms
12ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ba98298f33150ccf48b53207330834be64f51d9e09c108974f219c55cb8f4fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://stfly.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:37 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

OPTIONS
H2 200 4495548
dozubatan.com/500/ Frame 0
0 46ms
12ms Preflight 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/500/4495548?excludes=&oaid=1cfe2f98f3f341ada3869adcecb17358&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=2&pl=https%3A%2F%2Fstfly.me%2FGryUvBMJ&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

Protocol

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Thu, 16 Sep 2021 16:37:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: GET
access-control-allow-origin: https://stfly.me
access-control-max-age: 300
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 204 4495548 Show response
dozubatan.com/500/ 0
440 B 16ms
16ms XHR
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: dozubatan.com
URL: https://dozubatan.com/400/4495548

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://stfly.me/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: b09f87461b3dbbc1f3b1686549431c86
pragma: no-cache
date: Thu, 16 Sep 2021 16:37:37 GMT
x-content-type-options: nosniff
server: nginx
vary: Origin
access-control-allow-origin: https://stfly.me
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *
expires: Wed, 31 Dec 1969 19:00:00 EST

GET
H3 200 jquery.min.js Show response
account.adstripe.net/display/js/ Frame 83BC 243 KB
74 KB 29ms
28ms Script
application/javascript 104.21.48.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/display/js/jquery.min.js
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.48.154 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
age: 2519
etag: W/"3cd47-5c028f0d0e4c0-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zu2f3dv3AfupWzIy%2FB7BnGSaP4B4rOUZ2FsCzNMY6aMhBZ7a6Y%2B0kTPsdkH%2FnFNEwpojMV9%2FoS4H9kkZWpXEUbvm%2BHLeUEzRcevS8xg4fpHhQ7P%2Fl41Lsnvfxcsk63FgZaDro2s6%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68fb8556783a3b67-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 data.png
account.adstripe.net/images/ Frame 83BC 931 B
1 KB 28ms
27ms Image
image/png 104.21.48.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/images/data.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.48.154 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2519
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 931
last-modified: Sat, 17 Apr 2021 10:55:55 GMT
server: cloudflare
etag: "3a3-5c028f0d0e4c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXIXNH1eM2zgsIya0k3CPjmjmItiXn9rAdA1sGSrE5ZoEg8mFLQ5sHh4v4JTnzIQQC8P32QSfQ9WW5hlEE6VkLAh3Vetc04fDtPdmUt1D4zdc7QzQfobvv75lSTSx5iobeZQJVT1lg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68fb8556783e3b67-CDG

GET
H3 200 1-icon-1631612850.png
account.adstripe.net/upload/credit/ Frame 83BC 520 B
1 KB 31ms
31ms Image
image/png 104.21.48.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://account.adstripe.net/upload/credit/1-icon-1631612850.png
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.48.154 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37686e21368a0b36e01d982678a9dd462aa352fd90b9e53cc42a72ca557c6da6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2520
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 520
last-modified: Tue, 14 Sep 2021 09:47:30 GMT
server: cloudflare
etag: "208-5cbf17858585c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MsOV6HNE%2FfYkHD6C38rX%2FcW0lQTe5wmDAHSA%2FFSs%2FMujAlNr9tLCCf09yaeHpXWytf6JkBZ88AYczLt%2FFJd%2FqqOzxsY2wwbaxdOkFF4I%2BA68fDiz2fYBPqTSamJZxyDJ9FAL2bkvmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 68fb8556a8d03b67-CDG

GET
H2 200 336_2.php Show response
itsguider.com/ Frame 0492 619 B
907 B 169ms
115ms Document
text/html 172.67.152.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://itsguider.com/336_2.php
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.152.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 219b1c9ee955b022859c2860823ce24e456a458dd1b3ce99751cb43f257da72c

