642retrieval.ga Open in urlscan Pro
2606:4700:3031::6815:47f8 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Submission: On June 11 via api (June 11th 2021, 4:40:33 am UTC) from JP

Summary HTTP 166 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 6 domains to perform 166 HTTP transactions. The main IP is 2606:4700:3031::6815:47f8, located in United States and belongs to CLOUDFLARENET, US. The main domain is 642retrieval.ga.
TLS certificate: Issued by R3 on June 9th 2021. Valid for: 3 months.

This is the only time 642retrieval.ga was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tech Support Scam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
96	2606:4700:303... 2606:4700:3031::6815:47f8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
17	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
166	9

96 2606:4700:3031::6815:47f8 (United States)

ASN13335 (CLOUDFLARENET, US)

642retrieval.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
96	642retrieval.ga 642retrieval.ga	2 MB
25	gstatic.com fonts.gstatic.com	193 KB
20	bootstrapcdn.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com	539 KB
10	google-analytics.com www.google-analytics.com	96 KB
10	googleapis.com fonts.googleapis.com	7 KB
5	googletagmanager.com www.googletagmanager.com	176 KB
166	6

	Domain	Requested by
96	642retrieval.ga	642retrieval.ga
25	fonts.gstatic.com	fonts.googleapis.com
10	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com 642retrieval.ga
10	stackpath.bootstrapcdn.com	642retrieval.ga
10	maxcdn.bootstrapcdn.com	642retrieval.ga maxcdn.bootstrapcdn.com
10	fonts.googleapis.com	642retrieval.ga
5	www.googletagmanager.com	642retrieval.ga
166	7

This site contains no links.

Subject Issuer	Validity	Valid
*.642retrieval.ga R3	`2021-06-09` - `2021-09-07`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Frame ID: 3077FA09BE6AA5B6C1ACFD560DDC63BF
Requests: 171 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

166
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

9
IPs

2
Countries

3250 kB
Transfer

5263 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL
https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

166 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 27 KB
11 KB 219ms
201ms Document
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 838be9174158c44d15a2558ec3ec8ef346d59a3409ebbdd4003a2213fff94c26

Request headers

:method: GET
:authority: 642retrieval.ga
:scheme: https
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-type: text/html
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 0a9af7f8dd0000c2efa7a26000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Klf%2FLnSqVBMT7MiOsf%2F9SNhS7A7dZkPpVIsnI2JvGkktuEIi3fygxFaoEMP6630DfaO%2Bka%2BNmulC707QASGVuvv6lHOyASHmrWX451Y236jheM3BS0zAp3VXPN6Fjq91KefBNMF40YG1"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65d82907c958c2ef-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 1 KB
514 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:22:18 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:15 GMT

GET
H3-29 200 style.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 215ms
203ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75d0898af3d149b79084e1e6cfa046da47d3dbcc6c103bf35932c4d7c9618480

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7f9b50000177ac8baf000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: W/"60c29df5-7c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=n7%2BiziSxouBYuC4rcJ4F1tQ7S3pSpsyZU3Ik3pDbQmQRE9BJnQHAi%2ByBwwmjX95wJAoCdMcc%2BZ0ZUoTxZWTuOL%2FWZ281i%2B86KBttObuiap0lpDoJu46AyAiZA%2BOeKMXm2fX4acqp7CHc"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8290928cc177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
6 KB 15ms
14ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617, 617
age: 6939583
cdn-cachedat: 2021-03-11 11:58:04
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7f9ab00004df45a876000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: af3097212757f6b13d804a73f5f188bc
cf-ray: 65d8290918d84df4-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 157 KB
21 KB 17ms
16ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 6
cdn-cachedat: 2021-06-08 16:51:35
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7f9ab00004e19e09a8000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 7767b72206874bab7cadfa75736ed7a6
cf-ray: 65d829091de04e19-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 59 KB
14 KB 23ms
22ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 6
cdn-cachedat: 2021-06-08 20:50:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7f9ab00004e192a086000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 479a46410b7b613e44b5c7c7a10efb74
cf-ray: 65d829091de24e19-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 pop.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 10 KB
3 KB 212ms
200ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0685c4b3332ef18d007ce13a6543d7ede43d6b748419a038e7bd783c9e4a72db

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7f9b60000177ac99b1000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: W/"60c29df8-2805"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hcT%2FOawOLdcqM%2BiCeN3kFgco17kjMLf09lMnP8fndzkVRYcZWwwEzcNmFNqjpcR3xQQyHAFJF%2FLl%2F3mZgG%2FI9FeMww55uBD%2FfCFRTZBWhYPjh03lNLonNNuUZPrvBUyQdRTAA%2Fc%2FjtX%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8290928d1177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 85 KB
29 KB 237ms
225ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6333ca0936bbf247b1c47eb69f76e19eef3aeff5a8a1b592f31c17f254bfef8c

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7f9b60000177aeb3d8000000001
last-modified: Thu, 10 Jun 2021 23:19:21 GMT
server: cloudflare
etag: W/"60c29df9-1539a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dZmEz1tetG9OoIJz3r1wytUYNbB3C8HiKpNZwCoUadPybhc6xnEOQvq7uCjS72oV0Hy2Er4qtoF%2BxKmYNE64Gz4pYBbdQJ9MzjcoN%2FMQ31dGwICfRFJ4My73%2FfCS%2BHI6SZE8snwPx18A"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8290928d0177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 screenfull.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 209ms
198ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16861757a5b0d72f3333bc0955f7d3447b6bcb15254308d47893659802b8457e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7f9b60000177a9504c000000001
last-modified: Thu, 10 Jun 2021 23:19:19 GMT
server: cloudflare
etag: W/"60c29df7-7e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yCN7gHa12vkaiMQQU5rIaHqNypzurut9BTnZ8O45eOqoBdqYWANV6eeGVOxSgpzfVPmjUR1zMZbO%2FiIKcSFVmbf84I8j17MLr0XAtY4R%2F9Z2yZP4amJ7%2FYXgub%2FUyDkq6qoMqG7gYJq2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8290928ce177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.jpg
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 191ms
191ms Image
image/jpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70249b342aecd9e3d2367aea39df606e92562f9d7945ad8849b36cd3e3a85a1

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2004
cf-request-id: 0a9af7fa860000177a9e97a000000001
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
server: cloudflare
etag: "60c29df1-7d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l%2B5ynr5afRx1LI3Vi7k2YXN8fNBmKfD1eMOZ8PPXPDgBh1dOkvI2cGuO1W3W5Q%2BSHjN4ccc3A1IzFrAcgDswg1DH0JTAj0Nx2YMwpab8L%2F00aRFiyNCYxACD1VaUAEcsoLr78a5IETtc"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290a6aa9177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 cut.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 1 KB
2 KB 651ms
651ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d25cf2403704d5208d662af4ef703d424cedeac253a43a1aec6e60e0db43837f

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1192
cf-request-id: 0a9af7fb420000177aa309a000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-4a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JGvzCMOgw9ljH%2B6fbVq9xcGJhHKTSIqp%2Bd%2FtTPzwKS85W6bfgE7JVqHZLNSt7FvlEtkDbFE4bHPVg4%2B07JGyR1X2sd5sxE3Rrpw4GRc9d9z5Jpe6RKTzBkjXBrv2DOS%2B8ayFtwb%2BroLk"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290b9c4a177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 minus.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 945 B
2 KB 202ms
202ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b6c8e23b2a2c49ac71393cb3e1740b7e2fccaa310ee06b68ca27b693d133f8e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 945
cf-request-id: 0a9af7fb4d0000177a71824000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-3b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2Fj64iA4GRkMtMML6PlPiw%2BfzHX21clFqSdKWEVjLuL6L6fglTMGyb3kYidg8baeEmp1F0qFmh%2FNrQfo32Y%2BBP8GxC8qXaFa4y6vTlSNdv9EluJaLzG8lvcRZZsWEMCYGCG3Lf5O3kTYF"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290bac63177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 background-2.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 378 KB
378 KB 262ms
260ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de9fbe2de348e17bd4948011260ef297c4102b69068692daaba02bf632acd291

