urlscan.io logo urlscan.io
SecurityTrails logo

oneoftfew.com Open in urlscan Pro
104.21.50.24  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://storage.googleapis.com/hamnad/uurtmmm.html#c18284fKnGC16083144ILGT697anl25251vDDC1327
Effective URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Submission Tags: phishing/scam e-mail links
Submission: On September 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 28 HTTP transactions. The main IP is 104.21.50.24, located in and belongs to CLOUDFLARENET, US. The main domain is oneoftfew.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 27th 2021. Valid for: a year.
This is the only time oneoftfew.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 216.58.212.176 15169 (GOOGLE)
1 2 144.126.218.96 14061 (DIGITALOC...)
1 193.124.15.34 49392 (ASBAXETN)
1 1 104.21.78.202 13335 (CLOUDFLAR...)
5 104.21.50.24 13335 (CLOUDFLAR...)
1 142.250.185.234 15169 (GOOGLE)
5 104.21.77.189 13335 (CLOUDFLAR...)
2 31.13.92.14 32934 (FACEBOOK)
2 143.204.98.115 16509 (AMAZON-02)
2 104.19.133.78 13335 (CLOUDFLAR...)
2 142.250.186.35 15169 (GOOGLE)
3 35.186.226.184 15169 (GOOGLE)
3 31.13.92.36 32934 (FACEBOOK)
28 12
1    216.58.212.176 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f176.1e100.net
storage.googleapis.com
2    144.126.218.96 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
crystals.com.de
1    193.124.15.34 (Czech Republic)

ASN49392 (ASBAXETN, RU)
PTR: 193-124-15-34.telecomgroupdesign.com
cloridepink.com
1    104.21.78.202 (None, )

ASN13335 (CLOUDFLARENET, US)
currentfunction.com
5    104.21.50.24 (None, )

ASN13335 (CLOUDFLARENET, US)
oneoftfew.com
1    142.250.185.234 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f10.1e100.net
fonts.googleapis.com
5    104.21.77.189 (None, )

ASN13335 (CLOUDFLARENET, US)
trk-aliquando.com
event.trk-aliquando.com
2    31.13.92.14 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-frt3.fbcdn.net
connect.facebook.net
2    143.204.98.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-115.fra50.r.cloudfront.net
sc-static.net
2    104.19.133.78 (None, )

ASN13335 (CLOUDFLARENET, US)
a.mgid.com
2    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
fonts.gstatic.com
3    35.186.226.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com
tr.snapchat.com
3    31.13.92.36 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-frt3.facebook.com
www.facebook.com
Domain Requested by
5 oneoftfew.com cloridepink.com
oneoftfew.com
4 event.trk-aliquando.com trk-aliquando.com
3 www.facebook.com oneoftfew.com
3 tr.snapchat.com oneoftfew.com
2 fonts.gstatic.com fonts.googleapis.com
2 a.mgid.com oneoftfew.com
2 sc-static.net oneoftfew.com
sc-static.net
2 connect.facebook.net oneoftfew.com
connect.facebook.net
2 crystals.com.de 1 redirects storage.googleapis.com
1 trk-aliquando.com oneoftfew.com
1 fonts.googleapis.com oneoftfew.com
1 currentfunction.com 1 redirects
1 cloridepink.com crystals.com.de
1 storage.googleapis.com
28 14

This site contains no links.

Subject Issuer Validity Valid
*.storage.googleapis.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
cloridepink.com
R3		 2021-08-24 -
2021-11-22		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-27 -
2022-07-26		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-09 -
2021-12-08		 3 months crt.sh
sc-static.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-11 -
2022-02-15		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-30 -
2021-11-22		 3 months crt.sh
tr.snapchat.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-19 -
2022-01-23		 a year crt.sh

This page contains 4 frames:

Primary Page: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Frame ID: 83B6624729741E0D265187976DAA4157
Requests: 23 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=cc25c7df-1e44-4f51-8ff1-8c175d6334c1
Frame ID: 18FF9A16886B07CFE108448FFE5F8724
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: 9031F4B9DBA0708570DE349D54D954EB
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: 56B306CEE0135359EA203A02A2729E4D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Get Protected with McAfee AntiVirus

