www.tfun.org Open in urlscan Pro
88.190.106.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
Submission: On February 11 via manual (February 11th 2020, 4:23:25 pm UTC) from US

Summary HTTP 44 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 8 domains to perform 44 HTTP transactions. The main IP is 88.190.106.217, located in Paris, France and belongs to PROXAD, FR. The main domain is www.tfun.org.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 8th 2019. Valid for: 3 months.

This is the only time www.tfun.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	88.190.106.217 88.190.106.217	12322 (PROXAD) (PROXAD)
2	2a00:1450:400... 2a00:1450:4001:81e::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:816::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE)
44	6

33 88.190.106.217 (Paris, France)

ASN12322 (PROXAD, FR)
PTR: luc75-6-88-190-106-217.fbxo.proxad.net

www.tfun.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	tfun.org www.tfun.org	2 MB
2	doubleclick.net googleads.g.doubleclick.net
2	gstatic.com fonts.gstatic.com	26 KB
2	googlesyndication.com pagead2.googlesyndication.com	121 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	googletagservices.com www.googletagservices.com	27 KB
1	google.com adservice.google.com	171 B
1	google.de adservice.google.de	171 B
44	8

	Domain	Requested by
33	www.tfun.org	www.tfun.org pagead2.googlesyndication.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	fonts.gstatic.com	pagead2.googlesyndication.com
2	pagead2.googlesyndication.com	www.tfun.org pagead2.googlesyndication.com
2	fonts.googleapis.com	www.tfun.org
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
44	8

This site contains links to these domains. Also see Links.

Domain
db909.link
media.kasperskycontenthub.com
securelist.com
www.welivesecurity.com
codevibrant.com

Subject Issuer	Validity	Valid
www.tfun.org Let's Encrypt Authority X3	`2019-12-08` - `2020-03-07`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
Frame ID: 32448927175BE9E1E5418BA52F551B5B
Requests: 42 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200206/r20190131/zrt_lookup.html
Frame ID: E0C582213C032795DB588668A47E45C5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5229620352403585&output=html&adk=1812271804&adf=3025194257&lmt=1581438181&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.tfun.org%2F2018%2F10%2F04%2Fshedding-skin-turlas-fresh-faces%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1581438181713&bpp=20&bdt=1170&fdt=64&idt=65&shv=r20200206&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=397009338359&frm=20&pv=2&ga_vid=913259797.1581438182&ga_sid=1581438182&ga_hid=43244237&ga_fc=0&iag=0&icsg=12561407&dssz=13&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065304%2C21065382&oid=3&pvsid=1769574373421038&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=77
Frame ID: 1F1D530371669C469B01A48A612F1D70
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
meta generator /^WordPress ?([\d.]+)?/i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

44
Requests

100 %
HTTPS

83 %
IPv6

8
Domains

8
Subdomains

6
IPs

2
Countries

1927 kB
Transfer

2217 kB
Size

1
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://db909.link/
Title: Un max d’Avis

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/10/04141943/TurlaTargeting.png

Search URL Search Domain Scan URL

URL: https://securelist.com/kopiluwak-a-new-javascript-payload-from-turla/77429/
Title: KopiLuwak javascript backdoor

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/10/03101103/181003-Shedding-Skin-1.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/10/03101114/181003-Shedding-Skin-2.png

Search URL Search Domain Scan URL

URL: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/10/03101051/181003-Shedding-Skin-3.png

Search URL Search Domain Scan URL

URL: https://securelist.com/introducing-whitebear/81638/
Title: Introducing WhiteBear

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/wp-content/uploads/2017/08/eset-gazer.pdf
Title: Gazing at Gazer [pdf]

Search URL Search Domain Scan URL

URL: https://securelist.com/apt-trends-report-q2-2017/79332/
Title: APT Trends report Q2 2017

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf
Title: Diplomats in Eastern Europe bitten by a Turla mosquito [pdf]

Search URL Search Domain Scan URL

URL: https://securelist.com/the-epic-turla-operation/65545/
Title: The Epic Turla Operation