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 386648
cf-request-id: 0a9af7fb6e0000177aa309c000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: "60c29df8-5e658"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4AuUePaOorykhPORVjK%2FQ1DO2yxBBsvjTp2q5w%2BMea5l7g81JXO4hiYR%2B%2BbOZukXB9DGaul6OhHJp5yxE64Hwn0L%2BKbCZEHDXJa%2BReYEn%2BWGsp7Rgh6DS2TrCXhWYmng4%2FmU1DjP%2BHzV"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becb2177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 set.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 364 B
993 B 181ms
179ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 364
cf-request-id: 0a9af7fb6e0000177a89b76000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-16c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QWmgRyC4xrUbFvQd2ie%2B7avKHHPnQ71YaHRGsWwRbSGI6HEG6YUz0BWQGlfTL7YkTw18%2B77VEpY9YDfGqN1%2B%2Bplf22o6OIQ5a3ZBTHu1w6YamvzXjkqt7mCjUs%2BudsuTuKfYgdknBYeN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becb4177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 help.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 349 B
977 B 217ms
215ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 349
cf-request-id: 0a9af7fb6f0000177a9a246000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-15d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=UO7nMK09fxsEMod%2F%2BS15Eer4hswi98hbJFEElez6RXoPXhY3QSGS7VlVPpxz8AXI8l%2BX26DHWRx9bUE1AgSDpy1WEBZwW9Hhq5j6m4nbQW5TfRzPfxHHcrR%2FrHXHkp5M82irJ8ZDosPF"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becb5177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scan.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 723 B
1 KB 175ms
173ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0f52d9433540bafa2f05fc3c04839b4990c2ce5ef718975a8d4eef9866f06be

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 723
cf-request-id: 0a9af7fb6f0000177a6c985000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-2d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3Ox%2BeqEPorEOCsqj4dRUmSRERHKU6r7BbxnNPTRM49B2LBQXHt1LcD3mGcHu3HVQPTV1b6bKgrGz0IbNOYiZJobRKS%2F0xsm5R8SJ%2BVeFJEGqI0yHPyySSDKLY%2BIY2HEWlLqjO1qkiJMR"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becb7177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 time.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
3 KB 183ms
181ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a8b8ab6fef6a243e7a03d0c260a525a50df879953b26c34b83e97c61d36001b

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2760
cf-request-id: 0a9af7fb6f0000177a738ba000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: "60c29df5-ac8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2cDDNG7i7ITiLTDqUylqsXKThhaUSEfoVISyUk9HrFfGHk4E%2B19UmReRoOx%2BwSRnIUcG1Ddw2D4ni7%2FfkmnFbtUCzOaeYhQbOxTNbjpU3flnAI1muwcZkPM9L6qWMdAAo%2BjrU0LnulOu"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becb9177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pro.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
4 KB 181ms
179ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da198edcbb6e4845e1b27930e433a0fa776f3a9eec26dabd758b0d3d06edab61

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3028
cf-request-id: 0a9af7fb700000177aaf332000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-bd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=N3Kq7hI3l4MuhCulDEeB7A9%2FfpL8XYYR%2F8lHZ51DD48hSihr8g5PknFUnhTtE%2FTEf9bE5BSZBZP5DYmWcmcUpr1%2BFrl9LUhcNmS8WBdeRs3Btai1hW8b%2BWhWAOQONr1BxCxnj4xacucW"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becbb177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 mic.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 182ms
180ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f63a29085e0086c93e316ac91ea971ca7ff5f925e0327ea9b006c15c793d38bb

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2555
cf-request-id: 0a9af7fb700000177ac01a2000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-9fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JAg4nDDdwHG2ImrHL7o%2FvnLniBzLqVtzGv5h6BmgnzHkubHgntKGPMX4LVZBB%2Fxe25Oa1o3GzG80Vc6jhyezUQvMO2bUQEZQz8dPm2UQ3GSi06atKVt1iT3PJF69E0NwoRSbjos%2BMJyR"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becbe177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 977 B
2 KB 198ms
196ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 977
cf-request-id: 0a9af7fb700000177a71826000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-3d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZZcz6Bdn6xxU%2FWb6pdZg%2FjLcHAwK1Ph9MH3jZ3XFJ%2FPSXZNL%2BIsTaBh%2BbWQJdOW%2FCqbXulz3zbid2%2BI45OzZ%2FYQiKNd7FdhXQoEIqqa9jY4Y8DPq%2BVQhV75Dw1Ub72gHJYVadMTnpd4P"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8290becc0177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 16ms
14ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cf62f979316b022634fc2c671ff6f8c731cf6205bb70e5069bf0dfc3c6ebb6ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36062
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Jun 2021 04:40:15 GMT

GET
H3-29 404 css.css
642retrieval.ga/ 0
0 202ms
202ms Stylesheet
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/css.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /css.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:15 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 10 Jun 2021 23:18:01 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=j%2B29AcU5G2qbPtru%2BpuYLQuzN503tlAKQM4E%2BSDAmMJRFHgOoqFZrVN18bycc7A25UBChHvfm%2BTbZNKIKbk84H9u5AgAkUZAQpLN7LB5tqfvjd12YH8Ol1UbErGRc6P7DOGglJMEvvJF"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65d8290a6aaa177a-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af7fa860000177ab1b6f000000001

GET
H3-29 200 css2
fonts.googleapis.com/ 19 KB
907 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05a55848815c20ac9e0c5df2732b2ce6b0c12018dec636956bd3f792c06c4aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:26:36 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:15 GMT

GET
DATA 200
OK truncated
/ 309 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0531410bc1f8a477f7305af86f43dabcd10be9a3742e6e26ce6d3ed4f6a8425

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:25:12 GMT
x-content-type-options: nosniff
age: 209703
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 18:25:12 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:48:38 GMT
x-content-type-options: nosniff
age: 197497
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:23 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:48:38 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:28:26 GMT
x-content-type-options: nosniff
age: 198709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:28:26 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 14:59:05 GMT
x-content-type-options: nosniff
age: 222070
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 14:59:05 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:02:10 GMT
x-content-type-options: nosniff
age: 214686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 17:02:10 GMT

GET
H3-29 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 65 KB
66 KB 34ms
33ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
cdn-edgestorageid: 723, 617, 617, 617
access-control-allow-origin: *
cdn-cachedat: 2021-06-08 21:35:39
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66624
cf-request-id: 0a9af7fbb400002ba162814000000001
timing-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e9724039cf930044db00c3fe573acbf5
accept-ranges: bytes
cf-ray: 65d8290c4d3e2ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 206 alertmicrosoft.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 66 KB
0 189ms
189ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
pragma: no-cache
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: audio
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-216737/216738
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 216738
cf-request-id: 0a9af7fbba0000177aa2258000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-34ea2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=j3Ck%2FN27KjR5bxZC875jE%2FCDlLnFN25XyWWRr0c6ZcqyPHk8S3%2BKhbWfU8Pmk6W3O6sDL1ou9BB1yXiCRWOxzgs091zPVxTIY2GelJQYycHFBQXAlKQ0g8cATePQAGxCspeYg3zvr4nh"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8290c5d8d177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 206 warning.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 13 KB
14 KB 716ms
716ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
pragma: no-cache
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: audio
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:16 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-13668/13669
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 13669
cf-request-id: 0a9af7fbbd0000177aac372000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-3565"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=AqlU%2BdEN226j%2Feudb1HEqGlNhwLRzH%2FdnYmqKSncDDdExXwVJFI9988OdVoqK5nytJgW3XnT9B8cR9Zw4L6lbXZSeis5%2BpoUa3EttldwLfE9H5ofKNI4AxK4uk4eoX4bIreZaV%2BYJNqk"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8290c5d8f177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2375
date: Fri, 11 Jun 2021 04:00:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 11 Jun 2021 06:00:41 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=951554081&t=pageview&_s=1&dl=https%3A%2F%2F642retrieval.ga%2FWin-E-22Oc0_2475_IEDGE08279-1.hhlyf88%2FPVkfsdbfMSdFFhfj1188%2F&ul=en-us&de=UTF-8&dt=%3Ctitle%3E**%20%E3%81%82%E3%81%AA%E3%81%9F%E3%81%AE%E3%82%B3%E3%83%B3%E3%83%94%E3%83%A5%E3%83%BC%E3%82%BF%E3%81%AF%E3%83%96%E3%83%AD%E3%83%83%E3%82%AF%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%20**&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=102221743&gjid=1024934407&cid=1159906311.1623386416&tid=UA-179488279-1&_gid=1834396702.1623386416&_r=1&gtm=2ou690&z=1378489767

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 11 Jun 2021 04:40:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://642retrieval.ga
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 27 KB
11 KB 193ms
192ms Document
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 838be9174158c44d15a2558ec3ec8ef346d59a3409ebbdd4003a2213fff94c26

Request headers

:method: GET
:authority: 642retrieval.ga
:scheme: https
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Response headers

date: Fri, 11 Jun 2021 04:40:18 GMT
content-type: text/html
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 0a9af806660000177aa3145000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FpwhAdxDNJ9UVrNCODTHTRLVSal9WU%2B%2B0tTexOAQ48VPbXNwCy2colnGFa2Okhh4eN4sfFP7yiu6RmWiWXMKo0ecj95auPitjvtoYxlMDqb4Qc%2F5DaXblWWbj8KXeCkY4qmJaBAuLJpL"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65d8291d6f2a177a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 css
fonts.googleapis.com/ 1 KB
418 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:16:31 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:18 GMT

