www.fling.com Open in urlscan Pro
66.254.114.237 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://soo.gd/OAb6
Effective URL:
https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036...
Submission: On June 21 via manual (June 21st 2021, 2:07:34 am UTC) from IN

Summary HTTP 52 Redirects Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 19 domains to perform 52 HTTP transactions. The main IP is 66.254.114.237, located in United States and belongs to REFLECTED, US. The main domain is www.fling.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 27th 2021. Valid for: a year.

This is the only time www.fling.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3033::ac43:a8ca	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
3 3	18.195.149.11 18.195.149.11	16509 (AMAZON-02) (AMAZON-02)
1 3	143.204.98.48 143.204.98.48	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
2	205.185.216.10 205.185.216.10	20446 (HIGHWINDS3) (HIGHWINDS3)
2 10	66.254.114.237 66.254.114.237	29789 (REFLECTED) (REFLECTED)
16	66.254.122.16 66.254.122.16	29789 (REFLECTED) (REFLECTED)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	64.210.151.40 64.210.151.40	29789 (REFLECTED) (REFLECTED)
1	64.210.149.57 64.210.149.57	29789 (REFLECTED) (REFLECTED)
1 2	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:400c:c08::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
52	21

1 2606:4700:3033::ac43:a8ca (United States)

ASN13335 (CLOUDFLARENET, US)

soo.gd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d4dda5857069f182137ac9dbe5633602.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.149.11 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-149-11.eu-central-1.compute.amazonaws.com

a.vfghd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.vfgtg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.48 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-48.fra50.r.cloudfront.net

sl.sloffer.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.crdefault.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.aslnk.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net

ckstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 66.254.114.237 (United States) 2 redirects

ASN29789 (REFLECTED, US)
PTR: reflectededge.reflected.net

www.fling.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 66.254.122.16 (United States)

ASN29789 (REFLECTED, US)

cachewp.fling.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cachemd.fling.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.210.151.40 (United States)

ASN29789 (REFLECTED, US)

webmasters.hugetraffic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.210.149.57 (United States)

ASN29789 (REFLECTED, US)

ctrack.trafficjunky.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	fling.com 2 redirects www.fling.com cachewp.fling.com cachemd.fling.com	593 KB
6	googlesyndication.com d4dda5857069f182137ac9dbe5633602.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	26 KB
4	google.com 1 redirects adservice.google.com www.google.com	3 KB
4	google-analytics.com 1 redirects www.google-analytics.com ssl.google-analytics.com	37 KB
3	doubleclick.net 1 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net	115 KB
2	gstatic.com fonts.gstatic.com www.gstatic.com	149 KB
2	vfgtg.com 2 redirects a.vfgtg.com	2 KB
2	ckstatic.com ckstatic.com	14 KB
2	google.de adservice.google.de www.google.de	1 KB
1	trafficjunky.net ctrack.trafficjunky.net	822 B
1	hugetraffic.com webmasters.hugetraffic.com	301 B
1	googleapis.com fonts.googleapis.com	536 B
1	aslnk.link s.aslnk.link	2 KB
1	crdefault.link 1 redirects t.crdefault.link	1 KB
1	sloffer.link sl.sloffer.link	2 KB
1	vfghd.com 1 redirects a.vfghd.com	910 B
1	googletagmanager.com www.googletagmanager.com	36 KB
1	googletagservices.com www.googletagservices.com	21 KB
1	soo.gd soo.gd	2 KB
52	19

	Domain	Requested by
14	cachewp.fling.com	www.fling.com
10	www.fling.com	2 redirects s.aslnk.link www.fling.com cachewp.fling.com
3	www.google.com	1 redirects tpc.googlesyndication.com www.fling.com
3	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	cachemd.fling.com	www.fling.com
2	ssl.google-analytics.com	1 redirects www.fling.com
2	a.vfgtg.com	2 redirects
2	ckstatic.com	sl.sloffer.link s.aslnk.link
2	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
1	www.gstatic.com	www.google.com
1	www.google.de	www.fling.com
1	stats.g.doubleclick.net	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	ctrack.trafficjunky.net	www.fling.com
1	webmasters.hugetraffic.com	www.fling.com
1	fonts.googleapis.com	www.fling.com
1	s.aslnk.link	sl.sloffer.link
1	t.crdefault.link	1 redirects
1	sl.sloffer.link	soo.gd
1	a.vfghd.com	1 redirects
1	d4dda5857069f182137ac9dbe5633602.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.googletagmanager.com	soo.gd
1	www.googletagservices.com	soo.gd
1	soo.gd
52	28

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-09-19` - `2021-09-19`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.ajrkm.link Amazon	`2020-07-29` - `2021-08-29`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
ckstatic.com R3	`2021-04-30` - `2021-07-29`	3 months	crt.sh
*.fling.com Sectigo RSA Domain Validation Secure Server CA	`2021-01-27` - `2022-01-27`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.hugetraffic.com Sectigo RSA Domain Validation Secure Server CA	`2021-01-27` - `2022-01-27`	a year	crt.sh
*.trafficjunky.net DigiCert SHA2 High Assurance Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Frame ID: 26E45C18A551D7071DEC84FEFEBBE159
Requests: 32 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Frame ID: 3705C5F8909E08615F7C71389C1D454F
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D22B83D60E0D75500AECDCDE80174C5C
Requests: 1 HTTP requests in this frame

Frame: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Frame ID: 46034EB966F4716A0FCD145DAFAC5AF2
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://soo.gd/OAb6 Page URL
https://a.vfghd.com/3611e2c7-822d-426d-8098-aba1575d12ed?aff_sub=&affiliateID=177036&source=&aff... HTTP 302
https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753... Page URL
https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&aff_sub4=&aff_... HTTP 303
https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=10216... HTTP 302
https://a.vfgtg.com/20aabc55-9fe1-45ac-bd10-4108cd0f740a?subID1=%3B&affiliateID=44542&source=102... HTTP 302
https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg... Page URL
http://www.fling.com/enter.php?prg=1&t=best&id=crakmediapovfho&cmp=44542.177036_&ad_id=10299e6b09... HTTP 301
https://www.fling.com/enter.php?prg=1&t=best&id=crakmediapovfho&cmp=44542.177036_&ad_id=10299e6b09... HTTP 302
https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=b... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