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2017/03/30/carbon-paper-peering-turlas-second-stage-backdoor/
Title: Peering into Turla’s second stage backdoor

Search URL Search Domain Scan URL

URL: https://securelist.com/shedding-skin-turlas-fresh-faces/88069/
Title: Shedding Skin – Turla’s Fresh Faces

Search URL Search Domain Scan URL

URL: http://codevibrant.com/
Title: CodeVibrant

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/ 40 KB
14 KB 830ms
508ms Document
text/html 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

7c31e6616b09b148437bc69c1bb45d2d2aeeae03a409789e64f5ac9751a9742e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.tfun.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Server: nginx/1.14.2
Date: Tue, 11 Feb 2020 16:22:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Link: <https://www.tfun.org/wp-json/>; rel="https://api.w.org/" <https://www.tfun.org/?p=69694>; rel=shortlink
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip

GET
H/1.1 200
OK style.min.css
www.tfun.org/wp-includes/css/dist/block-library/ 40 KB
41 KB 70ms
68ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Wed, 13 Nov 2019 07:44:00 GMT
Server: nginx/1.14.2
ETag: "5dcbb440-a1fb"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 41467
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK front_end_style.css
www.tfun.org/wp-content/plugins/captcha/css/ 2 KB
2 KB 175ms
30ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/plugins/captcha/css/front_end_style.css?ver=4.4.5

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

c4cd126b21a4a71df6b2eb9210d37eca993c879b5fff2eb5808741c5b3069d03

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Fri, 13 Sep 2019 10:52:40 GMT
Server: nginx/1.14.2
ETag: "5d7b74f8-724"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1828
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK dashicons.min.css
www.tfun.org/wp-includes/css/ 46 KB
47 KB 263ms
118ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/css/dashicons.min.css?ver=5.3.2

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Fri, 13 Sep 2019 11:01:58 GMT
Server: nginx/1.14.2
ETag: "5d7b7726-b9c6"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 47558
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK desktop_style.css
www.tfun.org/wp-content/plugins/captcha/css/ 2 KB
2 KB 216ms
71ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/plugins/captcha/css/desktop_style.css?ver=4.4.5

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

7694092db9514c6643c47d692e5ac7bc1c924c3aa712c8ae4504a5cdd6cfb420

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Fri, 13 Sep 2019 10:52:40 GMT
Server: nginx/1.14.2
ETag: "5d7b74f8-6d3"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1747
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 20 KB
1 KB 21ms
19ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed%3A300italic%2C400italic%2C700italic%2C400%2C300%2C700%7CTitillium+Web%3A400%2C600%2C700%2C300&subset=latin%2Clatin-ext

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d9d189f761db50a7352c861760e894adf1f4b36086d8445c7a98c6b7e64f14e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Feb 2020 16:23:00 GMT
server: ESF
date: Tue, 11 Feb 2020 16:23:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Feb 2020 16:23:00 GMT

GET
H/1.1 200
OK font-awesome.min.css
www.tfun.org/wp-content/themes/news-vibrant/assets/library/font-awesome/css/ 30 KB
31 KB 543ms
387ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/library/font-awesome/css/font-awesome.min.css?ver=4.7.0

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:44 GMT
Server: nginx/1.14.2
ETag: "5e09ebd8-791c"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31004
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lightslider.min.css
www.tfun.org/wp-content/themes/news-vibrant/assets/library/lightslider/css/ 5 KB
6 KB 283ms
122ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/library/lightslider/css/lightslider.min.css?ver=1.1.6

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

5cf0d589127ea8b98dac129f74506b8a199d7b613cab0cf586ae95ee69428a4b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:45 GMT
Server: nginx/1.14.2
ETag: "5e09ebd9-15a0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5536
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
665 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway%3A300%2C400%2C400i%2C500%2C700&subset=latin%2Clatin-ext

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba59f50b2a5b3b5426b907e52ca3ddb3d6d22d390a6529b1f8e2826fe2dfbc57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Feb 2020 16:23:00 GMT
server: ESF
date: Tue, 11 Feb 2020 16:23:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Feb 2020 16:23:00 GMT