GET
H3-29 200 style.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 18ms
16ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75d0898af3d149b79084e1e6cfa046da47d3dbcc6c103bf35932c4d7c9618480

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af807300000177a89826000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: W/"60c29df5-7c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8H3OlBqWE9VADNQVo%2Bfqw4vjWSz6udfPpXC3pm2wau2aJ0GVE6b2ec%2BMdyREsbfCejJ36%2BdDMI7xSOXIK%2Bzk2OWEsBkdKRhZAnB1BaGjQLeCj1nXhpCI8cr7RKEDVGZleUPo%2FRBqwRG2"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8291eb8e4177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
6 KB 28ms
17ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617, 617
age: 6939587
cdn-cachedat: 2021-03-11 11:58:04
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af80739000097d2752ae000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: af3097212757f6b13d804a73f5f188bc
cf-ray: 65d8291ecbd097d2-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 157 KB
21 KB 20ms
18ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 9
cdn-cachedat: 2021-06-08 16:51:35
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8073200002ba1b7369000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 7767b72206874bab7cadfa75736ed7a6
cf-ray: 65d8291ebdfc2ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 59 KB
15 KB 18ms
16ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 9
cdn-cachedat: 2021-06-08 20:50:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8073200002ba157b4f000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 479a46410b7b613e44b5c7c7a10efb74
cf-ray: 65d8291ebdfe2ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 pop.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 10 KB
3 KB 16ms
14ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0685c4b3332ef18d007ce13a6543d7ede43d6b748419a038e7bd783c9e4a72db

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af807310000177a9ea41000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: W/"60c29df8-2805"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=guGWgKi88BwOrVqYIWKu68F5eUGQ3%2BfKXzjMl3igaL4LNAPCHC4BlrDlZDsO%2FKSjRJzY70oYqYLKs4H0RGSnRpjqW4cZjzP9Vh87wvvmPvQaAU3SlqMkWiLQXNjcWjdOAu1SJPUeael7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8291eb8e6177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 85 KB
29 KB 21ms
19ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6333ca0936bbf247b1c47eb69f76e19eef3aeff5a8a1b592f31c17f254bfef8c

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af807310000177accbd6000000001
last-modified: Thu, 10 Jun 2021 23:19:21 GMT
server: cloudflare
etag: W/"60c29df9-1539a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ArduAOupWJjjrrpyJUwhDtze9HY8WqnlsQzNist0fR%2FC24EzeMBpU61Yb1lrKp5dIVRKXpi7LPgCFBTp8nyRZyHBYaWJwbbpZ4sbu%2F60X52FFsFLkyRwksi1et6%2BftHbT1PkLm7WCjag"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8291eb8e8177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 screenfull.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 19ms
18ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16861757a5b0d72f3333bc0955f7d3447b6bcb15254308d47893659802b8457e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af807310000177a91b5a000000001
last-modified: Thu, 10 Jun 2021 23:19:19 GMT
server: cloudflare
etag: W/"60c29df7-7e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=g0yHuryRd5VMKWrxk0FSZiBYajuG1INU%2FO1vKwXw8EkDzi43XPanH9AagwGqBQETDqdunrhGSwU%2FNrJpSSg3k91MOR4eg%2BGZ2wI15OhjpgZiGk%2BYCMyUd%2FaaSO1VSAkOi4p9deVaeOfm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8291eb8eb177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.jpg
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 18ms
17ms Image
image/jpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70249b342aecd9e3d2367aea39df606e92562f9d7945ad8849b36cd3e3a85a1

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2004
cf-request-id: 0a9af8074e0000177a77140000000001
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
server: cloudflare
etag: "60c29df1-7d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=imjmXexuH2dO1NyswWgKdARmiU3AtrU8lHZtsPQSjp9O9qIHO96SMwyxyaUheEPWbEgRSFNsaos3K5DWXXdvvUhgRiIvjEZXX0JPPfwLuS8fM1brjdqUmeX7QXyXnUY5fFqS9zD6Rrva"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291ee93b177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 cut.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 1 KB
2 KB 16ms
16ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d25cf2403704d5208d662af4ef703d424cedeac253a43a1aec6e60e0db43837f

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1192
cf-request-id: 0a9af807590000177ac025d000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-4a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7cAzbtEeo1wE5fCNmlJGmi5kh5gsF930EEvgrvmkTSOigWYBf9tJpvu3sj07aULEM5duxQte%2B8%2BdRbJerwhT5GkjmPuyX4epj90uN3TECcD8%2B8cBKwOCHGV14UdlKs7oYFE%2B2LN5Df9J"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291ef970177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 minus.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 945 B
2 KB 14ms
14ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b6c8e23b2a2c49ac71393cb3e1740b7e2fccaa310ee06b68ca27b693d133f8e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 945
cf-request-id: 0a9af807670000177ad1b02000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-3b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=oTVR2ppt%2FWW8hnAoE4Id7T1hGwoCIB948J6Uq3TaJzKuhA6CvjMSqHIVYu4E6PldEdhaG9fzylQIsCqYoL%2FLgTNHrexy0vqoiEQBq0gEjMG6Op4aGFNdvl24FyQvZBcReh0lL1d5gAWD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f09b9177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 background-2.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 378 KB
378 KB 22ms
22ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de9fbe2de348e17bd4948011260ef297c4102b69068692daaba02bf632acd291

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 386648
cf-request-id: 0a9af807670000177aaf3f3000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: "60c29df8-5e658"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=EEswvcczrfaYf7ol3Td7g9XZMZY2V1MBEcp6CKFEziivoh%2FJkNGoPFd%2FMtnROZKQZeaTLQvfGBO93LF7omyu%2B333yeCvj1iLuHl%2BlPNjc8zzcOawoRxbzHCJ3jROmCUNqNuz1J7wf3bg"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f09bc177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 set.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 364 B
990 B 44ms
42ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 364
cf-request-id: 0a9af807730000177ab6a3f000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-16c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XC%2Bb7wXfxnwr7zTqDKZcEyqcuHkZZGwd1R4bT4cBJA9klnEyC7mD2PoZKQUcdJcIln8FHnS01v5ttjx9DUDVbhrYEeI2Xi0KoLLRdAunnGasrsl6XwgSENF7aUmE7OpMDHKRsuQvhzU5"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f19e5177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 help.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 349 B
980 B 44ms
42ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 349
cf-request-id: 0a9af807740000177ad6a6c000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-15d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SdpeGYweQvcY1nHbu2esdBU%2FMdkzanFa52%2BNJJv5%2BgomA1oAd%2FhN9oWXVAkRQT6wMiXJKjaQS9sczTCT4DWWU4WmLCQa0yA89w44DbIcnVyG5UV%2B9is92gAa6HOu58fSb7nRwoZ%2F5gkq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f19e6177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scan.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 723 B
1 KB 45ms
44ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0f52d9433540bafa2f05fc3c04839b4990c2ce5ef718975a8d4eef9866f06be

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 723
cf-request-id: 0a9af807740000177ac0261000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-2d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GRWWGl54FmHa9DrJpWmEQXL2OztE5JeLCQjHmfH%2BNRMDjOVMpMTAiil3%2FetehhPwKL61M7nXaq0awGKpPrLTOy8v6Jl%2BCkIWezDdIObFzyFq3CDeKucTMP6N4Dvca%2F6IpOevKq4LvXW5"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f19e9177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 time.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
3 KB 46ms
44ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a8b8ab6fef6a243e7a03d0c260a525a50df879953b26c34b83e97c61d36001b

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2760
cf-request-id: 0a9af807750000177a9ea48000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: "60c29df5-ac8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ByuMqu3o%2FHojegJDcAMyZGSES2495ZGCr9EHoc1aa9hGl%2BkL7c5%2FaX8OfmYiGMWjnquAYg9OuIhinuh9xBqUZldBG%2B5QK5aIYQ0G6SOOcCh2ZXTSxGf9uqwkF0NMrw84r7XJu4XjyHL0"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f19ea177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pro.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
4 KB 46ms
44ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da198edcbb6e4845e1b27930e433a0fa776f3a9eec26dabd758b0d3d06edab61

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3028
cf-request-id: 0a9af807750000177ad9120000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-bd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Zp6K4I2V3UdW3fE9cxihTw2tZGRXhyokOEDd1YzJsSrpBb6LtE8YiFo%2FwiA6laj8pF9ooAdP4sAfAqUSi4Y7wtIcitGOz3maiPTPqikuqqGtB1M5EbOvig%2FoyPo%2BELvd7ELBGCYVCrIC"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f19ed177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 mic.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 46ms
45ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f63a29085e0086c93e316ac91ea971ca7ff5f925e0327ea9b006c15c793d38bb