Page URL History Show full URLs

  1. https://storage.googleapis.com/hamnad/uurtmmm.html Page URL
  2. http://crystals.com.de/rd/c18284fKnGC16083144ILGT697anl25251vDDC1327 Page URL
  3. http://crystals.com.de/track/c18284fKnGC16083144ILGT697anl25251vDDC1327 HTTP 302
    https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251 Page URL
  4. https://currentfunction.com/us-mcf-3/index_2.php?id=91&s1=350946&s2=612126966&s3=2546&s4=0 HTTP 302
    https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

28
Requests

96 %
HTTPS

0 %
IPv6

12
Domains

14
Subdomains

12
IPs

4
Countries

260 kB
Transfer

715 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/hamnad/uurtmmm.html Page URL
  2. http://crystals.com.de/rd/c18284fKnGC16083144ILGT697anl25251vDDC1327 Page URL
  3. http://crystals.com.de/track/c18284fKnGC16083144ILGT697anl25251vDDC1327 HTTP 302
    https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251 Page URL
  4. https://currentfunction.com/us-mcf-3/index_2.php?id=91&s1=350946&s2=612126966&s3=2546&s4=0 HTTP 302
    https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://crystals.com.de/track/c18284fKnGC16083144ILGT697anl25251vDDC1327 HTTP 302
  • https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
uurtmmm.html
storage.googleapis.com/hamnad/ 		250 B
845 B 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/hamnad/uurtmmm.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.176 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f176.1e100.net
Software
UploadServer /
Resource Hash

Request headers

:method
GET
:authority
storage.googleapis.com
:scheme
https
:path
/hamnad/uurtmmm.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-guploader-uploadid
ADPycdvbj62IecBhfXWxw_UJGhll7XGjb4PBs7GgMg4DZUFnt41irscPyl_paNCgW1yRFm9qpoJG3qYozDJtztG5h7M
expires
Mon, 27 Sep 2021 17:35:26 GMT
date
Mon, 27 Sep 2021 16:35:26 GMT
last-modified
Sun, 01 Aug 2021 23:28:04 GMT
etag
"47fc2f1010ebb72f60768623edadbdb2"
x-goog-generation
1627860484063418
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
250
content-type
text/html
x-goog-hash
crc32c=C9XmNw== md5=R/wvEBDrty9gdoYj7a29sg==
x-goog-storage-class
STANDARD
accept-ranges
bytes
content-length
250
server
UploadServer
age
2443
cache-control
public, max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
c18284fKnGC16083144ILGT697anl25251vDDC1327
crystals.com.de/rd/ 		235 B
352 B 		Document
General
Check archive.org
Download Go to
Full URL
http://crystals.com.de/rd/c18284fKnGC16083144ILGT697anl25251vDDC1327
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/hamnad/uurtmmm.html
Protocol
HTTP/1.1
Server
144.126.218.96 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Host
crystals.com.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Content-Type
text/html; charset=utf-8
Date
Mon, 27 Sep 2021 17:16:09 GMT
Content-Length
235
16083144-697-25251
cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/
Redirect Chain
  • http://crystals.com.de/track/c18284fKnGC16083144ILGT697anl25251vDDC1327
  • https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251
153 B
485 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251
Requested by
Host: crystals.com.de
URL: http://crystals.com.de/rd/c18284fKnGC16083144ILGT697anl25251vDDC1327
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.124.15.34 , Czech Republic, ASN49392 (ASBAXETN, RU),
Reverse DNS
193-124-15-34.telecomgroupdesign.com
Software
Apache /
Resource Hash

Request headers

Host
cloridepink.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://crystals.com.de/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://crystals.com.de/rd/c18284fKnGC16083144ILGT697anl25251vDDC1327

Response headers

date
Mon, 27 Sep 2021 17:16:11 GMT
content-type
text/html; charset=UTF-8
server
Apache
set-cookie
uid2546=612126966-20210927131611-4bc7106784929d88713e33ccfb38fe2f-0; domain=; path=/; SameSite=None; Secure
content-encoding
gzip
transfer-encoding
chunked
vary
Accept-Encoding

Redirect headers

Content-Type
text/html; charset=utf-8
Location
https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251
Date
Mon, 27 Sep 2021 17:16:10 GMT
Content-Length
121
Primary Request /
oneoftfew.com/us-mcf-3/
Redirect Chain
  • https://currentfunction.com/us-mcf-3/index_2.php?id=91&s1=350946&s2=612126966&s3=2546&s4=0
  • https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Requested by
Host: cloridepink.com
URL: https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.50.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
438ed1e3939209a37d034e3de46b6d6751dad04fce25e345e54de98440ca266d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
oneoftfew.com
:scheme
https
:path
/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://cloridepink.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://cloridepink.com/0/2/7843/0c407b7d39bc3ee58395bcec40d567ec/12/1327-18284/16083144-697-25251