Request headers

:method: GET
:authority: itsguider.com
:scheme: https
:path: /336_2.php
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://account.adstripe.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0
expires: Thu, 16 Sep 2021 16:37:41 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdyFCoIyyz4NMasksuXRteRTeaFFZ%2FZ25APYifRCW5f0o7OHpDnCyDjMMImxaQJZKc97rIhfFc313Wlfj4JQ8Sxqa5rDmDfP48GdyUZcwob2UUlvyz5QH9vyjb4xwZyP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 68fb85574f18ee64-CDG
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 index.php Show response
account.adstripe.net/track/ Frame 83BC 131 B
643 B 202ms
201ms Script
application/javascript 104.21.48.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://account.adstripe.net/track/index.php?page=click/data/0|2|2|1|21|1|2|2|0|2|0.00055|0.00055|0|0/db492c0b5d624fce7a9ab8371b354bdc/1631810271/US/
Requested by: Host: account.adstripe.net
URL: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.48.154 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://account.adstripe.net/display/index.php?page=query/items/&aduid=21&pid=1&width=336&height=280&displaytype=1&native=0&device_type=large_dev_adblock&block_id=0&responsive=0&adcode_count=1&adSectionWidth=945&page_data=d7669939a3d3ed6b03796395583094b4&time=1631810261&deliver=stfly.me&search_keywords=&page_referrer=aHR0cHM6Ly9zdGZseS5tZS9HcnlVdkJNSg==&page_title=ShrinkMe.io&meta_description=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qTZdwuEmDFosBLtgzP5b4xDqQ7KYPITZZQ6fbZsa%2B5p4osPR%2BZS6DZs1%2BvUdA75vsY6M3gC%2BbAv2Y8nMDt5snAJQBjlS0gQnlcKgX72UOFLTJwtIaoTg49EPFUF%2BEJhBfv9%2Fw2g8Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 68fb8556f97a3b67-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 0492 71 KB
25 KB 79ms
30ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

fbce40f2fbbbdecbc4cf5a4e161aab0e990eb487694addf7ecc4e16e8b959ad6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "988 / 633 of 1000 / last-modified: 1631790621"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25015
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H3 200 pubads_impl_2021091504.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 0492 332 KB
116 KB 73ms
42ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

f42f55dabbb15175140e8f22510310cbeefe9d766975ce806a9d6f8d9444e66f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118865
x-xss-protection: 0
last-modified: Wed, 15 Sep 2021 18:36:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Sep 2021 16:37:41 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 0492 107 B
853 B 86ms
30ms Script
application/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Sep 2021 16:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 0492 107 B
570 B 88ms
32ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=itsguider.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Sep 2021 16:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 0492 40 KB
10 KB 269ms
269ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2560453512400031&correlator=137081853255565&output=ldjh&impl=fifs&eid=31062645%2C31062564&vrg=2021091504&ptt=17&sc=1&sfv=1-0-38&ecs=20210916&iu_parts=360613911%2Citsguider.com_RedMas2021&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&cdm=itsguider.com&bc=31&abxe=1&lmt=1631810262&dt=1631810262035&dlt=1631810261752&idt=259&ea=0&frm=8&biw=-12245933&bih=-12245933&isw=336&ish=280&oid=3&adxs=0&adys=0&adks=1993164460&ucis=ep4xf4xu5tb5&ifi=1&ifk=1655395692&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fitsguider.com%2F336_2.php&ref=https%3A%2F%2Faccount.adstripe.net%2F&top=https%3A%2F%2Faccount.adstripe.net%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=336x280&msz=336x280&ga_vid=1370593597.1631810262&ga_sid=1631810262&ga_hid=1096145098&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

c9b469f1da1ced5d98160fccdd38097389d0bb9476282d4be193db427f373d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 16:37:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10216
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://itsguider.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8B48 6 KB
4 KB 150ms
31ms Document
text/html 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html?n=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://itsguider.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 16 Sep 2021 16:37:42 GMT
expires: Fri, 16 Sep 2022 16:37:42 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012109032350000/ Frame 0492 189 KB
55 KB 143ms
36ms Script
text/javascript 142.250.180.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109032350000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f1.1e100.net