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2555
cf-request-id: 0a9af807760000177a7b036000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-9fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=53Q6gOX6T4KhYqwjVttxNs%2B654mht1SAL6cLxN4c4bx7feqX1fR435V%2BGjdhI%2F5LBLgx1wk4e1I60Je2hbhLTurA4luBkjiV4v94GTKQyCvN83BZ0Zl2hTv058Dn0v2wOKboBVTCbpCX"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f19ee177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 977 B
2 KB 46ms
45ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 977
cf-request-id: 0a9af807760000177abd365000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-3d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fKIiNT0x9f9fVh5HcjGzGq2b5V2i9AnLAZinaCJzkYGRX%2B5FjxlgWDUXcGOynEJAd0Nn4Ty8yPpxUtccwxOAzrn6Wr4%2BwQI3VfyR%2Bei5W4A3zD1q8gxyVVcHMtsMDLPJpjG%2BGTKy%2FvIb"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8291f19f0177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 24ms
21ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b59630aa8075df2e3a9ed299d54f02dbe8b35998a0ef8414ff0caeb2137920bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36065
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Jun 2021 04:40:19 GMT

GET
H3-29 404 css.css
642retrieval.ga/ 0
0 12ms
12ms Stylesheet
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/css.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /css.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 10 Jun 2021 23:18:01 GMT
server: cloudflare
age: 4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TI7Tdp2h%2FaetSEh5SBkNmU1VPmSju%2BC1XZneIaBSevyMj6fMIl9Zf4bN71D9HyRzcBSw%2FTEua%2FIiMYu%2BY%2BxTs5s2QB%2Fg6SRS3XZ56OlpvOSgJhtwWyNtEMYxQqJ3OVoFuYZRGVPD%2BVsM"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65d8291ed92d177a-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af807480000177aab8b2000000001

GET
H3-29 200 css2
fonts.googleapis.com/ 19 KB
907 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05a55848815c20ac9e0c5df2732b2ce6b0c12018dec636956bd3f792c06c4aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:21:40 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:19 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:19 GMT

GET
DATA 200
OK truncated
/ 309 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0531410bc1f8a477f7305af86f43dabcd10be9a3742e6e26ce6d3ed4f6a8425

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:25:12 GMT
x-content-type-options: nosniff
age: 209707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 18:25:12 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:48:38 GMT
x-content-type-options: nosniff
age: 197501
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:23 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:48:38 GMT

GET
H3-29 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 10ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:28:26 GMT
x-content-type-options: nosniff
age: 198713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:28:26 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 11ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 14:59:05 GMT
x-content-type-options: nosniff
age: 222074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 14:59:05 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:02:10 GMT
x-content-type-options: nosniff
age: 214689
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 17:02:10 GMT

GET
H3-29 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 65 KB
66 KB 49ms
46ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617, 617, 617
age: 3
cdn-cachedat: 2021-06-08 21:35:39
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66624
cf-request-id: 0a9af8077f00002ba180adb000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e9724039cf930044db00c3fe573acbf5
accept-ranges: bytes
cf-ray: 65d8291f3ebd2ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 206 alertmicrosoft.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 6 KB
0 202ms
200ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-216737/216738
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 216738
cf-request-id: 0a9af8077f0000177a6c21a000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-34ea2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ez4u1kVsT5OAYVBuq2rEznIvC1enSef7GLtUHr%2BxfyEQILJKY6AuMdymOUKPYjrTq688%2B5uhp24mx9q9zqSKyAx2S1LVzk1aS8jDqLnj%2F2EpzcAGGWQiset6gQ7NuVVzpCwknfJmeBlD"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8291f2a0e177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 206 warning.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 6 KB
0 189ms
188ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-13668/13669
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 13669
cf-request-id: 0a9af8077f0000177ad6a6d000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-3565"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BMUiJY3zRahPijrXJ%2BXmtrGt7jXEbE3PMXF5FUlZp6c5j8%2FZqjSXs4tPDugwt6VEXPFo8AN%2B0QqhEfNL0WnCbb5QGabZOgbSOczpuq1Fdd50eCgRCWsOdDyFRp7BEpe5W9jzU%2FIpDR%2F5"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8291f2a11177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2378
date: Fri, 11 Jun 2021 04:00:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 11 Jun 2021 06:00:41 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=332142490&t=pageview&_s=1&dl=https%3A%2F%2F642retrieval.ga%2FWin-E-22Oc0_2475_IEDGE08279-1.hhlyf88%2FPVkfsdbfMSdFFhfj1188%2F&ul=en-us&de=UTF-8&dt=%3Ctitle%3E**%20%E3%81%82%E3%81%AA%E3%81%9F%E3%81%AE%E3%82%B3%E3%83%B3%E3%83%94%E3%83%A5%E3%83%BC%E3%82%BF%E3%81%AF%E3%83%96%E3%83%AD%E3%83%83%E3%82%AF%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%20**&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=1159906311.1623386416&tid=UA-179488279-1&_gid=1834396702.1623386416&gtm=2ou690&z=1857704127

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 19:44:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32139
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 206 alertmicrosoft.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 34 KB
0 185ms
185ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=65536-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=65536-

Response headers

date: Fri, 11 Jun 2021 04:40:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 65536-216737/216738
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 151202
cf-request-id: 0a9af8085d0000177ae8b5e000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-34ea2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2B%2F47A%2BH5whdjGavpMbLcRt3sBMwmslFafEaTiDa7p3%2BCrg8sgXaHZTBgskgmqSmfSWsBjYRFvFSVZa%2F0aPvVoF9KtP7TFkf7S3jltZDTJpVO1isYZbNBrAbCz00%2FwnUCtKpVkUVkBVPg"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d829209c03177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 / Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 27 KB
11 KB 191ms
191ms Document
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 838be9174158c44d15a2558ec3ec8ef346d59a3409ebbdd4003a2213fff94c26

Request headers

:method: GET
:authority: 642retrieval.ga
:scheme: https
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-type: text/html
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 0a9af8101b0000177ae09c9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=B2CSOYAQYi%2B5h789eyXn9%2Fa963X4vtQJPTpuuW3oDT4162lYynrC6yg3m216HDtnEmUYHXSuT2TeEDr4ZI%2BS18VVy8lcl2Jp7oIJwrhzaIYz8%2FY%2Fcc5gL67fbeuQ3q5waR966wSjEzF1"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65d8292cfd69177a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 css
fonts.googleapis.com/ 1 KB
418 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:24:10 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:21 GMT

GET
H3-29 200 style.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 13ms
12ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75d0898af3d149b79084e1e6cfa046da47d3dbcc6c103bf35932c4d7c9618480

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810e50000177aa31e0000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: W/"60c29df5-7c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=v6RIxg%2BhhVVNIjGO9LvwerCa22zMR7FtMYNFu%2FSXX%2Fucp7sgEqtiUHxx3QHeZZUVwxIKbdubAYJeiLVa8LQO3b1xgJ5mY3xbz0HWt1NN1wg%2FpJqYsUiRYO2UkDhmB1YJc%2FpoDRlGqlVK"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8292e3f53177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
6 KB 31ms
30ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617, 617
age: 6939589
cdn-cachedat: 2021-03-11 11:58:04
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810e4000097d28bb1b000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: af3097212757f6b13d804a73f5f188bc
cf-ray: 65d8292e38d797d2-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 157 KB
21 KB 31ms
30ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 12
cdn-cachedat: 2021-06-08 16:51:35
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810e600002ba17f2e1000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 7767b72206874bab7cadfa75736ed7a6
cf-ray: 65d8292e39612ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 59 KB
15 KB 20ms
18ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 12
cdn-cachedat: 2021-06-08 20:50:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810e700002ba1bb936000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 479a46410b7b613e44b5c7c7a10efb74
cf-ray: 65d8292e39652ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 pop.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 10 KB
3 KB 14ms
13ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0685c4b3332ef18d007ce13a6543d7ede43d6b748419a038e7bd783c9e4a72db

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810e50000177ab18d1000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: W/"60c29df8-2805"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=F83tWLHJ7U90yDuMSYKtu%2B%2BKn0tspJk8VM%2BDgA3tbLkJbqy%2ByASBTMWSiC%2BFViugZ7PTuxruStTpd4GRJJ6p0LRvViaytG51HW0BSBdU0%2BM6ZW46s8RNI5NfmBXJEho1E3VIS3djx%2Be5"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8292e3f57177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 85 KB
29 KB 23ms
22ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6333ca0936bbf247b1c47eb69f76e19eef3aeff5a8a1b592f31c17f254bfef8c