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
content-type
text/html; charset=UTF-8
set-cookie
PHPSESSID=dfb802c0b01771053617db87c45130cf; path=/; secure
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YF1%2BRYfJBQWKWKKRTNlf0bjRHPcju3Yy6Ax5HPcxe%2BL5xjj3vH7mzzU5tzaQ%2BifEWNN1%2FoeeDreY75T0GlOGj08a9tBvmWFOjMtJu%2B7aAclU4Q2YDEV7dgvO%2FaWY7ysO"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
695660df0aa6dfcf-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Mon, 27 Sep 2021 17:16:11 GMT
content-type
text/html; charset=UTF-8
location
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
set-cookie
PHPSESSID=4fbd861e1b6768771ea585b4fcc3038b; path=/; secure
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-cache, no-store, must-revalidate, max-age=0
pragma
no-cache
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
vary
User-Agent
x-turbo-charged-by
LiteSpeed
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KPhV428n5%2F5%2FOkOsW3tn2mGYdQ0ijagGwsSIwbNujJ6Bbjzz86RdKcq5T1gKk2QJpR0g6LEHP1M6iW0n16tfZat0LNFyYFrnZRpNrnFavPKQsDFL4Mqpm4l5piXUOO5tqwVE2rjr"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
695660de2c8c412b-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
css2
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f10.1e100.net
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 15:52:45 GMT
server
ESF
date
Mon, 27 Sep 2021 17:16:12 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 27 Sep 2021 17:16:12 GMT
msg.js
oneoftfew.com/inc/ 		849 B
791 B 		Script
General
Check archive.org
Download Go to
Full URL
https://oneoftfew.com/inc/msg.js
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.50.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05b3a277980f5493f1feca82a6493c8dc83f5a43dff796736559be1077ccec1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/inc/msg.js
pragma
no-cache
cookie
PHPSESSID=dfb802c0b01771053617db87c45130cf
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
oneoftfew.com
referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
560903
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 26 Mar 2021 17:15:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JoX8CBSmN89%2FUmV1fIGV6RhDJTucA260ZUUY9xU%2Fzwva%2F2zuc%2F14Vj52eOkqIyjyxIS4k9cuZMX2IL%2BkZc0hcO7vjGCp9DXw1QAC55RVinfOemLggnPC%2FcSD5Ni5cjAp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
695660df8b66dfcf-FRA
expires
Tue, 28 Sep 2021 05:27:49 GMT
fbcode1.js
oneoftfew.com/inc/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oneoftfew.com/inc/fbcode1.js
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.50.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43fccd349655df7497727c1c95d4fd97033f8aaf649067cbafb2b6d2751cf340
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/inc/fbcode1.js
pragma
no-cache
cookie
PHPSESSID=dfb802c0b01771053617db87c45130cf
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
oneoftfew.com
referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
172637
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Wed, 07 Oct 2020 23:35:40 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XRKSKWDxnWQH%2FOXLvljfrqJ1U4Ll%2BoXgZQF5f61vPkgw1JKFrlhHe7w4aJ6BV%2FMTwO8AEPY%2BLW7QUf0EPARoBab3rERcKlQcilwJmypIuABiyGaNcvx%2BOVR5nLUxkD0v"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding,User-Agent,User-Agent
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
695660df8b67dfcf-FRA
expires
Sat, 02 Oct 2021 17:18:55 GMT
logo.png
oneoftfew.com/us-mcf-3/assets/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oneoftfew.com/us-mcf-3/assets/logo.png
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6dab0e01e7ec2aeee2c27dcc8810858180477f98eefe399e717bd1b883f45ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/us-mcf-3/assets/logo.png
pragma
no-cache
cookie
PHPSESSID=dfb802c0b01771053617db87c45130cf
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
oneoftfew.com
referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
454517
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
4428
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jun 2020 20:25:36 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAwndFJrv0v4pTdtPflwobQGlj7ltGah5jdHzpLJ827OCSK1tFbFbraPmt2j8ULCL2z9OxoUXjyWYkL%2FUNdeV0r2pcUeTQ3miuizaXjPpVhGCc9yvmdyJrwc8B2cQY52"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
cf-ray
695660dfa9495c08-FRA
expires
Wed, 29 Sep 2021 11:00:55 GMT
image.php
oneoftfew.com/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oneoftfew.com/image.php?img=productimages/mcafelander.png
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95958f0c4313f0a2e0351037c53cb8ad529a35a8f8acce02e63aefc630cca3f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/image.php?img=productimages/mcafelander.png
pragma
no-cache
cookie
PHPSESSID=dfb802c0b01771053617db87c45130cf
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
oneoftfew.com
referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
24482
x-xss-protection
1; mode=block
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARPhZFHhjS7necANE0BvnkILr2Q4YLlYpQLoVnBPz5zWb4qe%2FY71GP%2Fk4JPFgB91GbRAt3STEw5i6IlxiCO9DgrGZ3SzowWtdn66T6v%2FnxWPWl1UnPJrxiptei0HeniG"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
cf-ray
695660dfb98e5c08-FRA
expires
Mon, 04 Oct 2021 17:16:12 GMT
v9e118mez8
trk-aliquando.com/scripts/push/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk-aliquando.com/scripts/push/v9e118mez8
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/inc/msg.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.189 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb491e2aca01081c812645fa7c5c20e8f379f3f49dfe88c938b5cdf6d7c9b918
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0THs8BY%2BmMp36o%2Fo8z0wbClKxGw2KgKIUe1SsF67hLzaFDpV4ojC2cD0VkI%2F3mtuMwC0nhcOjn3fCaxNn8aq23IKEi5ELMHkJASdwY29xEg3MAO%2FlQSppwlSdJPm%2F1iIlNIag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
cf-ray
695660e02afd4131-PRG
expires
0
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/inc/fbcode1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.92.14 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-frt3.fbcdn.net
Software
/
Resource Hash
ab43cf929d649dba8ce38c92dec4849c8049b678fec9942ae08df5ca57757280
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
25969
x-xss-protection
0
pragma
public
x-fb-debug
pn2hb0T3rCHqqTF2/rH+JAR4d5AuKJrKimeVWpe5jPclDI+CCwYuFuZkmY+aKXG6/wDnDT/WFZBioTsG/nSA7w==
x-fb-trip-id
686109401
x-frame-options
DENY
date
Mon, 27 Sep 2021 17:16:12 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
scevent.min.js
sc-static.net/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/inc/fbcode1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-115.fra50.r.cloudfront.net
Software
CloudFront /
Resource Hash
a92b99b413aa8afe65e9a4943c148fdedab142e7b913dafc52a040d850a5b197