Software

sffe /

Resource Hash

5b50180d19361f6fe64b58067f1a933a07fe538c8d88c81497076713b2872957

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 257426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55553
x-xss-protection: 0
server: sffe
date: Mon, 13 Sep 2021 17:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ff855bcab669fc1a"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 17:07:16 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012109032350000/v0/ Frame 0492 13 KB
5 KB 206ms
99ms Script
text/javascript 142.250.180.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109032350000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f1.1e100.net

Software

sffe /

Resource Hash

b0dd411f02f5b629666261dc8dd9ac72bef9d6fb1fbacddb4463919343734e28

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 257426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4990
x-xss-protection: 0
server: sffe
date: Mon, 13 Sep 2021 17:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a08f7255b8f87285"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 17:07:16 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012109032350000/v0/ Frame 0492 89 KB
28 KB 212ms
106ms Script
text/javascript 142.250.180.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109032350000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f1.1e100.net

Software

sffe /

Resource Hash

ae625e9e6b3122d32b8d11214bd5cc002949da0c906f9418053f6a23a821ec5c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 257426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28534
x-xss-protection: 0
server: sffe
date: Mon, 13 Sep 2021 17:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fcb7bfffafc8a349"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 17:07:16 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012109032350000/v0/ Frame 0492 4 KB
2 KB 225ms
119ms Script
text/javascript 142.250.180.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109032350000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f1.1e100.net

Software

sffe /

Resource Hash

f599aefbfabdfe52cc2ad3ed7db44f24b715b50c263438c4cd7818f728f51073

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 257426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1640
x-xss-protection: 0
server: sffe
date: Mon, 13 Sep 2021 17:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8affbe378de64f77"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 17:07:16 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012109032350000/v0/ Frame 0492 40 KB
13 KB 226ms
120ms Script
text/javascript 142.250.180.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109032350000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f1.1e100.net

Software

sffe /

Resource Hash

5273296fe3bf7de7a8a3e91d887085df23af6452519e0b654aeb712aa5d0df95

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 257426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12817
x-xss-protection: 0
server: sffe
date: Mon, 13 Sep 2021 17:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "326015506c318bde"
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 17:07:16 GMT

GET
DATA 200
OK truncated
/ Frame 0492 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65dca1ff4306146358f0d7d608621e19a1cd9dc253afdeb33305b2a1ebb4c0e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 3361100339447005383
tpc.googlesyndication.com/simgad/ Frame 0492 7 KB
8 KB 74ms
24ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3361100339447005383?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkAHDpE4sQEe1LlFbOjVHPMDnA4jA

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

ec535409f1e4dabab63ccfc7d7423b478f8754181e1f0d683d4100c04495d07d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 13 Sep 2021 07:34:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 08:34:06 GMT
server: sffe
age: 291814
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7539
x-xss-protection: 0
expires: Tue, 13 Sep 2022 07:34:08 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0492 2 KB
3 KB 77ms
28ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Sep 2021 14:19:22 GMT
x-content-type-options: nosniff
server: cafe
age: 8300
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Fri, 17 Sep 2021 14:19:22 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0492 295 B
777 B 73ms
23ms Image
image/png 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: itsguider.com
URL: https://itsguider.com/336_2.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Sep 2021 14:31:09 GMT
x-content-type-options: nosniff
server: cafe
age: 7593
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 17 Sep 2021 14:31:09 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0492 0
0 50ms
49ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CVldj1nJDYfLZBLuU9u8P_LKcgAeqscjtZJabzs6aDrfaor3AARABIIixkR9gleKQgqAHoAHGjcfVAcgBAuACAKgDAcgDCKoExAFP0FLzuz0VJl-ck-LaAO-KkIdWGYH4L5qnUEKoUp7B1OH0AC9XrVfZcVtNRFvyHr-9dLUF7xPTeFOaRfHSjwVAYSg250cKZGcfWLAlqbMDLR5EoUW1SjA84hZggB1aXUFm4XmcxVwgdbdAOxpJ3HZjrBGs7Kw6geR2fO615DRYR5VENt2XHmW4iS9KbyqFX3rS7R09tZnr33AgEEdMxLkgnErmENiJXmJLOb4M4N16Ptkx6IsCznOAdgQTJcmTDMyM0ArswATPwcaK0APgBAGSBQQIBBgBkgUECAUYBKAGAoAHovK4qgKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEN26AdIICQiA4YBwEAEYHfIIG2FkeC1zdWJzeW4tNjA1MjI0ODUxODg0NzQ0MIAKA8gLAdgTCtAVAZgWAYAXAbIXHgocCAASFHB1Yi03MzYzODA5MjE5MjQ0MTIyGL_iHw&sigh=DQMv_kQYw2Y
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0492 11 KB
9 KB 95ms
37ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021091504&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