52
Requests

100 %
HTTPS

65 %
IPv6

19
Domains

28
Subdomains

21
IPs

3
Countries

1000 kB
Transfer

1988 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://soo.gd/OAb6 Page URL
https://a.vfghd.com/3611e2c7-822d-426d-8098-aba1575d12ed?aff_sub=&affiliateID=177036&source=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753,2754,2755,2756 HTTP 302
https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source= Page URL
https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&aff_unique4=&aff_unique5=&aff_click_id=&source= HTTP 303
https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=102162a8fe9043a92374331fa34ccd&subID2=177036&s2=102162a8fe9043a92374331fa34ccd&s3=;&s4=177036&url=1&target=Default&affsub=&affsource= HTTP 302
https://a.vfgtg.com/20aabc55-9fe1-45ac-bd10-4108cd0f740a?subID1=%3B&affiliateID=44542&source=102162a8fe9043a92374331fa34ccd&subID2=177036&Target=Default&Site=&Bnr=&cid=wdtcsb45hu1g3qf8ifuq3pdg&email= HTTP 302
https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_ Page URL
http://www.fling.com/enter.php?prg=1&t=best&id=crakmediapovfho&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e HTTP 301
https://www.fling.com/enter.php?prg=1&t=best&id=crakmediapovfho&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e HTTP 302
https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://a.vfghd.com/3611e2c7-822d-426d-8098-aba1575d12ed?aff_sub=&affiliateID=177036&source=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753,2754,2755,2756 HTTP 302
https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source=

Request Chain 18

https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&aff_unique4=&aff_unique5=&aff_click_id=&source= HTTP 303
https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=102162a8fe9043a92374331fa34ccd&subID2=177036&s2=102162a8fe9043a92374331fa34ccd&s3=;&s4=177036&url=1&target=Default&affsub=&affsource= HTTP 302
https://a.vfgtg.com/20aabc55-9fe1-45ac-bd10-4108cd0f740a?subID1=%3B&affiliateID=44542&source=102162a8fe9043a92374331fa34ccd&subID2=177036&Target=Default&Site=&Bnr=&cid=wdtcsb45hu1g3qf8ifuq3pdg&email= HTTP 302
https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_

Request Chain 34

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1640841108&utmhn=www.fling.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Fling&utmhid=138128437&utmr=-&utmp=%2Ftour-web%2Fzanime004bgfade%2F%3Fprg%3D1%26id%3Dcrakmediapovfho%26tour%3Dzanime004bgfade%26ot%3Dbest%26cmp%3D44542.177036_%26ad_id%3D10299e6b09d1ca4a3cd89e3aa14a8e%26utm_source%3Dcrakmediapovfho%26utm_medium%3D44542.177036_%26utm_content%3D10299e6b09d1ca4a3cd89e3aa14a8e%26utm_campaign%3Dzanime004bgfade&utmht=1624241240295&utmac=UA-4493458-1&utmcc=__utma%3D233692033.581753608.1624241240.1624241240.1624241240.1%3B%2B__utmz%3D233692033.1624241240.1.1.utmcsr%3Dcrakmediapovfho%7Cutmccn%3Dzanime004bgfade%7Cutmcmd%3D44542.177036_%7Cutmcct%3D10299e6b09d1ca4a3cd89e3aa14a8e%3B&utmjid=595459342&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108&slf_rd=1&random=1289611031

52 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 OAb6 Show response
soo.gd/ 3 KB
2 KB 660ms
635ms Document
text/html 2606:4700:3033::ac43:a8ca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://soo.gd/OAb6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:a8ca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1432cc14f91d4e58b5c32a73b98e4e7be4e36376cda2d05f58713d39b1551c7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

:method: GET
:authority: soo.gd
:scheme: https
:path: /OAb6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:16 GMT
content-type: text/html; Charset=UTF-8;charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, must-revalidate, max-age=0
pragma: no-cache
x-robots-tag: noindex, nofollow
i-am: Alpha
strict-transport-security: max-age=31536000; includeSubdomains;
cf-cache-status: DYNAMIC
cf-request-id: 0acdeb80f300004e38a4b27000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l4ScnhFoti9%2FjBDktCR8Hk0BBDU%2BaxC0XNbpE%2BfE7Qam35klq8YIwrRfwzKsvr4rFKSX0lBe1PZHXbkhs7JAbjQjHT1cBYyRp6TBtVEq%2BAF1hpM%2BlGkr7pTG4g1KNWZg"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6629aeae5ac34e38-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 32ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: soo.gd
URL: https://soo.gd/OAb6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a2c0a3b3510b56be29d68362d3e731986fdc810bb57d6ed461185b278ff89e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "908 / 896 of 1000 / last-modified: 1624054126"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21494
x-xss-protection: 0
expires: Mon, 21 Jun 2021 02:07:16 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
36 KB 37ms
18ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-31510493-2

Requested by

Host: soo.gd
URL: https://soo.gd/OAb6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d17e078954e5a9a79ca1c06ec01572cb3d12308fcd4cb744ba31254ce173f488

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36249
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 21 Jun 2021 02:07:16 GMT

GET
H2 200 pubads_impl_2021061503.js Show response
securepubads.g.doubleclick.net/gpt/ 325 KB
115 KB 121ms
44ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

408abc3a5bedff37056ecb1ba4872225de8a269ffe9aa04fd8fd38a7e7ec5116

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 15 Jun 2021 21:10:23 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116743
x-xss-protection: 0
expires: Mon, 21 Jun 2021 02:07:16 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31510493-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4119
date: Mon, 21 Jun 2021 00:58:37 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 21 Jun 2021 02:58:37 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 26ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=115489790&t=pageview&_s=1&dl=https%3A%2F%2Fsoo.gd%2FOAb6&ul=en-us&de=UTF-8&dt=OAb6&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=408594348&gjid=1715559153&cid=1031634900.1624241237&tid=UA-31510493-2&_gid=1151928049.1624241237&_r=1&gtm=2ou6g0&z=1831496970

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 21 Jun 2021 02:07:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://soo.gd
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js
adservice.google.de/adsid/ 107 B
853 B 34ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=soo.gd

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Jun 2021 02:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js
adservice.google.com/adsid/ 107 B
570 B 34ms
14ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=soo.gd

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Jun 2021 02:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads
securepubads.g.doubleclick.net/gampad/ 435 B
253 B 69ms
68ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2383894889665006&correlator=3969906859019642&output=ldjh&impl=fif&eid=31061289&vrg=2021061503&ptt=17&sc=1&sfv=1-0-38&ecs=20210621&iu_parts=5837603%2CSGD_360&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x360&cookie_enabled=1&bc=31&abxe=1&lmt=1624241237&dt=1624241237113&dlt=1624241236845&idt=248&frm=20&biw=1600&bih=1200&oid=3&adxs=-12245933&adys=-12245933&adks=1216140633&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsoo.gd%2FOAb6&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x63&msz=0x0&ga_vid=1031634900.1624241237&ga_sid=1624241237&ga_hid=115489790&ga_fc=false&fws=128&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://soo.gd
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
d4dda5857069f182137ac9dbe5633602.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 50ms
14ms Other
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d4dda5857069f182137ac9dbe5633602.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

/ Show response
sl.sloffer.link/5wszez6v7k/177036/4140/11149/
Redirect Chain

https://a.vfghd.com/3611e2c7-822d-426d-8098-aba1575d12ed?aff_sub=&affiliateID=177036&source=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753,2754,2755,2756
https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source=