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
content-encoding
gzip
server
CloudFront
x-edge-origin-shield-skipped
0
x-cache
LambdaGeneratedResponse from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
x-amz-cf-pop
FRA50-C1
access-control-allow-headers
Content-Type
content-length
5873
via
1.1 055d899361491602a9ef1eb0cdc5e337.cloudfront.net (CloudFront)
x-amz-cf-id
WrlsfjkOy68IQNlV8wCHw8tIIcI5HEVazrOF9AJ_pVHVXx1TBgInWg==
mgsensor.js
a.mgid.com/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.mgid.com/mgsensor.js?d=1632762972125
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/inc/fbcode1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b127181486c082afd048feabd5f69153c3993ccccc57085e4018609ed68f43c3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 27 Sep 2021 17:16:12 GMT
content-encoding
br
cf-cache-status
DYNAMIC
x-mg-request-uuid
aadcf8db-555f-48aa-b3a0-f5e72228c530
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
695660e00cc54dc4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server
cloudflare
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://oneoftfew.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:31:41 GMT
x-content-type-options
nosniff
age
434671
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 16:31:41 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://oneoftfew.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 22 Sep 2021 16:31:45 GMT
x-content-type-options
nosniff
age
434667
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 22 Sep 2022 16:31:45 GMT
399694290689525
connect.facebook.net/signals/config/ 		490 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/399694290689525?v=2.9.46&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.92.14 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-frt3.fbcdn.net
Software
/
Resource Hash
dcad4e540b077a7b7b705f177cea01553d25256a487fed9f05edd359d15dba45
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
8esFCFc/24CXg7PRtAzVnNXsnd4gTSAo9x8p66RLaH3FunyMFMAYuMxSns+To81XgkkPUZn+OzebEHLa2JXzXQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Mon, 27 Sep 2021 17:16:12 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
i
tr.snapchat.com/cm/ Frame 18FF 		0
262 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/cm/i?pid=cc25c7df-1e44-4f51-8ff1-8c175d6334c1
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
tr.snapchat.com
:scheme
https
:path
/cm/i?pid=cc25c7df-1e44-4f51-8ff1-8c175d6334c1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://oneoftfew.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/