GET
H/1.1 200
OK style.css
www.tfun.org/wp-content/themes/news-vibrant/ 62 KB
62 KB 344ms
169ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/style.css?ver=1.0.0

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

dbf379e03c5cf9032e119ce7e7a4700c430dad484ee5dc6d4fdc065bfe319f9b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:44 GMT
Server: nginx/1.14.2
ETag: "5e09ebd8-f82d"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 63533
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK nv-responsive.css
www.tfun.org/wp-content/themes/news-vibrant/assets/css/ 11 KB
11 KB 980ms
764ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/css/nv-responsive.css?ver=1.0.0

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

ee22a4e7d7a4ccab8a5106426b3803e9ad73e992e0e3ef57507bb15ce9d6da8a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:32 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:44 GMT
Server: nginx/1.14.2
ETag: "5e09ebd8-2a06"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10758
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK style.css
www.tfun.org/wp-content/themes/news-headline/ 4 KB
4 KB 471ms
188ms Stylesheet
text/css 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-headline/style.css?ver=1.0.0

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

78097dfbb2ba03e8f09b592b678572f3e99ba9c647b520e4bd8b80b22f144e2d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:43 GMT
Server: nginx/1.14.2
ETag: "5e09ebd7-f33"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3891
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.js Show response
www.tfun.org/wp-includes/js/jquery/ 95 KB
95 KB 612ms
140ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Fri, 13 Sep 2019 11:01:58 GMT
Server: nginx/1.14.2
ETag: "5d7b7726-17a69"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 96873
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.tfun.org/wp-includes/js/jquery/ 10 KB
10 KB 686ms
144ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Fri, 13 Sep 2019 11:01:58 GMT
Server: nginx/1.14.2
ETag: "5d7b7726-2748"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10056
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 107 KB
38 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b494509f2e971116f3f6a5b0fed71bf8f7ce58427a478c7f583817686533f34c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 11 Feb 2020 16:23:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 38795
x-xss-protection: 0
server: cafe
etag: 7420753201427664431
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Feb 2020 16:23:00 GMT

GET
H/1.1 200
OK abstract-blue-digital-man-990x400-1.jpg
www.tfun.org/wp-content/uploads/2018/10/ 75 KB
76 KB 219ms
218ms Image
image/jpeg 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2018/10/abstract-blue-digital-man-990x400-1.jpg

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

43633776fe3f6cf76c31b884335ad178479e6c7c487c342b238bd84aa7d592d0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Fri, 13 Sep 2019 10:58:11 GMT
Server: nginx/1.14.2
ETag: "5d7b7643-12cfd"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77053
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK abstract-blue-digital-man-990x400.jpg
www.tfun.org/wp-content/uploads/2018/10/ 75 KB
76 KB 203ms
170ms Image
image/jpeg 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2018/10/abstract-blue-digital-man-990x400.jpg

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

43633776fe3f6cf76c31b884335ad178479e6c7c487c342b238bd84aa7d592d0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Fri, 13 Sep 2019 10:58:09 GMT
Server: nginx/1.14.2
ETag: "5d7b7641-12cfd"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77053
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK TurlaTargeting-1024x877.png
www.tfun.org/wp-content/uploads/2018/10/ 470 KB
470 KB 402ms
402ms Image
image/png 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2018/10/TurlaTargeting-1024x877.png

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

555362569560fdb4c0f688c95c147ffc674265347c2ce12685321ed9fbe9a83a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:34 GMT
Last-Modified: Fri, 13 Sep 2019 10:58:09 GMT
Server: nginx/1.14.2
ETag: "5d7b7641-75809"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 481289
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 181003-Shedding-Skin-1.png
www.tfun.org/wp-content/uploads/2018/10/ 153 KB
153 KB 602ms
602ms Image
image/png 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2018/10/181003-Shedding-Skin-1.png