2 KB
2 KB

508ms
431ms

Document
text/html

143.204.98.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source=

Requested by

Host: soo.gd
URL: https://soo.gd/OAb6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-48.fra50.r.cloudfront.net

Software

nginx/1.19.0 /

Resource Hash

1384e9092a8cf8b9304a7680c12efd9172ff9c75082fad5bce00a0f7ac3ea502

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: sl.sloffer.link
:scheme: https
:path: /5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://soo.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://soo.gd/OAb6

Response headers

content-type: text/html; charset=utf-8
server: nginx/1.19.0
date: Mon, 21 Jun 2021 02:07:17 GMT
vary: Accept-Encoding
set-cookie: aff_ran_url_4140=11149; Path=/; Expires=Tue, 22 Jun 2021 02:07:17 GMT; Secure enc_aff_session_4013=ENC03191b7df84adf95715db147777f5bea3ed206e72e19b4d3df21ec8cffe8e2f0e87a76a4677060eefd6524c3925f82d1cf805269da7d7b923823f0948880683639edee1b8b23a45c54ec15e7da267a60449c0747de55db56e4deb9b72036cfc8011832b19aa3d2ff3640a5023dc550d639383996ffb84cda5384db3680354acbb5767809364faee8b0c77b7902d07beda2d1af9544d52952ec76bfa6da8b43aac522474c7a; Path=/; Expires=Wed, 21 Jul 2021 02:07:17 GMT; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI4OS4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Wed, 15 May 2024 12:47:17 GMT; Secure
tracking_id: 1021ebd87328d9383eba924c752688
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: S05Y1Bm_idE9SyPkwZ7KDdi9xVpFVR09ZoWEfE6K-cAhy5RSC3ZkrA==

Redirect headers

Server: nginx
Date: Mon, 21 Jun 2021 02:07:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source=
Pragma: no-cache
Set-Cookie: 3611e2c7-822d-426d-8098-aba1575d12ed-v4=3611e2c7-822d-426d-8098-aba1575d12ed; Max-Age=86400; Expires=Tue, 22-Jun-2021 02:07:17 GMT; Domain=a.vfghd.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=Tb1uNjrQpYo1vIaPLNMjQD5SdxadvUlZPOeaZCcHh5qT3e%2BlBa6d5V6SHETqb%2BuLZz6obss2Qlkn9l3X%2FmFESvSM1cmBgxgleotcaYCmugwOB1GMuw8nZmFsfnfWdEDBMtunwfBGVDsCWrrkOyvVqg%3D%3D; Max-Age=31536000; Expires=Tue, 21-Jun-2022 02:07:17 GMT; Domain=a.vfghd.com; Path=/; Secure; HttpOnly;SameSite=None

GET
H2 200 sodar
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 35ms
16ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021061503&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 21 Jun 2021 02:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8472
x-xss-protection: 0

GET
H2 200 sodar2.js
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021061503.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 21 Jun 2021 02:07:17 GMT

GET
H3-29 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 3705 12 KB
5 KB 14ms
13ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://soo.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://soo.gd/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sun, 20 Jun 2021 22:33:34 GMT
expires: Mon, 20 Jun 2022 22:33:34 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12823
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe
www.google.com/recaptcha/api2/ Frame D22B 783 B
1 KB 35ms
16ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2rLjS9st86C5W3fN3qGosA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://soo.gd/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://soo.gd/

Response headers

expires: Mon, 21 Jun 2021 02:07:17 GMT
date: Mon, 21 Jun 2021 02:07:17 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-2rLjS9st86C5W3fN3qGosA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js
pagead2.googlesyndication.com/bg/ Frame 3705 14 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/r9UBjISocNAIJlYpJ9js6qS1QkxlF8WeLwKBT19OnPk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 16:27:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5758
x-xss-protection: 0
last-modified: Mon, 14 Jun 2021 13:18:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jun 2022 16:27:37 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=223&t=2&li=gpt_2021061503&jk=2383894889665006&bg=!dnWldTHNAAZktE7iZLQ7ACkAdvg8WigVAheEZUuvDc8jbomC_FTKm5PsUzUuPC_MB-stFQTpoi35zgIAAACFUgAAAA9oAQeZAmZwsRAKyFtPl-vQHFQlXZPb6dAh5pfWFXmHmtk5B1fEt3BCNZJ3vNLVpKU0X-RKJNUUZZghp7fxCrbEnk45xHtXVpX4AuFnkcdU6plYbxkqNzue9KjX5QDag-NjJwJMI8PG9EFFqdjT6YCA6VDk4kvIFaaRnLjjrvCUBliGK6YDjvokcslmC3uqZxqWluCP3uBVHlKvHfoDKmN54n-GYkCSoaSxStH9Z2NxciR24vqc_L2HYEeusx_PqkqOKrigYHMW1b7EVDf6j_f3aoFgKeV1qxOMrbxGsdDkFv-SZey7JWzjg_TMd-hDIRjfagq_o-zWGlAMt377ouxYpSJiY-14LS3ONs6w9iWyOS3-tXXNDlFRIutfk-f2HWYfytcDIIj1nvm5aw0zt2f7N7ohC6ZLNH-E2KidzlW3frslxG_MkfBuyGfXxs0GIelUgDu6ndJe764zgMqDBgQMPZd0F4x-2pQ99Q3MznEwGZDNr9feE9p0YbIgcTnvyP_Mn93cRzQ-Bdt5Q20w-XajIIQiXUY59LvLNqIPTWMEtlwbYFxAyAZGkmOc7kN0EA6omup4b7Uek-vtpEFZIiUHYSOrx1FHCWKqNkxsyzuOF56BCQuXvAG9LKDMM_aQf5fykpxdfm06dsByMI1HkDfdwihzEMzeGiKBaYmAzz2Y5EmjAIqv8jZxLwzTaS_DvML7g0_MBfTDOI9E2vwGFchhU-M4JPp-pZYtahks3rvUR0uB8nqvoWioIBrxRxkg3C8RvGIa8AKL9dd99uIJraxRjA4GCKh29NESQOT5UlaX5WSelW3lQbnD2sp5fg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://soo.gd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Jun 2021 02:07:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK history.js Show response
ckstatic.com/js/historyjs/ 23 KB
7 KB 130ms
31ms Script
text/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ckstatic.com/js/historyjs/history.js
Requested by: Host: sl.sloffer.link
URL: https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045

Request headers

Referer: https://sl.sloffer.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 21 Jun 2021 02:07:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Dec 2020 12:45:10 GMT
ETag: "1607431510"
X-HW: 1624241237.dop013.sk1.t,1624241237.cds001.sk1.shn,1624241237.dop013.sk1.t,1624241237.cds218.sk1.c
Content-Type: text/javascript
Cache-Control: public, max-age=457
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6880