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810e80000177ae8bda000000001
last-modified: Thu, 10 Jun 2021 23:19:21 GMT
server: cloudflare
etag: W/"60c29df9-1539a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Ktvr99Gup2SyyAkNIMCmArTd8fJ9cjxO5jql%2BQtB2dwtJtpLNygetm7HSy2HIN6DrE4pDqoTPYAz%2B34jYZ7gYEGMq%2FtqzGVL9cTc6U8%2ByDYzvRartDPuxqNbvpO00mDz%2FY0lxMe0ksYH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8292e3f5a177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 screenfull.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 22ms
21ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16861757a5b0d72f3333bc0955f7d3447b6bcb15254308d47893659802b8457e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810e60000177ade04c000000001
last-modified: Thu, 10 Jun 2021 23:19:19 GMT
server: cloudflare
etag: W/"60c29df7-7e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2v24mrks%2FEgj79PsS%2FafoatBwI8btGsDZoO2LjGR1AL9RyFQepIrrp9aLnCo%2FVCmIcIC5T7RooaGpYXngQQ7qZXCZgrm0DLH7%2BIAjB3mk6o4DI8a2UOLv2EXWiCrPoG6YzO4eVRokhWD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8292e3f5c177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.jpg
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 25ms
24ms Image
image/jpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70249b342aecd9e3d2367aea39df606e92562f9d7945ad8849b36cd3e3a85a1

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2004
cf-request-id: 0a9af811080000177aab93c000000001
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
server: cloudflare
etag: "60c29df1-7d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ORFGfI9HK8mpfX4UUgYliPDnmq9PDRArGX11PZBNgBK7ABv3XM%2Bxhlj6g53UNU%2F9ZbcN43S%2BTZEC%2FD9zJGW3pk76PcFKn77O7jZKdi3IvniUX6NGwPTxI%2F72Dz3nDuIwxorEjC4PTCVM"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292e7fbc177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 cut.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 1 KB
2 KB 16ms
16ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d25cf2403704d5208d662af4ef703d424cedeac253a43a1aec6e60e0db43837f

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1192
cf-request-id: 0a9af8110a0000177ae8bde000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-4a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sRkMw1ayO8fteWrc8vcus1lr6VX9S5fXHT5gdNSq%2FAJs%2Fasdm1TTPEx2Te3If3735xGbIXB4EFBi6C8RlYv1DqbxZPdt6EDDW5%2BtEYXoxpuP9Ze4FaOSLxRC8oVLuWFkv8LX1I8h%2FMRa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292e7fbd177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 minus.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 945 B
2 KB 13ms
13ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b6c8e23b2a2c49ac71393cb3e1740b7e2fccaa310ee06b68ca27b693d133f8e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 945
cf-request-id: 0a9af8111f0000177a771ca000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-3b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=w7B6KTeXunMfOh7dL48b2S8MO60pwRjvfNaggAhs45iUtBiHzbbeaikTj8%2F733LNUQfDWm1NX0vSvvy6WpPIkkE%2FMBNwjsc5%2BDZNO08WNzIlWMOmeZc%2BX%2F9T7UJTTwdbwA17J2j7ZR9U"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292e9feb177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 background-2.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 378 KB
378 KB 15ms
13ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de9fbe2de348e17bd4948011260ef297c4102b69068692daaba02bf632acd291

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 386648
cf-request-id: 0a9af8112b0000177ad91ab000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: "60c29df8-5e658"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FPaFoTES%2FWqJUNKaGO8MPG6E3iAYLrPDOoDELu%2F1WrdGb0l1QR9lpcy1JOfO7qRV%2B%2F5rcVzHUh32dwhrO38PBE4S3Nz0POD%2FtZGfrrdbZ5XVI1dWrzBAih4p8Seg6SYiJQJLLwKxAMoi"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea800177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 set.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 364 B
991 B 14ms
12ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 364
cf-request-id: 0a9af8112b0000177aa31e4000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-16c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hTDrkD8Cjed7zUAQGiSMcStUOKPXv2k5TTRiDUzfFuadn5Jx7EhEgBejEiG2kLao%2BB7ehF4a8n748tfhE6%2Fr5LrJ0tCpvmz0i4jfR%2FXY5Ouls81BMQbGkYMi9RRy8XXVN9HNCeJUBGIN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea801177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 help.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 349 B
978 B 39ms
37ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 349
cf-request-id: 0a9af8112c0000177ab18d5000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-15d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tUPe6UfvUUdbNYcPkpcpU%2FxjngUMGfT2M2nBCTMvICf8YgdNr16viYDtDezgfpBZgoRcb2J7tNkKFRai7wP%2Fr59JBni9hzRW5J2RsBL3vQU09Q8BF4fwshKstKaZeZJldF%2BPLT%2BJBbtl"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea803177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scan.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 723 B
1 KB 39ms
38ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0f52d9433540bafa2f05fc3c04839b4990c2ce5ef718975a8d4eef9866f06be

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 723
cf-request-id: 0a9af811300000177ade052000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-2d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=RBtFjUPzCMYOpOE24kXEA2ui8cms02i0dMqn2%2FEjNAXY4mMjD4u%2FTeTUBHZbzj4ovclDclD2OIOB7ZxU%2BzP%2FQ4jAq0qkqIAXemEh%2BuVQhmOARyxF%2Bpr6nbQXbF9IoVem4I6adI7uzMAT"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea805177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 time.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
3 KB 39ms
38ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a8b8ab6fef6a243e7a03d0c260a525a50df879953b26c34b83e97c61d36001b

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2760
cf-request-id: 0a9af8112c0000177a97a27000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: "60c29df5-ac8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Se9VgXV6uIOBu2fMdQ8iKx5ff2LqOFtEC24kYiX%2FLT%2BMDljOjaXGRhSySGAlJIUSvMpLQqYK4t0k%2FM1s5RufAWUIkhmwX2mkhyXhjo%2F6cuD8VXEktSSZORi1nu8J1SGbJFmOATyV41XO"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea807177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pro.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
4 KB 41ms
39ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da198edcbb6e4845e1b27930e433a0fa776f3a9eec26dabd758b0d3d06edab61

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3028
cf-request-id: 0a9af8112c0000177ae33fc000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-bd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YKPmZDRLMxZTrSjye72O7N%2B2pxy9Yy16Y0bm7vnnZKH8Zz22nIJv7MsiigSo7jeNsNTmYvTH4DAFR40M%2BGB0jJn2k3bq2KBsvhCBWaBqfllNvQcv2%2FZya37lNGScFxDo%2FAU2uQw9jHpm"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea808177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 mic.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 41ms
39ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f63a29085e0086c93e316ac91ea971ca7ff5f925e0327ea9b006c15c793d38bb

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2555
cf-request-id: 0a9af8112d0000177a6c2a3000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-9fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bTOLWOP84dVQx2bSDKI%2BeP2aysC25vQHm4VovXxRyUtpySj%2FW7kXD95A67SQNFCiMc7O2L7FTV1fLYY9Ns7j79WALULzs2osOaqasxg09Egg3vTHTcuYEQpGl%2FuUIVmWSFYxM8i%2F0EKm"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea80a177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 977 B
2 KB 41ms
40ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 977
cf-request-id: 0a9af8112d0000177a818f0000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-3d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jTbX8UqhV%2FP%2BvGPpFbgPM1SVUmrInwIh5yDIVeAw%2BrppJ%2FKStB7l1Gl6N9xI%2Fi3PBPVFE6pRW6kGBTBECNlIYu9FCOvadjt9En%2F6AOXmADjmVvsLrW8v8NOG3FS4T5KBnt1CBtVjuAis"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8292ea80c177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b59630aa8075df2e3a9ed299d54f02dbe8b35998a0ef8414ff0caeb2137920bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36065
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Jun 2021 04:40:21 GMT

GET
H3-29 404 css.css
642retrieval.ga/ 0
0 18ms
16ms Stylesheet
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/css.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /css.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 10 Jun 2021 23:18:01 GMT
server: cloudflare
age: 6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QymvSaIdSQ52f06e2s%2BIerOs80QNp04IipjfckfwK8MxmpZTRwN7T5u26Y1bhtOlPEsTFfgwbe%2FXPhR697HrByfUNVfwJDOSVfrb4a6doJ8%2FOzWqGGSihXk5ceXjppHONzNT4M8Wch6c"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65d8292e5f86177a-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af810f40000177aab93a000000001

GET
H3-29 200 css2
fonts.googleapis.com/ 19 KB
907 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05a55848815c20ac9e0c5df2732b2ce6b0c12018dec636956bd3f792c06c4aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:36:13 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:21 GMT

GET
DATA 200
OK truncated
/ 309 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0531410bc1f8a477f7305af86f43dabcd10be9a3742e6e26ce6d3ed4f6a8425

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:25:12 GMT
x-content-type-options: nosniff
age: 209709
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 18:25:12 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:48:38 GMT
x-content-type-options: nosniff
age: 197503
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:23 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:48:38 GMT

GET
H3-29 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:28:26 GMT
x-content-type-options: nosniff
age: 198715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:28:26 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 14:59:05 GMT
x-content-type-options: nosniff
age: 222076
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 14:59:05 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:02:10 GMT
x-content-type-options: nosniff
age: 214691
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 17:02:10 GMT