cf02abded69fbd9cd283150aeb28e4c242811a8b0928e3cbeac1016a35af85fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 16 Sep 2021 16:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8523
x-xss-protection: 0

GET sodar2.js
tpc.googlesyndication.com/sodar/ Frame 0492 0
0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0492
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

78ms
29ms

Image
text/html

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: itsguider.com
URL: https://itsguider.com/336_2.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s04-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

date: Thu, 16 Sep 2021 16:37:42 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

OPTIONS
H/1.1 200
OK add
o.wowreality.info/api/log/ Frame 0
0 50ms
16ms Preflight 139.45.195.254
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://o.wowreality.info/api/log/add
Protocol: HTTP/1.1
Server: 139.45.195.254 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://stfly.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx
Date: Thu, 16 Sep 2021 16:37:42 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://stfly.me

POST
H/1.1 200
OK add Show response
o.wowreality.info/api/log/ 0
395 B 58ms
29ms XHR
text/plain 139.45.195.254
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://o.wowreality.info/api/log/add
Requested by: Host: static.lalaping.com
URL: https://static.lalaping.com/online.js?ver=2.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.195.254 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://stfly.me/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-type: application/json

Response headers

Date: Thu, 16 Sep 2021 16:37:42 GMT
Server: nginx
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: https://stfly.me
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For
Content-Length: 0

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0492 42 B
64 B 74ms
46ms Image
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstWcy6UgG9B6fpWCrhKq-LKTs8m7lwVR_VBcQYC2lWl_z-26RaF8VXhLgyltq8IUHAg5GkHimcFzaYQeZt4pMgZuhEeArcyJ2zbieVKxRiQd9_97ZxlRA&sai=AMfl-YT7kPNEbTv_vKw_RwAYBjmZGi3uS4NTHb6HI6ZU6HA8UbbiL908y2RRFEPv_LGHOEbYtyt_BnnIk-XY&sig=Cg0ArKJSzBVVCGhrxiyIEAE&id=ampim&o=0,281&d=336,280&ss=1600,1200&bs=336,280&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=75&tls=1075&g=100&h=100&tt=1075&r=v&avms=ampa&adk=1993164460