GET
H2

200

/ Show response
s.aslnk.link/5wszez6v7k/44542/7646/24883/
Redirect Chain

https://t.crdefault.link/177036/1?aff_sub=&aff_sub2=&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&aff_sub4=&aff_sub5=&aff_unique1=&aff_unique2=&aff_unique3=&aff_unique4=&aff_unique5=&aff_click_id=&source=
https://a.vfgtg.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=;&affiliateID=44542&source=102162a8fe9043a92374331fa34ccd&subID2=177036&s2=102162a8fe9043a92374331fa34ccd&s3=;&s4=177036&url=1&target...
https://a.vfgtg.com/20aabc55-9fe1-45ac-bd10-4108cd0f740a?subID1=%3B&affiliateID=44542&source=102162a8fe9043a92374331fa34ccd&subID2=177036&Target=Default&Site=&Bnr=&cid=wdtcsb45hu1g3qf8ifuq3pdg&email=
https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_

2 KB
2 KB

428ms
415ms

Document
text/html

143.204.98.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_

Requested by

Host: sl.sloffer.link
URL: https://sl.sloffer.link/5wszez6v7k/177036/4140/11149/?aff_sub=&aff_sub2=&aff_sub4=&aff_sub5=&bo=2753%2C2754%2C2755%2C2756&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&source=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.48 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-48.fra50.r.cloudfront.net

Software

nginx/1.19.0 /

Resource Hash

fd9f40c81b32c565be664d840a130a5c4e84b6211a4267a8d4adb6cb5791628f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s.aslnk.link
:scheme: https
:path: /5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://sl.sloffer.link/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sl.sloffer.link/177036/2753?aff_sub4=&aff_sub5=&aff_sub3=w5giqv7q3p7g7qf822b1o1c8&nopop=1&boSequence=3&bo=2754%2C2755%2C2756

Response headers

content-type: text/html; charset=utf-8
server: nginx/1.19.0
date: Mon, 21 Jun 2021 02:07:19 GMT
vary: Accept-Encoding
set-cookie: aff_ran_url_7646=24883; Path=/; Expires=Tue, 22 Jun 2021 02:07:19 GMT; Secure enc_aff_session_7646=ENC03eae5ff23704d05f64c195e965993fc7d0145ac604b615faa6502def2b6b7fabdf798e2ffc348496c0d4e109e8fc16961d04f37e8698c57682b398b0dc69dc15aff1b77601d59880c7881b30524d93708437b966e7583e58670989a87f7fc0fbba4f104c60dadea18696f470349f8b14c3f670c81d3ac4098a8c250e69045341cc48c0eac8b9419304c1ce211fbd78e6cad634c1465f7e50e9eb2f867a12463374f362b86d61e32b2fa37a9d9a7ec0cbdb8aa09c1875b525bdf3ff60657df0981eddd9f330e7cc71e0d4fc970b74ab1c2ed2a80f5359ad6f57603ed879273b60d237cf12f; Path=/; Expires=Fri, 09 Jun 2023 20:07:19 GMT; Secure ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI4OS4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNiIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Wed, 15 May 2024 12:47:19 GMT; Secure
tracking_id: 10299e6b09d1ca4a3cd89e3aa14a8e
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: tuAgWMs3VgQEawpTOukcKNV8vjDFq0NbJ_AL54CGnv90wSzNmi21jw==

Redirect headers

Server: nginx
Date: Mon, 21 Jun 2021 02:07:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_
Pragma: no-cache
Set-Cookie: 20aabc55-9fe1-45ac-bd10-4108cd0f740a-v4=20aabc55-9fe1-45ac-bd10-4108cd0f740a; Max-Age=86400; Expires=Tue, 22-Jun-2021 02:07:18 GMT; Domain=a.vfgtg.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=nVM8ZsyyONu9vRYPAjGC7BVQ0YTmhnaUHmYCwO4Z1sZmI%2BSrb62T15r4wJ6Mad124bbc748k6D5mGR7cMzocQ29NV9uR7OlyHjbiFv%2BkESepX%2F0XGgjaOXbOYf4kP6UQA%2BOB1E9MjM5G80eGe2pspA%3D%3D; Max-Age=31536000; Expires=Tue, 21-Jun-2022 02:07:18 GMT; Domain=a.vfgtg.com; Path=/; Secure; HttpOnly;SameSite=None

GET
H/1.1 200
OK history.js Show response
ckstatic.com/js/historyjs/ 23 KB
7 KB 30ms
30ms Script
text/javascript 205.185.216.10
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ckstatic.com/js/historyjs/history.js
Requested by: Host: s.aslnk.link
URL: https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: map2.hwcdn.net
Software: /
Resource Hash: 2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045

Request headers

Referer: https://s.aslnk.link/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 21 Jun 2021 02:07:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Dec 2020 12:45:10 GMT
ETag: "1607431510"
X-HW: 1624241237.dop013.sk1.t,1624241237.cds001.sk1.shn,1624241237.dop013.sk1.t,1624241239.cds218.sk1.c
Content-Type: text/javascript
Cache-Control: public, max-age=455
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 6880

GET
H/1.1

200
OK

Primary Request / Show response
www.fling.com/tour-web/zanime004bgfade/
Redirect Chain

http://www.fling.com/enter.php?prg=1&t=best&id=crakmediapovfho&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
https://www.fling.com/enter.php?prg=1&t=best&id=crakmediapovfho&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44...

11 KB
4 KB

203ms
202ms

Document
text/html

66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Requested by: Host: s.aslnk.link
URL: https://s.aslnk.link/5wszez6v7k/44542/7646/24883/?aff_sub=%3B&aff_sub2=177036&aff_sub3=wka07rffpg18bqf8insmsk58&source=102162a8fe9043a92374331fa34ccd&nopop=1&bo=2753,2754,2755,2756&aff_sub5=_
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 66.254.114.237 , United States, ASN29789 (REFLECTED, US),
Reverse DNS: reflectededge.reflected.net
Software: nginx /
Resource Hash: 13eb672cf119179432ef60a98a18465fb1d472136ad2d6f9b885d2a2bdfab9bc

Request headers

Host: www.fling.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: _ot=best; RNLBSERVERID=ded5593
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.aslnk.link/44542/2753?aff_sub3=wka07rffpg18bqf8insmsk58&nopop=1&aff_sub5=_&boSequence=3&bo=2754%2C2755%2C2756&aff_sub=%3B&aff_sub2=177036&source=102162a8fe9043a92374331fa34ccd