Response headers

server
nginx/1.17.3
date
Mon, 27 Sep 2021 17:16:12 GMT
content-type
text/html
content-length
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
js-sha256-v1.min.js
sc-static.net/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc-static.net/js-sha256-v1.min.js
Requested by
Host: sc-static.net
URL: https://sc-static.net/scevent.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-115.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ba3d77e0be4f968f93a865602a9d4c51631083244a570b7a31690cc9e414a253

Request headers

Referer
https://oneoftfew.com/
Origin
https://oneoftfew.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 00:47:32 GMT
content-encoding
gzip
age
59321
x-edge-origin-shield-skipped
0
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Fri, 05 Apr 2019 00:32:08 GMT
server
AmazonS3
etag
W/"68f2467c84878293c9ee497dbc99a17f"
vary
Accept-Encoding,Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 e38834cd8f7f79ef118dc9bba0861780.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Type
cache-control
public, s-maxage=86400, max-age=600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
9NiNpmsUoGv2eliybmKZ_VPOp81uTGjDnNtIB246-fUeBDhUpB0KyA==
p
tr.snapchat.com/ Frame 9031 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
POST
:authority
tr.snapchat.com
:scheme
https
:path
/p
content-length
363
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
https://oneoftfew.com
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://oneoftfew.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
Origin
https://oneoftfew.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/

Response headers

server
nginx/1.17.3
date
Mon, 27 Sep 2021 17:16:12 GMT
content-type
text/html
content-length
0
access-control-allow-origin
*
cache-control
no-cache, no-transform
set-cookie
sc_at=v2|H4sIAAAAAAAAAAXBgQ3AMAgDsIuQNiglOWdB7RUcPzuyKRCWCNnq/gx1yoglHfWN5My7w2s7y+f5ASpWJ80yAAAA;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
p
tr.snapchat.com/ Frame 56B3 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://tr.snapchat.com/p
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
POST
:authority
tr.snapchat.com
:scheme
https
:path
/p
content-length
366
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
https://oneoftfew.com
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://oneoftfew.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
Origin
https://oneoftfew.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/

Response headers

server
nginx/1.17.3
date
Mon, 27 Sep 2021 17:16:12 GMT
content-type
text/html
content-length
0
access-control-allow-origin
*
cache-control
no-cache, no-transform
set-cookie
sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIAgDsItIcCrTd0C4guNtUyMPo+QtlKz9TNyDog5m1PZLdg+boOESrR/+ulG3MgAAAA==;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
1x1.gif
a.mgid.com/ 		43 B
435 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.mgid.com/1x1.gif?id=507061&type=c&tg=&r=https%3A%2F%2Foneoftfew.com%2Fus-mcf-3%2F%3Ff8fcd024a0f1872d5ba2a0ef1e895e65&utmc=0&utmt=0&nv=1&utms=&utmcp=&utmm=&clid=&cmgid=0&cmtid=0&cmtuid=0&d=1632762972279
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 27 Sep 2021 17:16:12 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
695660e0df7a4ab6-FRA
p3p
CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
/
www.facebook.com/tr/ 		44 B
313 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=399694290689525&ev=PageView&dl=https%3A%2F%2Foneoftfew.com%2Fus-mcf-3%2F%3Ff8fcd024a0f1872d5ba2a0ef1e895e65&rl=https%3A%2F%2Fcloridepink.com%2F&if=false&ts=1632762972394&sw=1600&sh=1200&v=2.9.46&r=stable&ec=0&o=30&fbp=fb.1.1632762972393.1444646034&it=1632762972166&coo=false&rqm=GET
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.92.36 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-frt3.facebook.com
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 27 Sep 2021 17:16:12 GMT
/
www.facebook.com/tr/ 		44 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=399694290689525&ev=ViewContent&dl=https%3A%2F%2Foneoftfew.com%2Fus-mcf-3%2F%3Ff8fcd024a0f1872d5ba2a0ef1e895e65&rl=https%3A%2F%2Fcloridepink.com%2F&if=false&ts=1632762972396&sw=1600&sh=1200&v=2.9.46&r=stable&ec=1&o=30&fbp=fb.1.1632762972393.1444646034&it=1632762972166&coo=false&rqm=GET
Requested by
Host: oneoftfew.com
URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.92.36 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-frt3.facebook.com
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 27 Sep 2021 17:16:12 GMT
v9e118mez8
event.trk-aliquando.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-aliquando.com/register/event_log/v9e118mez8
Requested by
Host: trk-aliquando.com
URL: https://trk-aliquando.com/scripts/push/v9e118mez8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.77.189 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://oneoftfew.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/json