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://itsguider.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Sep 2021 16:37:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
toglooman.com/42	1970-01-20 06:02:26	Name: OAID Value: 9764f832705f4f7b958b5206bae8c494
toglooman.com/42	1970-01-20 06:02:26	Name: oaidts Value: 1631810261
omchanseyr.com/	1970-01-20 06:02:26	Name: OAID Value: 1cfe2f98f3f341ada3869adcecb17358
omchanseyr.com/	1970-01-20 06:02:26	Name: oaidts Value: 1631810261
gimpybedderump.com/	1970-01-19 21:18:16	Name: GL_UI4 Value: eJw9jd1OgzAcxfkY4DIhnoQH8BHaZei4ND6El6Sl%2F7I6aJdSR3x7GxO9Or%2Bcj5wkSbK2QXovc%2BRfosPzC%2Bs045KfWN%2B%2F9prLk%2B54x%2FWZSMvjWWBv1iEIOVPY4XEiS96Mw%2BgU1XiK0Z9ztW6zOxTSC6tqFEtszDUq6d22km9z7KxYCOX7xbuoxSI%2BnUfWHyMaGzFlyNza5s0e1YexKu6aAzLOmrpMcLjNImjnl8GoMkUxeaEI6RseRhFocv4blaL1GtwNcLMa%2Fvu%2Ft%2FnGGUpFdzPGbxcu5H8AMHBKbQ%3D%3D
gimpybedderump.com/	1970-01-19 21:18:16	Name: GL_GI10 Value: eJxFikEKwjAURNNUoqJp%2BdBzFKLQi4jrIOlvyaL5IYliPIRnttKii2HeDI8xxpsKuPVQn1TXqrNqlZrTKShHJODXCxwN3V0KWbvbhBJEwNGSk3BYQBvq8b8WaWNsyhL231qF0kY%2FPw6Tjh6xl1D9eFV2Nmof6JlFAXWyE77IoaZhiJi2bygegn8AfuQzaA%3D%3D
toglooman.com/	1970-01-20 06:02:26	Name: scm Value: 1
toglooman.com/	1970-01-20 06:02:26	Name: OAID Value: 9764f832705f4f7b958b5206bae8c494
toglooman.com/	1970-01-20 06:02:26	Name: oaidts Value: 1631810261
my.rtmark.net/	1970-01-20 06:02:26	Name: ID Value: 1cfe2f98f3f341ada3869adcecb17358
dozubatan.com/	1970-01-20 06:02:26	Name: OAID Value: 1cfe2f98f3f341ada3869adcecb17358
stfly.me/	1970-01-19 21:16:53	Name: _data_html Value: 2-1
.doubleclick.net/	1970-01-20 06:38:26	Name: IDE Value: AHWqTUmYrjeXcxzv0fScMWoEpPOxNmH65k9ekd3pX--CIHzITAFhXW5ulRgTHAzOD7k
.doubleclick.net/	1970-01-19 21:16:53	Name: DSID Value: NO_DATA