Response headers

server: nginx
date: Mon, 21 Jun 2021 02:07:19 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"
set-cookie: ps7_crumb=W1sid2ViLXphbmltZTAwNGJnZmFkZSIsImNyYWttZWRpYXBvdmZobyIsIjIwMjEtMDYtMjAiLCIxMDI5OWU2YjA5ZDFjYTRhM2NkODllM2FhMTRhOGUiLCI0NDU0Mi4xNzcwMzZfIl1d; expires=Tue, 21-Jun-2022 02:07:19 GMT; Max-Age=31536000; path=/; domain=.fling.com
content-encoding: gzip
X-Request-ID: 60CFF457-42FE72ED01BB35BF-14BA6A

Redirect headers

server: nginx
date: Mon, 21 Jun 2021 02:07:19 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
set-cookie: _ot=best; expires=Tue, 22-Jun-2021 02:07:19 GMT; Max-Age=86400; path=/; domain=.fling.com fl_ref_url=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.fling.com RNLBSERVERID=ded5593; path=/
location: /tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
X-Request-ID: 60CFF457-42FE72ED01BB35BF-14BA69

GET
H2 200 styles.css
cachewp.fling.com/tour-mobile/zradarquiz/1583331831/ 907 B
721 B 196ms
34ms Stylesheet
text/css 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/tour-mobile/zradarquiz/1583331831/styles.css
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 3dca41ba04d94d1c3d895585c6c887f132ba496ce0ccfe688cf4876efb7fac0d

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:51 GMT
etag: W/"5e5fb9f7-38b"
content-type: text/css
cache-control: max-age=604800
x-cdn-diag: fra1-11028-2-4622-h-0-0---;11014-14-19123----0-0-1
expires: Wed, 11 Mar 2020 18:28:45 GMT

GET
H2 200 bootstrap.css
cachewp.fling.com/tour-mobile/css/1583331821/ 108 KB
22 KB 196ms
34ms Stylesheet
text/css 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/tour-mobile/css/1583331821/bootstrap.css
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: f7c124f7f2306e18c4b8f68c95becc8cac03f2eeee3a83c0bac5941b1bba42b2

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: W/"5e5fb9ed-1aeb6"
content-type: text/css
cache-control: max-age=604800
x-cdn-diag: fra1-11015-2-6830-h-0-0---;11014-14-19123----0-0-0
expires: Wed, 11 Mar 2020 18:28:17 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 2 KB
536 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 21 Jun 2021 01:27:57 GMT
server: ESF
date: Mon, 21 Jun 2021 02:07:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 21 Jun 2021 02:07:19 GMT

GET
H/1.1 200
OK black-and-yellow-bj.gif
www.fling.com/tour-mobile/zanime004bgfade/ 194 KB
194 KB 141ms
139ms Image
image/gif 66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fling.com/tour-mobile/zanime004bgfade/black-and-yellow-bj.gif
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 66.254.114.237 , United States, ASN29789 (REFLECTED, US),
Reverse DNS: reflectededge.reflected.net
Software: nginx /
Resource Hash: 4fc422f46071adc5a2f87c3069462c12b08f6e1baf96d17454de2b3c82b54024

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.fling.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Connection: keep-alive
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Thu, 15 Oct 2020 23:12:41 GMT
server: nginx
etag: "5f88d769-30779"
content-type: image/gif
set-cookie: RNLBSERVERID=ded5591; path=/
accept-ranges: bytes
content-length: 198521
X-Request-ID: 60CFF457-42FE72ED01BB35BF-14BA6D

GET
H/1.1 200
OK drawing1.png
www.fling.com/tour-mobile/zanime004bgfade/ 60 KB
60 KB 311ms
244ms Image
image/png 66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fling.com/tour-mobile/zanime004bgfade/drawing1.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 66.254.114.237 , United States, ASN29789 (REFLECTED, US),
Reverse DNS: reflectededge.reflected.net
Software: nginx /
Resource Hash: f61f90f783ffbc9b4a65f9caa98893030b5f50ab8089c6d204b54bddaadff888

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.fling.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Connection: keep-alive
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Thu, 15 Oct 2020 23:12:41 GMT
server: nginx
etag: "5f88d769-f083"
content-type: image/png
set-cookie: RNLBSERVERID=ded4064; path=/
accept-ranges: bytes
content-length: 61571
X-Request-ID: 60CFF458-42FE72ED01BB870C-14FF11

GET
H/1.1 200
OK drawing2.png
www.fling.com/tour-mobile/zanime004bgfade/ 48 KB
48 KB 318ms
251ms Image
image/png 66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fling.com/tour-mobile/zanime004bgfade/drawing2.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 66.254.114.237 , United States, ASN29789 (REFLECTED, US),
Reverse DNS: reflectededge.reflected.net
Software: nginx /
Resource Hash: 0399842729fa5a3a9923da6ae204ec6b210dfa62f6c81eafacf804d1619aba77

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.fling.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Connection: keep-alive
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Thu, 15 Oct 2020 23:12:41 GMT
server: nginx
etag: "5f88d769-c09c"
content-type: image/png
set-cookie: RNLBSERVERID=ded3964; path=/
accept-ranges: bytes
content-length: 49308
X-Request-ID: 60CFF458-42FE72ED01BB77A9-14D476

GET
H/1.1 200
OK drawing3.png
www.fling.com/tour-mobile/zanime004bgfade/ 89 KB
89 KB 318ms
249ms Image
image/png 66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fling.com/tour-mobile/zanime004bgfade/drawing3.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 66.254.114.237 , United States, ASN29789 (REFLECTED, US),
Reverse DNS: reflectededge.reflected.net
Software: nginx /
Resource Hash: 7b656653e88424a1d52320b36139a2237b10a19bf10f9dc2a0d5088feb6ae5e3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.fling.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Connection: keep-alive
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Thu, 15 Oct 2020 23:12:41 GMT
server: nginx
etag: "5f88d769-1622b"
content-type: image/png
set-cookie: RNLBSERVERID=ded5591; path=/
accept-ranges: bytes
content-length: 90667
X-Request-ID: 60CFF458-42FE72ED01BB35BF-14BA6E

GET
H2 200 jquery.min.js Show response
cachewp.fling.com/js/1583331821/ 91 KB
38 KB 34ms
34ms Script
application/javascript 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/js/1583331821/jquery.min.js
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: W/"5e5fb9ed-16cfb"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
x-cdn-diag: fra1-11028-1-4541-h-0-0---;11014-15-19123----0-0-0
expires: Wed, 11 Mar 2020 18:28:08 GMT

GET
H2 200 bootstrap.min.js Show response
cachewp.fling.com/tour-mobile/js/ 28 KB
9 KB 34ms
34ms Script
application/javascript 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/tour-mobile/js/bootstrap.min.js
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: W/"5e5fb9ed-71b6"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
x-cdn-diag: fra1-11037-1-44418-h-0-0---;11014-15-19123----0-0-0
expires: Mon, 16 Mar 2020 17:31:55 GMT