GET
H3-29 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 65 KB
66 KB 19ms
17ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617, 617, 617
age: 5
cdn-cachedat: 2021-06-08 21:35:39
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66624
cf-request-id: 0a9af8113900002ba17711a000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e9724039cf930044db00c3fe573acbf5
accept-ranges: bytes
cf-ray: 65d8292eca322ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 206 alertmicrosoft.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
0 178ms
176ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-216737/216738
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 216738
cf-request-id: 0a9af8113a0000177a8e00d000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-34ea2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=N4ERmpnXoyf0meL%2BmTdUycEVnoSk4L3WhYVrs9bttgVNQCYt0u4GeNxj3DPm%2BA9kZohGYVQOqi9u9vU13s%2BOE9%2B%2FsudmSb4VOK3wjTGNh%2BPkudcY4bZkNbFDQI5RivVEDlUuYEFZn7tL"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8292ec821177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 206 warning.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 6 KB
0 190ms
189ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:21 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-13668/13669
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 13669
cf-request-id: 0a9af8113a0000177a94ab4000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-3565"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=DDuYa6vZYJrxQ0Sgm%2BDDDZuOEF%2BU3aOxAWLpj4%2B%2FRV%2BoXfarWxDLEvwlrXdXxt%2BzPL2sPZyb0rXhnb5UsIEyy6rAcsUr8zx28FAQS6GBTb7Gf5rdGSAmmRm06sQxZ1lrfe2T1aSOK%2BIk"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8292ec822177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 11ms
6ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2380
date: Fri, 11 Jun 2021 04:00:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 11 Jun 2021 06:00:41 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=114768090&t=pageview&_s=1&dl=https%3A%2F%2F642retrieval.ga%2FWin-E-22Oc0_2475_IEDGE08279-1.hhlyf88%2FPVkfsdbfMSdFFhfj1188%2F&ul=en-us&de=UTF-8&dt=%3Ctitle%3E**%20%E3%81%82%E3%81%AA%E3%81%9F%E3%81%AE%E3%82%B3%E3%83%B3%E3%83%94%E3%83%A5%E3%83%BC%E3%82%BF%E3%81%AF%E3%83%96%E3%83%AD%E3%83%83%E3%82%AF%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%20**&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=1159906311.1623386416&tid=UA-179488279-1&_gid=1834396702.1623386416&gtm=2ou690&z=1651071718

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 19:44:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32141
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 27 KB
11 KB 200ms
199ms Document
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 838be9174158c44d15a2558ec3ec8ef346d59a3409ebbdd4003a2213fff94c26

Request headers

:method: GET
:authority: 642retrieval.ga
:scheme: https
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-type: text/html
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 0a9af819cd0000177ac9ba8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=22pIdKSMxI7P45J%2FmAoxK9sguqdA6ikAQEB2g%2BE3c0G2YUpAn4k9X5pFJBMY6aaSAxXOqOriZLscZmeqraRxMPMwHXpg0mlQdEtdGyuaFnB5ln%2BRFR2T6XEPVO4bjBwP7H%2FqhotWAp5%2F"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65d8293c7b30177a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 css
fonts.googleapis.com/ 1 KB
418 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:19:30 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:23 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:23 GMT

GET
H3-29 200 style.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 14ms
13ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75d0898af3d149b79084e1e6cfa046da47d3dbcc6c103bf35932c4d7c9618480

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81a9c0000177ac9bb0000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: W/"60c29df5-7c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4MLdFSGWxMidzWEGA08EjHT9pAbztCKnvGK0SZXD0%2Bsia2Tn1ZiG0uBxK11mhdqjAvnBkmW2MZ38SHIS2jpNUMpDIyEsNsnuUR6tmQYYwSS8rvUmFwf3ujG53LL7tUQqz%2BerCZcVUkUx"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8293dccf2177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
6 KB 22ms
21ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617, 617
age: 6939591
cdn-cachedat: 2021-03-11 11:58:04
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81a9d000097d2b829b000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: af3097212757f6b13d804a73f5f188bc
cf-ray: 65d8293dcd0b97d2-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 157 KB
21 KB 18ms
17ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 14
cdn-cachedat: 2021-06-08 16:51:35
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81a9d00002ba1771c1000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 7767b72206874bab7cadfa75736ed7a6
cf-ray: 65d8293dcbae2ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 59 KB
15 KB 16ms
15ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 14
cdn-cachedat: 2021-06-08 20:50:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81a9d00002ba18082b000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 479a46410b7b613e44b5c7c7a10efb74
cf-ray: 65d8293dcbb12ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 pop.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 10 KB
3 KB 17ms
16ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0685c4b3332ef18d007ce13a6543d7ede43d6b748419a038e7bd783c9e4a72db

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81a9d0000177aab9cb000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: W/"60c29df8-2805"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=09n6%2F505PjYXc3SFLjI0sliS1ub0XNscU2%2FyOID7KVT5gtsPyzirpwQi%2FsAIiO%2FpJkuNvwlldRc0Qk4yIN12w2hMM3YEQzxjT3bAeL27vMOQ%2FUeRdHewe8YyeI106x1fuWV11nbvbEV%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8293dccf4177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jquery.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 85 KB
29 KB 23ms
21ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6333ca0936bbf247b1c47eb69f76e19eef3aeff5a8a1b592f31c17f254bfef8c

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81a9d0000177a6c325000000001
last-modified: Thu, 10 Jun 2021 23:19:21 GMT
server: cloudflare
etag: W/"60c29df9-1539a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lgUnqovFPaI77Le1fUe9cVCV%2BS6Dla66jHXsxuwGZh7aeY%2BwW45W85x%2FlzCcXt1DXrBK4KCeDG7ZFHBKg72qcA541GD7MIHkSmcAQznDhedkPF7NxB%2Fsu3GxSAL4BmGKc0mgxWDRkuXM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8293dccf6177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 screenfull.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 14ms
13ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16861757a5b0d72f3333bc0955f7d3447b6bcb15254308d47893659802b8457e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81a9d0000177a94b40000000001
last-modified: Thu, 10 Jun 2021 23:19:19 GMT
server: cloudflare
etag: W/"60c29df7-7e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uR%2BlKsJdw5tuHbUvn9DIlCl%2FJXIuvNPMfUoh%2BmTi0kGhefwkhNgaSyZYYeU%2BKzH8qOYQ852lOhzxQSX0z6yn9Gm2yJN6JwYFmF%2BZTfu1rSc5r%2FrhKIcbO2gKQJeiV4m%2FmASmS%2BV6r4TJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8293dccf9177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.jpg
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 16ms
16ms Image
image/jpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70249b342aecd9e3d2367aea39df606e92562f9d7945ad8849b36cd3e3a85a1

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 9
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2004
cf-request-id: 0a9af81abc0000177ade0dc000000001
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
server: cloudflare
etag: "60c29df1-7d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=097anojPwievNZ9LJ%2BHUtWYVQUoX44G6ZBcpCEOLURTK3GZquJS8QXmkRkNYLUbykGx2Mi1VB9xzYxu%2FB58VkIwbBwCOqeshfIgbLeQ5%2BXclKM2lOcgWhOZULqwfv%2BbVUAO1Ua61V3aC"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293dfd3e177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 cut.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 1 KB
2 KB 12ms
12ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d25cf2403704d5208d662af4ef703d424cedeac253a43a1aec6e60e0db43837f

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1192
cf-request-id: 0a9af81ac40000177a861da000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-4a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eGje5EaezVh0TdSBI3FwLYjoI9ggC5yeqHbJ%2FWlnt%2Fgnt%2B4kSket9tVY98I7YsDasCylO%2F6cY6QSXIgBgPQDbdiYBcMGYBQ8MoEbJ8MflO6t38lQ98ESoy7ZruDOQ5zAFeHcybw%2FgORD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e0d53177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 minus.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 945 B
2 KB 15ms
14ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b6c8e23b2a2c49ac71393cb3e1740b7e2fccaa310ee06b68ca27b693d133f8e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 945
cf-request-id: 0a9af81ad20000177ae3088000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-3b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SJLXUZZOVGULaCgIVUlXPw6Mx%2B%2B5D%2BcwIfQ4sFqB%2F5mZQqQXQGwPX1QLiJUEB%2BOl393O4zSQ06kIgGrWXfDvlHz0ATEvbjFdXbJC%2BFyvgusY%2FOZeGrHbWc1BaJQM%2BP1LdZOLk3MzPWOn"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e1d6e177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 background-2.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 378 KB
378 KB 13ms
13ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de9fbe2de348e17bd4948011260ef297c4102b69068692daaba02bf632acd291