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

d788bd8d01eaaeda39af5c0cfe102da64492fbe0ecafb677421a5a847c7a8250

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:34 GMT
Last-Modified: Fri, 13 Sep 2019 10:58:09 GMT
Server: nginx/1.14.2
ETag: "5d7b7641-263b7"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 156599
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 181003-Shedding-Skin-2.png
www.tfun.org/wp-content/uploads/2018/10/ 152 KB
152 KB 1191ms
1191ms Image
image/png 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2018/10/181003-Shedding-Skin-2.png

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

0f1dcd1677efed664d1159134fa7200ff1bedcf2edf744e929871b427e8818c3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:34 GMT
Last-Modified: Fri, 13 Sep 2019 10:58:11 GMT
Server: nginx/1.14.2
ETag: "5d7b7643-260a1"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 155809
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 181003-Shedding-Skin-3.png
www.tfun.org/wp-content/uploads/2018/10/ 183 KB
184 KB 560ms
559ms Image
image/png 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2018/10/181003-Shedding-Skin-3.png

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

5bcd81df4fb2b397dee3dec675aab216b7d37c084292096cbf054dcab31f8990

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:34 GMT
Last-Modified: Fri, 13 Sep 2019 10:58:11 GMT
Server: nginx/1.14.2
ETag: "5d7b7643-2dd63"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 187747
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK abstraction_8-300x210.jpg
www.tfun.org/wp-content/uploads/2016/02/ 16 KB
16 KB 231ms
230ms Image
image/jpeg 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2016/02/abstraction_8-300x210.jpg

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

b906dff606392244046bb030f1cfe5ebab4533098aaa8b1fb2c234d4d60b2f60

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:34 GMT
Last-Modified: Fri, 13 Sep 2019 10:53:21 GMT
Server: nginx/1.14.2
ETag: "5d7b7521-3e74"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15988
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sl_blog-500x400-1-300x240.png
www.tfun.org/wp-content/uploads/2016/02/ 111 KB
111 KB 217ms
217ms Image
image/png 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2016/02/sl_blog-500x400-1-300x240.png

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

1cd2f62093890392566497364a40644d78fb0fe31a7765c1148ee9956112dd22

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:34 GMT
Last-Modified: Fri, 13 Sep 2019 10:53:23 GMT
Server: nginx/1.14.2
ETag: "5d7b7523-1ba34"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 113204
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK abstraction_7-1.jpg
www.tfun.org/wp-content/uploads/2017/06/ 40 KB
40 KB 845ms
844ms Image
image/jpeg 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tfun.org/wp-content/uploads/2017/06/abstraction_7-1.jpg

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

6d00b26276b32de502d9c35a4af05fa7a9dcad3c18908fd5d1e698ff667e8a59

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 11 Feb 2020 16:22:35 GMT
Last-Modified: Fri, 13 Sep 2019 10:57:41 GMT
Server: nginx/1.14.2
ETag: "5d7b7625-9ebd"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 40637
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK navigation.js Show response
www.tfun.org/wp-content/themes/news-vibrant/assets/js/ 3 KB
3 KB 289ms
177ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/js/navigation.js?ver=1.0.0

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

b8f76f98505a3d8a161055f180c9f0302ffe29f66037aff8f1c3f600d17b5bb7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:44 GMT
Server: nginx/1.14.2
ETag: "5e09ebd8-c0d"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jquery.sticky.js Show response
www.tfun.org/wp-content/themes/news-vibrant/assets/library/sticky/ 7 KB
8 KB 178ms
178ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/library/sticky/jquery.sticky.js?ver=20150416

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

43a24608e742c8adc12bc142cdbe6c8838100b1b507e954ab9965c8059896cf7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:45 GMT
Server: nginx/1.14.2
ETag: "5e09ebd9-1cdd"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7389
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sticky-setting.js Show response
www.tfun.org/wp-content/themes/news-vibrant/assets/library/sticky/ 302 B
656 B 78ms
77ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/library/sticky/sticky-setting.js?ver=20150309

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

f11d3e29c6b6f8a1bb8167260a6aa7ed8e71ff28079456eae555b05c1eebad5c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:45 GMT
Server: nginx/1.14.2
ETag: "5e09ebd9-12e"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 302
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK skip-link-focus-fix.js Show response
www.tfun.org/wp-content/themes/news-vibrant/assets/js/ 714 B
1 KB 62ms
61ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/js/skip-link-focus-fix.js?ver=1.0.0