GET
H/1.1 200
OK imgcount.php
webmasters.hugetraffic.com/ct/ 42 B
301 B 579ms
131ms Image
image/gif 64.210.151.40
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webmasters.hugetraffic.com/ct/imgcount.php?a=crakmediapovfho&s=fl&t=web-zanime004bgfade&pr=pps&r=&p=main&i=82.102.20.44&cmp=44542.177036_&ad=10299e6b09d1ca4a3cd89e3aa14a8e&u1=&u2=&u4=best&custom_aclid=&custom_vclid=&custom_gclid=&custom_tour=&custom_thumb=
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 64.210.151.40 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: nginx /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
cache-control: no-cache, must-revalidate
server: nginx
content-type: image/gif
transfer-encoding: chunked
expires: Wed, 29 Apr 1992 23:15:00 GMT

GET
H/1.1 200
OK ctrack
ctrack.trafficjunky.net/ 35 B
822 B 407ms
136ms Image
image/gif 64.210.149.57
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ctrack.trafficjunky.net/ctrack?action=list&type=add&id=landing1&context=fling&cookiename=client_tracking
Requested by: Host: www.fling.com
URL: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 64.210.149.57 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: openresty /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Jun 2021 02:07:20 GMT
Server: openresty
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
P3p: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
Content-Type: image/gif
Access-Control-Allow-Headers: Content-Type
Content-Length: 35
Expires: Sun, 22 Jan 1984 03:00:00 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6988
date: Mon, 21 Jun 2021 00:10:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 21 Jun 2021 02:10:52 GMT

GET
H/1.1 200
OK main.php Show response
www.fling.com/ Frame 4603 45 KB
15 KB 396ms
329ms Document
text/html 66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

66.254.114.237 , United States, ASN29789 (REFLECTED, US),

Reverse DNS

reflectededge.reflected.net

Software

nginx /

Resource Hash

b2485e26dbbaed82407500c1ef6d7e54b9857883e0fe4b43b7d96096c4558bfb

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/

Request headers

Host: www.fling.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.fling.com/tour-web/zanime004bgfade/?prg=1&id=crakmediapovfho&tour=zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e&utm_source=crakmediapovfho&utm_medium=44542.177036_&utm_content=10299e6b09d1ca4a3cd89e3aa14a8e&utm_campaign=zanime004bgfade

Response headers

server: nginx
date: Mon, 21 Jun 2021 02:07:20 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
p3p: CP="This is not a P3P policy!"
content-security-policy: upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/
content-encoding: gzip
set-cookie: RNLBSERVERID=ded5593; path=/
X-Request-ID: 60CFF458-42FE72ED01BB77A9-14D477

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fling.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 19 Jun 2021 17:35:42 GMT
x-content-type-options: nosniff
age: 117098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 19 Jun 2022 17:35:42 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1640841108&utmhn=www.fling.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Fling&...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108&slf_rd=1&random=1289611031

42 B
522 B

36ms
17ms

Image
image/gif

2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108&slf_rd=1&random=1289611031

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 21 Jun 2021 02:07:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 21 Jun 2021 02:07:20 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4493458-1&cid=581753608.1624241240&jid=595459342&_v=5.7.2&z=1640841108&slf_rd=1&random=1289611031
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.min.js Show response
cachewp.fling.com/js/1583331821/ Frame 4603 91 KB
38 KB 35ms
34ms Script
application/javascript 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/js/1583331821/jquery.min.js
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: W/"5e5fb9ed-16cfb"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
x-cdn-diag: fra1-11028-1-4541-h-0-0---;11014-15-19123----0-0-0
expires: Wed, 11 Mar 2020 18:28:08 GMT

GET
H2 200 bootstrap.min.js Show response
cachewp.fling.com/tour-mobile/js/ Frame 4603 28 KB
9 KB 46ms
44ms Script
application/javascript 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/tour-mobile/js/bootstrap.min.js
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: W/"5e5fb9ed-71b6"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
x-cdn-diag: fra1-11037-1-44418-h-0-0---;11014-15-19123----0-0-0
expires: Mon, 16 Mar 2020 17:31:55 GMT

GET
H2 200 bootstrap-slider.min.js Show response
cachewp.fling.com/tour-mobile/js/ Frame 4603 26 KB
8 KB 46ms
45ms Script
application/javascript 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/tour-mobile/js/bootstrap-slider.min.js
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 926ac5c114974a527367752eef1ab86bdb364c34fafb39e9b976c7ab0c2adda6

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: W/"5e5fb9ed-6647"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
x-cdn-diag: fra1-11014-2-32381-h-0-0---;11014-15-19123----0-0-0
expires: Fri, 13 Mar 2020 21:15:16 GMT

GET
H2 200 quiz.css
cachewp.fling.com/tour-mobile/css/1607535813/ Frame 4603 10 KB
3 KB 46ms
44ms Stylesheet
text/css 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/tour-mobile/css/1607535813/quiz.css
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: ba460174c9dc078219d09c07d87bafea2108f33cc88687af79ed0105fc117e8c

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 09 Dec 2020 17:43:33 GMT
etag: W/"5fd10cc5-271d"
content-type: text/css
cache-control: max-age=604800
x-cdn-diag: fra1-11014-2-32381-h-0-0---;11014-15-19123----0-0-0
expires: Wed, 16 Dec 2020 18:01:58 GMT

GET
H2 200 mobile.css
cachewp.fling.com//css/1583331817/ Frame 4603 64 KB
16 KB 46ms
46ms Stylesheet
text/css 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com//css/1583331817/mobile.css
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 6f1c442a2be5a8b6aabcd80e4241e206d6668ab8bac0c3334479f0df6cee370e

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:37 GMT
etag: W/"5e5fb9e9-101af"
content-type: text/css
cache-control: max-age=604800
x-cdn-diag: fra1-11037-1-44418-h-0-0---;11014-15-19123----0-0-1
expires: Tue, 07 Apr 2020 22:03:48 GMT

GET
H2 200 bootstrap-slider.min.css
cachewp.fling.com/tour-mobile/css/1583331821/ Frame 4603 7 KB
2 KB 47ms
47ms Stylesheet
text/css 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/tour-mobile/css/1583331821/bootstrap-slider.min.css
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 0360ecbcfe953afbd83616c218ff5b0aec595fac04c136179dadc3f46e33d4ff

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: W/"5e5fb9ed-1c36"
content-type: text/css
cache-control: max-age=604800
x-cdn-diag: fra1-11037-1-44418-h-0-0---;11014-15-19123----0-0-1
expires: Wed, 11 Mar 2020 19:19:47 GMT

GET
H/1.1 200
OK fl_logo_mobile.png
www.fling.com/images/mobile/ Frame 4603 8 KB
8 KB 146ms
146ms Image
image/png 66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.fling.com/images/mobile/fl_logo_mobile.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 66.254.114.237 , United States, ASN29789 (REFLECTED, US),
Reverse DNS: reflectededge.reflected.net
Software: nginx /
Resource Hash: 14673647a1cb45d106478d06a134e1078ca1bbf882a62dca233077a3c2f8e8f0