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 386648
cf-request-id: 0a9af81ad50000177ac0374000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: "60c29df8-5e658"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Oy6F4MapKem960vxMsRGDifqXtq2etz3tdkTWKan7dsWjVNEcfeXvP%2Fap3a8b%2BKGbPn4hBP805uG9HfzxqjZVSNlUs3Zxp9m2yaTOX3Y8qHvah%2F3uuBuKSltMqXpGQMoIg0YWSk4moVm"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e2d77177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 set.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 364 B
997 B 21ms
17ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 364
cf-request-id: 0a9af81ae40000177ac0375000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-16c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZSEAFl87UiyJD0TveXBgZIJ78DH2JldI%2BJjlcWKkeF2mWUzTW4bf1HCKbem36nW%2BsMsRsC2P4QzRmODxjwD%2BFnr7jD5NrWqN5WpCVl%2BM56GGZa7dSWVAsc%2BYJZIkOxP3ASFCzgg8Ov8f"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e3d9f177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 help.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 349 B
977 B 22ms
18ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 349
cf-request-id: 0a9af81ae50000177a6c329000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-15d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qIVt0MvMJw9MkdtXoGOouu%2BrtX8c7SnE0ynQKnDPppgMfqgQUnYdpzpWPFkv7Jq0%2B3%2F3oNCcbGJ2tKT7j61w5Y6q7pbMTtfoi8qUk02ln2AzUxRoR2cKuNX7EB4kLuWsg4MoTqd%2BNsPm"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e3da2177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scan.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 723 B
1 KB 21ms
17ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0f52d9433540bafa2f05fc3c04839b4990c2ce5ef718975a8d4eef9866f06be

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 723
cf-request-id: 0a9af81ae50000177ac8995000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-2d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bc1LNcQ0XI28b%2FRULewPyDCDcNOAVye8bsxyO5Um1OmuIBtCOPwpCdk84xKDb6Z%2FaKwy4wRQ%2FYqbqq3qvPULrZT4ItfB20MNKJtaRROO1JYUp4DjJlfKq7B99eBjQ0h51MVl8bywdYwx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e3da3177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 time.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
3 KB 20ms
16ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a8b8ab6fef6a243e7a03d0c260a525a50df879953b26c34b83e97c61d36001b

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2760
cf-request-id: 0a9af81ae50000177a83a9c000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: "60c29df5-ac8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KH2TIc%2BbGtnLBKrkBFalmVMpiesc3Yzlqhc%2FimaUrXUR%2FrRChAKx9VwoPfC%2FJ5TwNhg2%2B76GEsGThg%2B4rm8yTcBamhbaQx6E72SReTuF3iHpiq3FSjRIpOrkABcWfU0Asanpj3%2B5%2BNnk"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e3da5177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pro.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
4 KB 23ms
19ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da198edcbb6e4845e1b27930e433a0fa776f3a9eec26dabd758b0d3d06edab61

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3028
cf-request-id: 0a9af81ae50000177a94b45000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-bd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=RLj8TGC2l3xwclIC6wgCzzKSOsp7dcnjuwO1chDFzCnAzZOo5iAlZByeuVxBMczqjaGRzRjTmc6wiQOajGrWK%2FUpSs4XJyk8W5%2FuLqaZtSCrm8N94I65nXqH96%2BVQSlQOz87dIXWHLbG"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e3da9177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 mic.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 20ms
17ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f63a29085e0086c93e316ac91ea971ca7ff5f925e0327ea9b006c15c793d38bb

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2555
cf-request-id: 0a9af81ae60000177ab1966000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-9fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=USrmTCnY68dNqSBTVq5GKwg25IrlC7RWc0kh4Z%2B6mb4OKWAHKxSJLBUM%2FWm9O6x2Y071Jw%2Bkjrwpt%2FQs9Ggm8cflnA8k8KQJdyh8ucHwfvlFMwOzcbrMPZ%2F4%2F29hPcrLN3VxhOCyz8ez"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e3daa177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 977 B
2 KB 24ms
20ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 977
cf-request-id: 0a9af81ae60000177ad41db000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-3d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PrsJppIXRhEvEc4avtxV9ADY73%2Bcqm747ljM8Qy4zvlOCZLJH9O06%2BiomDlxJnbv3emlyQYYR2XqSEBIvsRPvBfB06nShi14wU5Tl7P46XTOuZVib%2FjFqMTjEmqvUKBiz26lmUAKTn%2Bm"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8293e3dab177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 21ms
18ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b59630aa8075df2e3a9ed299d54f02dbe8b35998a0ef8414ff0caeb2137920bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36065
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Jun 2021 04:40:24 GMT

GET
H3-29 404 css.css
642retrieval.ga/ 0
0 24ms
22ms Stylesheet
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/css.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /css.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 10 Jun 2021 23:18:01 GMT
server: cloudflare
age: 8
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QVkFby7b6pHhUp2wPOQvvncv3KLwBcgo5%2Bx%2FIzy9dqXjt5qHpe4OJh8aHLYc%2Bf4BFilC6TKfYn5kOO1wfCEnCRglbZafj5HomZ%2Bt13oAWShlVLrF95fS%2BSIbkZDxZs%2FoqdrgBRP2vfDK"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65d8293ded1d177a-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af81aac0000177a73a8e000000001

GET
H3-29 200 css2
fonts.googleapis.com/ 19 KB
907 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05a55848815c20ac9e0c5df2732b2ce6b0c12018dec636956bd3f792c06c4aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:31:06 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:24 GMT

GET
DATA 200
OK truncated
/ 309 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0531410bc1f8a477f7305af86f43dabcd10be9a3742e6e26ce6d3ed4f6a8425

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:25:12 GMT
x-content-type-options: nosniff
age: 209712
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 18:25:12 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:48:38 GMT
x-content-type-options: nosniff
age: 197506
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:23 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:48:38 GMT

GET
H3-29 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:28:26 GMT
x-content-type-options: nosniff
age: 198718
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:28:26 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 14:59:05 GMT
x-content-type-options: nosniff
age: 222079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 14:59:05 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:02:10 GMT
x-content-type-options: nosniff
age: 214694
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 17:02:10 GMT

GET
H3-29 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 65 KB
66 KB 18ms
17ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617, 617, 617
age: 8
cdn-cachedat: 2021-06-08 21:35:39
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66624
cf-request-id: 0a9af81aec00002ba15bb19000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e9724039cf930044db00c3fe573acbf5
accept-ranges: bytes
cf-ray: 65d8293e4ceb2ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 206 alertmicrosoft.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 6 KB
0 178ms
177ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-216737/216738
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 216738
cf-request-id: 0a9af81aeb0000177a7b14e000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-34ea2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6qIukr%2FGi2ICXZkutuDdempyKsbTb2eihVFFsD0%2Buvq74l91iatyzII7RBkrFrcP3L4joHWux4MPp6h8ZUbw4Vg5SjyGWrfUgPrEyfNxntkrEslXyfrcIZCL4Q5S7xCvzStJAlLUUctH"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8293e4dbb177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 206 warning.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
0 178ms
178ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:24 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-13668/13669
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 13669
cf-request-id: 0a9af81aec0000177a6f2d0000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-3565"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2FQRYJ9k%2Fn0uXH9zBeYsdh%2BAq0tYNI5x01i3xLPjbio7ZlzNGqYbPrQuMr%2F44d77CQds85k%2FU72K%2FoBiiUNmQipp0PYhPhtaYEDVcyjnjS9Q7p0Wi%2F2uk3a13PjCsGRGu4U66gpZXYqCi"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8293e4dbd177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2383
date: Fri, 11 Jun 2021 04:00:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 11 Jun 2021 06:00:41 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1181218056&t=pageview&_s=1&dl=https%3A%2F%2F642retrieval.ga%2FWin-E-22Oc0_2475_IEDGE08279-1.hhlyf88%2FPVkfsdbfMSdFFhfj1188%2F&ul=en-us&de=UTF-8&dt=%3Ctitle%3E**%20%E3%81%82%E3%81%AA%E3%81%9F%E3%81%AE%E3%82%B3%E3%83%B3%E3%83%94%E3%83%A5%E3%83%BC%E3%82%BF%E3%81%AF%E3%83%96%E3%83%AD%E3%83%83%E3%82%AF%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%20**&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=1159906311.1623386416&tid=UA-179488279-1&_gid=1834396702.1623386416&gtm=2ou690&z=734750016

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 19:44:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32144
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 Primary Request / Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 27 KB
11 KB 210ms
210ms Document
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 838be9174158c44d15a2558ec3ec8ef346d59a3409ebbdd4003a2213fff94c26

Request headers

:method: GET
:authority: 642retrieval.ga
:scheme: https
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-type: text/html
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
cf-request-id: 0a9af823740000177a8704e000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YL%2BIi6dbYd59J0NQ8jEoTGH5N4QsywkpPEVvgCrxK9pSKvSiQz9py0ekwOdO4DhpVF9oHxM%2FSXv4o3Ram2GLcVpM%2FzaS9HIKsb0u0rYrsRizjyZ9lSJicbwfHX3pEkeTniW51Uw5YAH5"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65d8294be958177a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 css
fonts.googleapis.com/ 1 KB
418 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:23:14 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:26 GMT