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

ee30de0a826081966aa58bd563d92e80a28a2af7415ad440889ddc1c0a3b5ef5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:44 GMT
Server: nginx/1.14.2
ETag: "5e09ebd8-2ca"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 714
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK lightslider.min.js Show response
www.tfun.org/wp-content/themes/news-vibrant/assets/library/lightslider/js/ 16 KB
16 KB 83ms
81ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/library/lightslider/js/lightslider.min.js?ver=1.1.6

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

5f86fbe6f9cda69add588670bf8a9781f83e7ed2fe7b1b07c4172fa6eb080bc9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:45 GMT
Server: nginx/1.14.2
ETag: "5e09ebd9-3e9a"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16026
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK core.min.js Show response
www.tfun.org/wp-includes/js/jquery/ui/ 4 KB
4 KB 163ms
160ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

46e6f42a22054a793841935920cbbc723856e339fead50fa33c1f1bb3ec5a251

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Wed, 13 Nov 2019 07:44:01 GMT
Server: nginx/1.14.2
ETag: "5dcbb441-f5b"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3931
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK widget.min.js Show response
www.tfun.org/wp-includes/js/jquery/ui/ 7 KB
7 KB 138ms
135ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

2cd83d5a29914ad4797748d8e80fbc42c2131fbce9bbcdf2749a275fc7db875f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Wed, 13 Nov 2019 07:44:01 GMT
Server: nginx/1.14.2
ETag: "5dcbb441-1ab6"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6838
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK tabs.min.js Show response
www.tfun.org/wp-includes/js/jquery/ui/ 12 KB
12 KB 118ms
115ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/js/jquery/ui/tabs.min.js?ver=1.11.4

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

0922becd70ef93b27d7ad5a41af2c07f9bb4d3d88a57f1a8a8b4e60de9723833

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Wed, 13 Nov 2019 07:44:01 GMT
Server: nginx/1.14.2
ETag: "5dcbb441-2f04"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12036
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK nv-custom-scripts.js Show response
www.tfun.org/wp-content/themes/news-vibrant/assets/js/ 5 KB
5 KB 149ms
148ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/js/nv-custom-scripts.js?ver=1.0.0

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

52844d802a2ca35eee132ec1379c4d88bcd38cd2c45efcd62cbc9f3e3346e1cc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:44 GMT
Server: nginx/1.14.2
ETag: "5e09ebd8-1208"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4616
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK wp-embed.min.js Show response
www.tfun.org/wp-includes/js/ 1 KB
2 KB 186ms
186ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/js/wp-embed.min.js?ver=5.3.2

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:34 GMT
Last-Modified: Wed, 13 Nov 2019 07:44:00 GMT
Server: nginx/1.14.2
ETag: "5dcbb440-577"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1399
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
www.tfun.org/wp-includes/js/ 14 KB
14 KB 187ms
186ms Script
application/javascript 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-includes/js/wp-emoji-release.min.js?ver=5.3.2

Requested by

Host: www.tfun.org
URL: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 11 Feb 2020 16:22:36 GMT
Last-Modified: Wed, 13 Nov 2019 07:44:01 GMT
Server: nginx/1.14.2
ETag: "5dcbb441-362a"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13866
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 14ms
14ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.tfun.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 11 Feb 2020 16:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 17ms
17ms Script
application/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tfun.org

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 11 Feb 2020 16:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 104
x-xss-protection: 0

GET
H2 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20200206/r20190131/ 221 KB
83 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20200206/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a85bae66dcd6773f18437aa35b16b45f12f8cf93405d2278e235317352bf06b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 11 Feb 2020 16:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 84433
x-xss-protection: 0
server: cafe
etag: 14126896016133818286
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 11 Feb 2020 16:23:01 GMT

GET
H2 200 1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v14/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Raleway%3A300%2C400%2C400i%2C500%2C700&subset=latin%2Clatin-ext
Origin: https://www.tfun.org
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 05 Feb 2020 05:52:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:48:04 GMT
server: sffe
age: 556232
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13428
x-xss-protection: 0
expires: Thu, 04 Feb 2021 05:52:29 GMT