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.fling.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Cookie: __utma=233692033.581753608.1624241240.1624241240.1624241240.1; __utmc=233692033; __utmz=233692033.1624241240.1.1.utmcsr=crakmediapovfho|utmccn=zanime004bgfade|utmcmd=44542.177036_|utmcct=10299e6b09d1ca4a3cd89e3aa14a8e; __utmt=1; __utmb=233692033.1.10.1624241240; RNLBSERVERID=ded5593
Connection: keep-alive
Referer: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
server: nginx
etag: "5e5fb9ed-1f3e"
content-type: image/png
accept-ranges: bytes
content-length: 7998
X-Request-ID: 60CFF458-42FE72ED01BB35BF-14BA70

GET
H2 200 fp.css
cachewp.fling.com/css/fp/1583331817/ Frame 4603 3 KB
1 KB 34ms
34ms Stylesheet
text/css 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/css/fp/1583331817/fp.css
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: aeaed3bdf9f33e78c740c4a1796854d25cf1dfacbe8ac2e977d136dd454a2ec8

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Wed, 04 Mar 2020 14:23:37 GMT
etag: W/"5e5fb9e9-b9e"
content-type: text/css
cache-control: max-age=604800
x-cdn-diag: fra1-11028-2-4611-h-0-0---;11014-16-19123----0-0-0
expires: Wed, 11 Mar 2020 18:28:16 GMT

GET
H2 200 fp.js Show response
cachewp.fling.com/js/1591373362/ Frame 4603 20 KB
8 KB 38ms
34ms Script
application/javascript 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL: https://cachewp.fling.com/js/1591373362/fp.js
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: aca602562ff4e3f90ff2d83f85c87298ba98e107fa1d108137dd502783098aad

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
last-modified: Fri, 05 Jun 2020 16:09:22 GMT
etag: W/"5eda6e32-50ed"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
x-cdn-diag: fra1-11015-3-6871-h-0-0---;11014-15-19123----0-0-0
expires: Fri, 12 Jun 2020 18:35:36 GMT

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ Frame 4603 852 B
578 B 27ms
23ms Script
text/javascript 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1770a97ddd7eadc7546e544e0fa3e6891fb019ad3c3334b306e0ae2691aec692

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 557
x-xss-protection: 1; mode=block
expires: Mon, 21 Jun 2021 02:07:20 GMT

GET
H2 200 sc_1.png
cachemd.fling.com/images/ Frame 4603 2 KB
2 KB 74ms
35ms Image
image/png 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cachemd.fling.com/images/sc_1.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 6909d16bf86cf6e5cd4ae5230b1db7c10de060f018db8e01bf3ee19e868127e8

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Tue, 12 Jan 2016 17:04:21 GMT
etag: "56953215-832"
content-type: image/png
access-control-allow-origin: *
x-cdn-diag: fra1-11037-2-44465-h-0-0---;11014-17-19123----0-0-0
accept-ranges: bytes
content-length: 2098

GET
H2 200 sc_2.png
cachemd.fling.com/images/ Frame 4603 2 KB
2 KB 73ms
34ms Image
image/png 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cachemd.fling.com/images/sc_2.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: c51324c21730f57a58193211b696356b8e748c72d669a0d86579aa273d322642

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Tue, 12 Jan 2016 17:04:21 GMT
etag: "56953215-831"
content-type: image/png
access-control-allow-origin: *
x-cdn-diag: fra1-11015-1-6759-h-0-0---;11014-17-19123----0-0-0
accept-ranges: bytes
content-length: 2097

GET
H2 200 ico_twitter.png
cachewp.fling.com/tour-mobile//images/ Frame 4603 2 KB
2 KB 36ms
34ms Image
image/png 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cachewp.fling.com/tour-mobile//images/ico_twitter.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: cf3c152cc66d0938bd6721443e9c1bfabb53e4b4d73b525f8fc4ae9fc7cc803a

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: "5e5fb9ed-848"
content-type: image/png
cache-control: max-age=604800
x-cdn-diag: fra1-11037-2-44463-h-0-0---;11014-15-19123----0-0-0
accept-ranges: bytes
content-length: 2120
expires: Tue, 17 Mar 2020 13:36:56 GMT

GET
H2 200 ico_instagram.png
cachewp.fling.com/tour-mobile/images/ Frame 4603 11 KB
11 KB 37ms
35ms Image
image/png 66.254.122.16
REFLECTED

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cachewp.fling.com/tour-mobile/images/ico_instagram.png
Requested by: Host: www.fling.com
URL: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.254.122.16 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software: /
Resource Hash: 1b33f74962b339f632b0ee4e8453c5b04ef5d84686a4ec6f27027f12441ba32b

Request headers

Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 21 Jun 2021 02:07:20 GMT
last-modified: Wed, 04 Mar 2020 14:23:41 GMT
etag: "5e5fb9ed-2c13"
content-type: image/png
cache-control: max-age=604800
x-cdn-diag: fra1-11037-2-44463-h-0-0---;11014-15-19123----0-0-0
accept-ranges: bytes
content-length: 11283
expires: Tue, 17 Mar 2020 13:36:57 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/ Frame 4603 341 KB
133 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/FDTCuNjXhn1sV0lk31aK53uB/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ab6a25b3bfe17a0705d5017781df867ba5ccb3238943115697016ffd35e19e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.fling.com
Referer: https://www.fling.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 20 Jun 2021 20:10:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21385
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135774
x-xss-protection: 0
last-modified: Tue, 15 Jun 2021 23:22:36 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 20 Jun 2022 20:10:55 GMT

GET
H/1.1 200
OK main.php Show response
www.fling.com/ Frame 4603 23 B
779 B 214ms
213ms XHR
text/html 66.254.114.237
REFLECTED

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fling.com/main.php?a=user.validate_data&field=location_id&value=DK_Copenhagen

Requested by

Host: cachewp.fling.com
URL: https://cachewp.fling.com/js/1583331821/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

66.254.114.237 , United States, ASN29789 (REFLECTED, US),

Reverse DNS

reflectededge.reflected.net

Software

nginx /

Resource Hash

6e9e0b789626a6164a3d8604309a8f7dd93a5126d59a02100beb4c4447fbf075

Security Headers

Name

Value

Content-Security-Policy

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.fling.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Content-Type: JSON
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: __utma=233692033.581753608.1624241240.1624241240.1624241240.1; __utmc=233692033; __utmz=233692033.1624241240.1.1.utmcsr=crakmediapovfho|utmccn=zanime004bgfade|utmcmd=44542.177036_|utmcct=10299e6b09d1ca4a3cd89e3aa14a8e; __utmt=1; __utmb=233692033.1.10.1624241240; RNLBSERVERID=ded5593
Connection: keep-alive
Referer: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
Accept: */*
Referer: https://www.fling.com/main.php?a=user.registerfp_mobile&no_header=1&id=crakmediapovfho&prg=1&tour=web-zanime004bgfade&ot=best&cmp=44542.177036_&ad_id=10299e6b09d1ca4a3cd89e3aa14a8e
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: JSON