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
deprecation	warning	URL: https://static.lalaping.com/online.js?ver=2.0.0 Message: RTP data channels are no longer supported. The "RtpDataChannels" constraint is currently ignored, and may cause an error at a later date.
deprecation	warning	URL: https://static.lalaping.com/online.js?ver=2.0.0 Message: 'window.webkitStorageInfo' is deprecated. Please use 'navigator.webkitTemporaryStorage' or 'navigator.webkitPersistentStorage' instead.
security	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021091504.js?31062645(Line 5) Message: Refused to load the script 'https://tpc.googlesyndication.com/sodar/sodar2.js' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.adstripe.net
adservice.google.com
adservice.google.de
c26db1f789ab79454b6d284e1c844137.safeframe.googlesyndication.com
cdn.ampproject.org
dozubatan.com
fonts.googleapis.com
fonts.gstatic.com
gimpybedderump.com
googleads.g.doubleclick.net
itsguider.com
my.rtmark.net
o.wowreality.info
omchanseyr.com
pagead2.googlesyndication.com
securepubads.g.doubleclick.net
static.lalaping.com
stfly.me
toglooman.com
tpc.googlesyndication.com
www.google.com
tpc.googlesyndication.com
104.21.48.154
104.26.8.123
139.45.195.254
139.45.195.8
139.45.197.237
139.45.197.238
139.45.197.239
142.250.180.225
142.250.185.130
142.250.185.226
142.250.185.234
142.250.185.66
142.250.185.68
142.250.185.97
142.250.186.161
142.250.186.162
142.250.186.34
142.250.74.195
172.64.173.13
172.67.152.146
23.109.82.72
0047f2b4e58d50cd286045db5a9a694d843c551e96e92f7bcd10bf2e111149f2
147b08aa6afaa0b704ebedb56d0b146a7e33600a971e5d20773b3371db70be11
190a1b3034e75ede482b9ed6df2c50962bedf5040108ca306357cc4e17eea1ee
219b1c9ee955b022859c2860823ce24e456a458dd1b3ce99751cb43f257da72c
23f84f0683fabc5b58499c70009645ee060caa794d6d2383024eaf2c99ce0584
262084257c2103702ef8a25705e3f8dbc1fa3823103ad7b954d54bdb77e6d89d
29c50fa4422ac0a690af5b0987dee6a030a7eeaafa9dda8543cf022368f545aa
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37686e21368a0b36e01d982678a9dd462aa352fd90b9e53cc42a72ca557c6da6
40e9c0f2ebc41712958541bee3b48aa744ef21a0ff1efc5c87d5d683e8f128e3
42b0cf0bb031d9464a79b63bcd7090015b1b59173f7d68509f00fdf7d8d8bca9
43d249e8f2c858fa9c0928fe1c81eabf2d14fd69c0b30e189df8567557ccdaf7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5273296fe3bf7de7a8a3e91d887085df23af6452519e0b654aeb712aa5d0df95
5776cd87617eacec3bc00ebcf530d1924026033eda852f706c1a675a98915826
5812ff53a3e4ae16006720b917d236163b8d3374e063d438cd7289542e962ec1
5b50180d19361f6fe64b58067f1a933a07fe538c8d88c81497076713b2872957
65dca1ff4306146358f0d7d608621e19a1cd9dc253afdeb33305b2a1ebb4c0e4
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
800b77de13058f70458365b0040ecef27e7a327167775e23133ca7af3b19a50d
816bbbd630b5b71b8d8e416231a70a820e499609e8412e9a20f68db1aa84b573
83521aad7c96625246ef4168f1d84d12b0652e8eb61ad0875066fee1fa797daf
89e38ae45e4ab6870530ad77bc793c32dcb03a600156b9930ffe3104f6702b25
9e611fba6a87626e60f74d361f0c94d1ba226bc0726a05791f40ddb7fbba2c4f
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9cac8d49feccd603bac334c92c1e7dd5a829a1c01d4130550e8c9c0d9c72f7b
ae625e9e6b3122d32b8d11214bd5cc002949da0c906f9418053f6a23a821ec5c
b0dd411f02f5b629666261dc8dd9ac72bef9d6fb1fbacddb4463919343734e28
b62d3ff7ec9f5543b6d6a2429170ed375b550d869b90d9886464143cd89b83ef
b720a83af84849e67725d63838252d4bd1ede75b94d0386bacf1df980cdcf3d2
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550
ba300d8f417e2cbc9072d86692f85f859fc9d63e4bc07bdeec022e60e6ba5256
ba98298f33150ccf48b53207330834be64f51d9e09c108974f219c55cb8f4fd6
c9b469f1da1ced5d98160fccdd38097389d0bb9476282d4be193db427f373d14
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cf02abded69fbd9cd283150aeb28e4c242811a8b0928e3cbeac1016a35af85fb
df13b2bb492cfe24e54a5fbdda0b434e5071be93b12683ab32ddc4318bc44a63
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec535409f1e4dabab63ccfc7d7423b478f8754181e1f0d683d4100c04495d07d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f42f55dabbb15175140e8f22510310cbeefe9d766975ce806a9d6f8d9444e66f
f4efa53a774e9e4a27e92eb450a0b6aaecf8285962f876dcf4b5e41c3adc7930
f599aefbfabdfe52cc2ad3ed7db44f24b715b50c263438c4cd7818f728f51073
f65dd0ed5ab0097e2cb276b346ccfaddb2a9134c9278af39c6a24cd821fce06f
fbce40f2fbbbdecbc4cf5a4e161aab0e990eb487694addf7ecc4e16e8b959ad6

stfly.me Open in urlscan Pro 172.64.173.13 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

56 Requests

98 %HTTPS

0 %IPv6

17 Domains

21 Subdomains

22 IPs

4 Countries

699 kBTransfer

2008 kBSize

14 Cookies

0 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

stfly.me Open in urlscan Pro
172.64.173.13 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

98 %
HTTPS

0 %
IPv6

17
Domains

21
Subdomains

22
IPs

4
Countries

699 kB
Transfer

2008 kB
Size

14
Cookies

56 HTTP transactions
1 data transactions