GET
H2 200 1Ptrg8zYS_SKggPNwJYtWqZPANqczVs.woff2
fonts.gstatic.com/s/raleway/v14/ 13 KB
13 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPANqczVs.woff2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c1dde4cdc5c608da53737233f02219a7421ab6870d5d90bc0b7b294d571942c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Raleway%3A300%2C400%2C400i%2C500%2C700&subset=latin%2Clatin-ext
Origin: https://www.tfun.org
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 01 Feb 2020 00:24:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:47:42 GMT
server: sffe
age: 921539
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13228
x-xss-protection: 0
expires: Sun, 31 Jan 2021 00:24:02 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
www.tfun.org/wp-content/themes/news-vibrant/assets/library/font-awesome/fonts/ 75 KB
76 KB 187ms
171ms Font
application/octet-stream 88.190.106.217
PROXAD

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tfun.org/wp-content/themes/news-vibrant/assets/library/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.190.106.217 Paris, France, ASN12322 (PROXAD, FR),

Reverse DNS

luc75-6-88-190-106-217.fbxo.proxad.net

Software

nginx/1.14.2 /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tfun.org/wp-content/themes/news-vibrant/assets/library/font-awesome/css/font-awesome.min.css?ver=4.7.0
Origin: https://www.tfun.org
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 11 Feb 2020 16:22:33 GMT
Last-Modified: Mon, 30 Dec 2019 12:21:44 GMT
Server: nginx/1.14.2
ETag: "5e09ebd8-12d68"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77160

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200206/r20190131/ Frame E0C5 0
0 6ms
6ms Document
text/html 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20200206/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20200206/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 06 Feb 2020 15:17:35 GMT
expires: Thu, 20 Feb 2020 15:17:35 GMT
content-type: text/html; charset=UTF-8
etag: 17772678075199185246
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4496
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 435926
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 1F1D 0
0 26ms
26ms Document
text/html 2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5229620352403585&output=html&adk=1812271804&adf=3025194257&lmt=1581438181&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.tfun.org%2F2018%2F10%2F04%2Fshedding-skin-turlas-fresh-faces%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1581438181713&bpp=20&bdt=1170&fdt=64&idt=65&shv=r20200206&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=397009338359&frm=20&pv=2&ga_vid=913259797.1581438182&ga_sid=1581438182&ga_hid=43244237&ga_fc=0&iag=0&icsg=12561407&dssz=13&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065304%2C21065382&oid=3&pvsid=1769574373421038&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=77

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200206/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5229620352403585&output=html&adk=1812271804&adf=3025194257&lmt=1581438181&plat=1%3A32776%2C2%3A32776%2C8%3A134250504%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fwww.tfun.org%2F2018%2F10%2F04%2Fshedding-skin-turlas-fresh-faces%2F&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1581438181713&bpp=20&bdt=1170&fdt=64&idt=65&shv=r20200206&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=397009338359&frm=20&pv=2&ga_vid=913259797.1581438182&ga_sid=1581438182&ga_hid=43244237&ga_fc=0&iag=0&icsg=12561407&dssz=13&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21065304%2C21065382&oid=3&pvsid=1769574373421038&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&ifi=0&uci=a!0&fsb=1&dtd=77
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 11 Feb 2020 16:23:01 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 11-Feb-2020 16:38:01 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires: Tue, 11 Feb 2020 16:23:01 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
27 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200206/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98338d687e5f0016e85ba80b4de3c9c887e4dd4eb9ea5ac225ef1de42d149eb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tfun.org/2018/10/04/shedding-skin-turlas-fresh-faces/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 11 Feb 2020 16:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1581337310261798"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27884
x-xss-protection: 0
expires: Tue, 11 Feb 2020 16:23:01 GMT