Response headers

date: Mon, 21 Jun 2021 02:07:21 GMT
content-encoding: gzip
server: nginx
transfer-encoding: chunked
p3p: CP="This is not a P3P policy!"
content-security-policy: upgrade-insecure-requests; default-src *; media-src * data: blob: rtmp: mediastream:; child-src * data: blob: gsa: webviewprogressproxy:; img-src * data: blob: android-webview-video-poster:; script-src * 'unsafe-inline' 'unsafe-eval' data: opera:; frame-src * 'unsafe-inline' data: gsa: webviewprogressproxy:; style-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' ws: wss:; font-src * data:; object-src *; report-uri /members/util/log_csp/
content-type: text/html; charset=UTF-8
X-Request-ID: 60CFF458-42FE72ED01BB77A9-14D479

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fling.com/	1969-12-31 23:59:59	Name: RNLBSERVERID Value: ded5593
.fling.com/	1970-01-19 19:10:43	Name: __utmb Value: 233692033.1.10.1624241240
.fling.com/	1970-01-19 23:33:29	Name: __utmz Value: 233692033.1624241240.1.1.utmcsr=crakmediapovfho\|utmccn=zanime004bgfade\|utmcmd=44542.177036_\|utmcct=10299e6b09d1ca4a3cd89e3aa14a8e
.fling.com/	1969-12-31 23:59:59	Name: __utmc Value: 233692033
.fling.com/	1970-01-19 19:10:41	Name: __utmt Value: 1
.fling.com/	1970-01-20 12:41:53	Name: __utma Value: 233692033.581753608.1624241240.1624241240.1624241240.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.vfghd.com
a.vfgtg.com
adservice.google.com
adservice.google.de
cachemd.fling.com
cachewp.fling.com
ckstatic.com
ctrack.trafficjunky.net
d4dda5857069f182137ac9dbe5633602.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
pagead2.googlesyndication.com
s.aslnk.link
securepubads.g.doubleclick.net
sl.sloffer.link
soo.gd
ssl.google-analytics.com
stats.g.doubleclick.net
t.crdefault.link
tpc.googlesyndication.com
webmasters.hugetraffic.com
www.fling.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
142.250.181.226
143.204.98.48
18.195.149.11
205.185.216.10
2606:4700:3033::ac43:a8ca
2a00:1450:4001:803::2004
2a00:1450:4001:808::2002
2a00:1450:4001:808::200e
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2002
2a00:1450:4001:812::2002
2a00:1450:4001:828::2008
2a00:1450:4001:82a::2008
2a00:1450:4001:830::2001
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c08::9a
64.210.149.57
64.210.151.40
66.254.114.237
66.254.122.16
0360ecbcfe953afbd83616c218ff5b0aec595fac04c136179dadc3f46e33d4ff
0399842729fa5a3a9923da6ae204ec6b210dfa62f6c81eafacf804d1619aba77
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1384e9092a8cf8b9304a7680c12efd9172ff9c75082fad5bce00a0f7ac3ea502
13eb672cf119179432ef60a98a18465fb1d472136ad2d6f9b885d2a2bdfab9bc
1432cc14f91d4e58b5c32a73b98e4e7be4e36376cda2d05f58713d39b1551c7f
14673647a1cb45d106478d06a134e1078ca1bbf882a62dca233077a3c2f8e8f0
1770a97ddd7eadc7546e544e0fa3e6891fb019ad3c3334b306e0ae2691aec692
1b33f74962b339f632b0ee4e8453c5b04ef5d84686a4ec6f27027f12441ba32b
2324fa2acc1382ed8b1306e981e5c2273e57a0532efd1d6a5a0a4a0aab22d045
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
3dca41ba04d94d1c3d895585c6c887f132ba496ce0ccfe688cf4876efb7fac0d
408abc3a5bedff37056ecb1ba4872225de8a269ffe9aa04fd8fd38a7e7ec5116
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4fc422f46071adc5a2f87c3069462c12b08f6e1baf96d17454de2b3c82b54024
6909d16bf86cf6e5cd4ae5230b1db7c10de060f018db8e01bf3ee19e868127e8
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e9e0b789626a6164a3d8604309a8f7dd93a5126d59a02100beb4c4447fbf075
6f1c442a2be5a8b6aabcd80e4241e206d6668ab8bac0c3334479f0df6cee370e
7ab6a25b3bfe17a0705d5017781df867ba5ccb3238943115697016ffd35e19e0
7b656653e88424a1d52320b36139a2237b10a19bf10f9dc2a0d5088feb6ae5e3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
926ac5c114974a527367752eef1ab86bdb364c34fafb39e9b976c7ab0c2adda6
99155f31d46dc469aa872ce824309fae9210fb9357f463b889d617b85b35eb61
9a2c0a3b3510b56be29d68362d3e731986fdc810bb57d6ed461185b278ff89e2
aca602562ff4e3f90ff2d83f85c87298ba98e107fa1d108137dd502783098aad
aeaed3bdf9f33e78c740c4a1796854d25cf1dfacbe8ac2e977d136dd454a2ec8
b2485e26dbbaed82407500c1ef6d7e54b9857883e0fe4b43b7d96096c4558bfb
ba460174c9dc078219d09c07d87bafea2108f33cc88687af79ed0105fc117e8c
c51324c21730f57a58193211b696356b8e748c72d669a0d86579aa273d322642
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf3c152cc66d0938bd6721443e9c1bfabb53e4b4d73b525f8fc4ae9fc7cc803a
d17e078954e5a9a79ca1c06ec01572cb3d12308fcd4cb744ba31254ce173f488
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
f61f90f783ffbc9b4a65f9caa98893030b5f50ab8089c6d204b54bddaadff888
f7c124f7f2306e18c4b8f68c95becc8cac03f2eeee3a83c0bac5941b1bba42b2
fd9f40c81b32c565be664d840a130a5c4e84b6211a4267a8d4adb6cb5791628f

www.fling.com Open in urlscan Pro 66.254.114.237 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

65 %IPv6

19 Domains

28 Subdomains

21 IPs

3 Countries

1000 kBTransfer

1988 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fling.com Open in urlscan Pro
66.254.114.237 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

65 %
IPv6

19
Domains

28
Subdomains

21
IPs

3
Countries

1000 kB
Transfer

1988 kB
Size

6
Cookies

52 HTTP transactions
0 data transactions