Response headers

date
Mon, 27 Sep 2021 17:16:13 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
expires
0
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RFHLwFd%2Fl7kvJvgZzkfY%2BgJk42cU3%2B07CPAtnRbFyxXejDARjKfeOXP%2FsonM2WCKXXKZzL6KqOX%2Fowh%2F4tiEs0eiFhRD4g4xgmOa09%2F9g0VvK15hb0TzQRrnhyzPC2CgdPnAkcsAZCbkA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://oneoftfew.com
access-control-expose-headers
Authorization, Link, X-Total-Count
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
access-control-allow-credentials
true
cf-ray
695660e49a402794-PRG
x-pushplatformapp-params
v9e118mez8
event.trk-aliquando.com/register/event_log/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-aliquando.com/register/event_log/v9e118mez8
Protocol
H2
Server
104.21.77.189 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://oneoftfew.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
content-length
0
access-control-allow-headers
content-type
access-control-expose-headers
Authorization, Link, X-Total-Count
access-control-allow-origin
https://oneoftfew.com
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials
true
access-control-allow-methods
POST
access-control-max-age
1800
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sFuQIAlQ7c%2BCRbppoSofGXVsN7oyok7dasH8zg7%2BDgSJWgaunt%2FCz9ttJLhmRWO4QC9t9jd9ySrkp6AXkf%2BoQ5LP3QAgIzMAaV0w%2B7GC1MHdnL85a4H%2BwfjyKW338LYLPxVlxtlxnoZ1JA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
695660e30d8b4108-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
v9e118mez8
event.trk-aliquando.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-aliquando.com/register/event_log/v9e118mez8
Requested by
Host: trk-aliquando.com
URL: https://trk-aliquando.com/scripts/push/v9e118mez8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.77.189 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://oneoftfew.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/json

Response headers

date
Mon, 27 Sep 2021 17:16:13 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
expires
0
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kj%2FHHs1gTRQmK2d1mUY2angFMTLEQFRRPJ8jPHoopVOpUD5s%2FrAVQbk%2Fm3oq8DJgVq3heUBPhYnXpG347hbn4luNKlofkCdHpRkS9wcgMKFCWOgm%2B89Qm0MiOVx9zKPKZ%2FoPRNx1W9gnxA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://oneoftfew.com
access-control-expose-headers
Authorization, Link, X-Total-Count
cache-control
no-cache, no-store, max-age=0, must-revalidate
feature-policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
access-control-allow-credentials
true
cf-ray
695660e49a3e2794-PRG
x-pushplatformapp-params
v9e118mez8
event.trk-aliquando.com/register/event_log/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-aliquando.com/register/event_log/v9e118mez8
Protocol
H2
Server
104.21.77.189 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://oneoftfew.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Mon, 27 Sep 2021 17:16:12 GMT
content-length
0
access-control-allow-headers
content-type
access-control-expose-headers
Authorization, Link, X-Total-Count
access-control-allow-origin
https://oneoftfew.com
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials
true
access-control-allow-methods
POST
access-control-max-age
1800
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWmNUC2KIQoBTCW7TZP9sGZXf0ldr8wAIOu6A3e0gJ%2Fn5q21OPKW3NbbzWLnuXbH9EwgoYg3DGGi4V01%2BW%2FCmODRaaFArGaldWG5a%2FDdAvfUmZqYQ7GpT71102RxqHw4WJ0Q01OEi3%2BDKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
695660e30d8c4108-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=399694290689525&ev=Microdata&dl=https%3A%2F%2Foneoftfew.com%2Fus-mcf-3%2F%3Ff8fcd024a0f1872d5ba2a0ef1e895e65&rl=https%3A%2F%2Fcloridepink.com%2F&if=false&ts=1632762973896&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Get%20Protected%20with%20McAfee%20AntiVirus%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.46&r=stable&ec=2&o=30&fbp=fb.1.1632762972393.1444646034&it=1632762972166&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
31.13.92.36 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-frt3.facebook.com
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://oneoftfew.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Mon, 27 Sep 2021 17:16:13 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority
u=3,i
expires
Mon, 27 Sep 2021 17:16:13 GMT