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-19 07:17:19	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.tfun.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
www.googletagservices.com
www.tfun.org
2a00:1450:4001:800::2002
2a00:1450:4001:816::2003
2a00:1450:4001:81e::200a
2a00:1450:4001:81f::2002
2a00:1450:4001:825::2002
88.190.106.217
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0922becd70ef93b27d7ad5a41af2c07f9bb4d3d88a57f1a8a8b4e60de9723833
0f1dcd1677efed664d1159134fa7200ff1bedcf2edf744e929871b427e8818c3
18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee
1cd2f62093890392566497364a40644d78fb0fe31a7765c1148ee9956112dd22
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cd83d5a29914ad4797748d8e80fbc42c2131fbce9bbcdf2749a275fc7db875f
43633776fe3f6cf76c31b884335ad178479e6c7c487c342b238bd84aa7d592d0
43a24608e742c8adc12bc142cdbe6c8838100b1b507e954ab9965c8059896cf7
46e6f42a22054a793841935920cbbc723856e339fead50fa33c1f1bb3ec5a251
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
52844d802a2ca35eee132ec1379c4d88bcd38cd2c45efcd62cbc9f3e3346e1cc
555362569560fdb4c0f688c95c147ffc674265347c2ce12685321ed9fbe9a83a
5bcd81df4fb2b397dee3dec675aab216b7d37c084292096cbf054dcab31f8990
5c1dde4cdc5c608da53737233f02219a7421ab6870d5d90bc0b7b294d571942c
5cf0d589127ea8b98dac129f74506b8a199d7b613cab0cf586ae95ee69428a4b
5f86fbe6f9cda69add588670bf8a9781f83e7ed2fe7b1b07c4172fa6eb080bc9
6d00b26276b32de502d9c35a4af05fa7a9dcad3c18908fd5d1e698ff667e8a59
7694092db9514c6643c47d692e5ac7bc1c924c3aa712c8ae4504a5cdd6cfb420
78097dfbb2ba03e8f09b592b678572f3e99ba9c647b520e4bd8b80b22f144e2d
7c31e6616b09b148437bc69c1bb45d2d2aeeae03a409789e64f5ac9751a9742e
7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
98338d687e5f0016e85ba80b4de3c9c887e4dd4eb9ea5ac225ef1de42d149eb3
9a85bae66dcd6773f18437aa35b16b45f12f8cf93405d2278e235317352bf06b
b494509f2e971116f3f6a5b0fed71bf8f7ce58427a478c7f583817686533f34c
b8f76f98505a3d8a161055f180c9f0302ffe29f66037aff8f1c3f600d17b5bb7
b906dff606392244046bb030f1cfe5ebab4533098aaa8b1fb2c234d4d60b2f60
ba59f50b2a5b3b5426b907e52ca3ddb3d6d22d390a6529b1f8e2826fe2dfbc57
c4cd126b21a4a71df6b2eb9210d37eca993c879b5fff2eb5808741c5b3069d03
d788bd8d01eaaeda39af5c0cfe102da64492fbe0ecafb677421a5a847c7a8250
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
d9d189f761db50a7352c861760e894adf1f4b36086d8445c7a98c6b7e64f14e7
dbf379e03c5cf9032e119ce7e7a4700c430dad484ee5dc6d4fdc065bfe319f9b
ee22a4e7d7a4ccab8a5106426b3803e9ad73e992e0e3ef57507bb15ce9d6da8a
ee30de0a826081966aa58bd563d92e80a28a2af7415ad440889ddc1c0a3b5ef5
f11d3e29c6b6f8a1bb8167260a6aa7ed8e71ff28079456eae555b05c1eebad5c

www.tfun.org Open in urlscan Pro 88.190.106.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

44 Requests

100 %HTTPS

83 %IPv6

8 Domains

8 Subdomains

6 IPs

2 Countries

1927 kBTransfer

2217 kBSize

1 Cookies

14 Outgoing links

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tfun.org Open in urlscan Pro
88.190.106.217 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

100 %
HTTPS

83 %
IPv6

8
Domains

8
Subdomains

6
IPs

2
Countries

1927 kB
Transfer

2217 kB
Size

1
Cookies

44 HTTP transactions
0 data transactions