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster function| change function| replaceUrlParam object| MYCALL string| pub function| fbq function| _fbq function| snaptr object| r object| MgSensorData boolean| triedToSendCookieToNative object| WebJSBridge object| scpixel object| MgSensor function| MgSensorInvoke function| MgSensorInvoke0 object| _mgq function| _mgqp number| _mgqt number| _mgqi object| _mgr object| _mghl function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore object| regeneratorRuntime object| JSON3

11 Cookies

Domain/Path Name / Value
sc-static.net/scevent.min.js Name: X-AB
Value: 0d6e407936704bd380072f5891d28b0e
cloridepink.com/ Name: uid2546
Value: 612126966-20210927131611-4bc7106784929d88713e33ccfb38fe2f-0
currentfunction.com/ Name: PHPSESSID
Value: 4fbd861e1b6768771ea585b4fcc3038b
oneoftfew.com/ Name: PHPSESSID
Value: dfb802c0b01771053617db87c45130cf
.oneoftfew.com/ Name: _scid
Value: a2206984-434f-44e8-81e1-2954aa1133db
.mgid.com/ Name: muidn
Value: l8rcp0uey6ga
.mgid.com/ Name: __cf_bm
Value: 5e8efa1365af021076efda5157b86b46ad7d5c75-1632762972-0-Ac9CheeFcgBZK/rnE+9ObLPffL/PmtYLnjzlY8l//enjzECeEytJxOZ5npFi9+vxkrbArH36MtgFT+c8B4zGiWk=
oneoftfew.com/ Name: MgidSensorNVis
Value: 1
oneoftfew.com/ Name: MgidSensorHref
Value: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
.snapchat.com/ Name: sc_at
Value: v2|H4sIAAAAAAAAAAXBgQ0AIAgDsItIcCrTd0C4guNtUyMPo+QtlKz9TNyDog5m1PZLdg+boOESrR/+ulG3MgAAAA==
.oneoftfew.com/ Name: _fbp
Value: fb.1.1632762972393.1444646034

1 Console Messages

Source Level URL
Text
other error URL: https://oneoftfew.com/us-mcf-3/?f8fcd024a0f1872d5ba2a0ef1e895e65
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.mgid.com
cloridepink.com
connect.facebook.net
crystals.com.de
currentfunction.com
event.trk-aliquando.com
fonts.googleapis.com
fonts.gstatic.com
oneoftfew.com
sc-static.net
storage.googleapis.com
tr.snapchat.com
trk-aliquando.com
www.facebook.com
104.19.133.78
104.21.50.24
104.21.77.189
104.21.78.202
142.250.185.234
142.250.186.35
143.204.98.115
144.126.218.96
193.124.15.34
216.58.212.176
31.13.92.14
31.13.92.36
35.186.226.184
05b3a277980f5493f1feca82a6493c8dc83f5a43dff796736559be1077ccec1f
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
438ed1e3939209a37d034e3de46b6d6751dad04fce25e345e54de98440ca266d
43fccd349655df7497727c1c95d4fd97033f8aaf649067cbafb2b6d2751cf340
95958f0c4313f0a2e0351037c53cb8ad529a35a8f8acce02e63aefc630cca3f5
a92b99b413aa8afe65e9a4943c148fdedab142e7b913dafc52a040d850a5b197
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ab43cf929d649dba8ce38c92dec4849c8049b678fec9942ae08df5ca57757280
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
b127181486c082afd048feabd5f69153c3993ccccc57085e4018609ed68f43c3
ba3d77e0be4f968f93a865602a9d4c51631083244a570b7a31690cc9e414a253
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
dcad4e540b077a7b7b705f177cea01553d25256a487fed9f05edd359d15dba45
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6dab0e01e7ec2aeee2c27dcc8810858180477f98eefe399e717bd1b883f45ee
fb491e2aca01081c812645fa7c5c20e8f379f3f49dfe88c938b5cdf6d7c9b918