GET
H3-29 200 style.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 22ms
20ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75d0898af3d149b79084e1e6cfa046da47d3dbcc6c103bf35932c4d7c9618480

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8244d0000177ac6028000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: W/"60c29df5-7c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pHzqsdxA%2Bpr4Mw2yIBgN05WpSM62s0qBBoGjAkpmG6jOxEMqEpVqMBMQvx2Q8h%2BLYFXt5qVqWb68yZGY0%2FQTrqhE4PffIGwkDLQnKr3rB8xzOusCArQuNUvP0rUVYl7MnzgqpYOV%2Fx%2FV"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8294d4b29177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
6 KB 17ms
15ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617, 617
age: 6939594
cdn-cachedat: 2021-03-11 11:58:04
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8244c000097d2871ef000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: af3097212757f6b13d804a73f5f188bc
cf-ray: 65d8294d491f97d2-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/ 157 KB
21 KB 29ms
27ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 17
cdn-cachedat: 2021-06-08 16:51:35
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8244d00002ba199b0c000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 7767b72206874bab7cadfa75736ed7a6
cf-ray: 65d8294d49342ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/ 59 KB
15 KB 18ms
15ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 17
cdn-cachedat: 2021-06-08 20:50:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8244d00002ba1b717c000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 479a46410b7b613e44b5c7c7a10efb74
cf-ray: 65d8294d49382ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 pop.css
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 10 KB
3 KB 15ms
13ms Stylesheet
text/css 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0685c4b3332ef18d007ce13a6543d7ede43d6b748419a038e7bd783c9e4a72db

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8244d0000177adb976000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: W/"60c29df8-2805"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=CFNt8NS8TxZqjk0kpIqxT4xKgSW97VkQDeZ5ItGYPfHevbetvYp2IRMhYGBY4DIbh0c3WtaI1lJfSnSd45g7V5cmB6zo0UO%2FI97Y%2FscsLUKqq%2BjvELxHMM4NhixY3a%2FZI0R58bk6Fs5q"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 65d8294d4b2a177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6333ca0936bbf247b1c47eb69f76e19eef3aeff5a8a1b592f31c17f254bfef8c

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/jquery.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8244d0000177ae311d000000001
last-modified: Thu, 10 Jun 2021 23:19:21 GMT
server: cloudflare
etag: W/"60c29df9-1539a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=EEP3hrpqIgjZHGJZ60q7FUbzPXV00ntNDoBZuzEkVJEPhIDs%2FYCBEf%2FjgPIxN7o8Ap8zo8qVtc7AZ7%2BEevueAJNJbFsb3mTe5vd0NeJYUu6W6q0r8dKJj3QvPBHgJaVtHJz2hRIWapi2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8294d4b2b177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 screenfull.js Show response
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
1 KB 16ms
14ms Script
application/javascript 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16861757a5b0d72f3333bc0955f7d3447b6bcb15254308d47893659802b8457e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/screenfull.js
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af8244e0000177aa32f2000000001
last-modified: Thu, 10 Jun 2021 23:19:19 GMT
server: cloudflare
etag: W/"60c29df7-7e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=6sti4iqNA9llMwOV9SOSM9I0aXNbDRTIQHMHg5mOEAG0TBmEfGyF50GoFUc2mlQur3ryvMO3e50U0cExKZkUiiXx2aCtRZ5Zzy10fMX%2Bn3hHsud0PJcMmTK1DqP9liZI46nWxRPNQCV1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65d8294d4b2f177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.jpg
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 12ms
11ms Image
image/jpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70249b342aecd9e3d2367aea39df606e92562f9d7945ad8849b36cd3e3a85a1

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.jpg
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 11
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2004
cf-request-id: 0a9af824690000177ad18a4000000001
last-modified: Thu, 10 Jun 2021 23:19:13 GMT
server: cloudflare
etag: "60c29df1-7d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sveZxaM0x9kT%2BFNcMFyc5nN5Sz5ZI1HrVmNfNp5ALTo1kkKw3ppclzDhV4l5TK5ka8AU56X%2FVcqWCxeKOPSkqPm4uWFcLl6xZv4GLUeqMY5ePfS4BXaVviM9Y0xy4cLJlNFWzTd5qZmE"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294d7b7e177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 cut.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 1 KB
2 KB 14ms
14ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d25cf2403704d5208d662af4ef703d424cedeac253a43a1aec6e60e0db43837f

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/cut.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1192
cf-request-id: 0a9af824720000177ab90a8000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-4a8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=U34yld%2BU9Gt6rAmTIqPS9jM2NwmGO7lGTwSq%2Bja4o2vubJsNL4hB%2FyM1ehO%2BA47SyonITsqhhUdmS12MJC5oXn%2FZ%2BZpw8fJDDy8muf%2BETYGNr0sk01ScidaM8FmiCZbE%2Byns7GqMAC0j"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294d8b91177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 minus.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 945 B
2 KB 15ms
14ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b6c8e23b2a2c49ac71393cb3e1740b7e2fccaa310ee06b68ca27b693d133f8e

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/minus.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 945
cf-request-id: 0a9af824810000177adb97a000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-3b1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NMnO7dSfdQ1ZvPBHlj0RObaLc84fygJ2zXA07%2BVncwIP6XInSqp7lfjP7ZJ3%2BGJKEOpcAir2Fkw%2FYKvgpcQSogK9Tn7vVN%2BBLMVdUKXvz5xkwyi1jpaOhPgPjwfh3lsrhfH8JHjZQ3Hy"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294d9baf177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 background-2.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 378 KB
378 KB 17ms
17ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de9fbe2de348e17bd4948011260ef297c4102b69068692daaba02bf632acd291

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/background-2.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 386648
cf-request-id: 0a9af824810000177a81a04000000001
last-modified: Thu, 10 Jun 2021 23:19:20 GMT
server: cloudflare
etag: "60c29df8-5e658"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5CY6zCjRjv1xbOBRG6yYvKPIFJ1dJLK7sX%2BNWT1mLKYX7GTv6B5IWy9eTLDkISn3yaJDtAeMw2aTQBWsmtCu8nG8plFRJWdFU2qfF6PQxXK5XpSQgrOAVilwDF5NkhDCxYrloUS0Fs8k"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294d9bb1177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 set.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 364 B
998 B 22ms
20ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/set.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 364
cf-request-id: 0a9af8248a0000177a97b3e000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-16c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PMFOQixlrxpxkS1Uo0FzLrqXbq7vKG2o9ZCDyNFihJ3xD3jQupiKDeg2JKVAAmvLTYddmgsEW0rAd%2FedPvZAsJ%2Blro5CWWETX7lLS99yRMeo7s3v%2BZHbXmGL6AvVOUV%2FGE%2F6uma%2BIgs7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294dabc8177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 help.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 349 B
975 B 22ms
21ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/help.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 349
cf-request-id: 0a9af8248a0000177aaba5e000000001
last-modified: Thu, 10 Jun 2021 23:19:16 GMT
server: cloudflare
etag: "60c29df4-15d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PZ3lNDU5fGAi%2BS5psSxDmcPpxMvZ6aBp82dzoNmC8zd8BjhvDJ1fNjjNWSjHM6Of2gEvMFo0zukedR4qMcy328aROoEQHWUN9VIHMLMTnuOQPfcaS51895z91xxItJxms2h7JhTc1Tmz"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294dabcb177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 scan.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 723 B
1 KB 23ms
21ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0f52d9433540bafa2f05fc3c04839b4990c2ce5ef718975a8d4eef9866f06be

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/scan.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 723
cf-request-id: 0a9af8248a0000177acc983000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-2d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=DykfKC4z7xLJytXIBdy4dk8Wf0GmZdXuru%2B%2BfNrtq67mnAn0OJubcCy5P0gYxvNDzOHdDEeZgkDMZBIctGYgY3Tktl646iyqcEtYGztVufhQ4cBkH%2B00dUSMx2g8nHLgh%2FJ5t7ymRDqb"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294dabcc177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 time.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
3 KB 23ms
21ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a8b8ab6fef6a243e7a03d0c260a525a50df879953b26c34b83e97c61d36001b

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/time.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2760
cf-request-id: 0a9af8248b0000177a9a09c000000001
last-modified: Thu, 10 Jun 2021 23:19:17 GMT
server: cloudflare
etag: "60c29df5-ac8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=iREeujBDR43fn8yEh3IYLA2jiof7ai34x8377%2F5ygy5TFOIpf4mwqb8CVud%2BpxACQpwnn94H4j4AfbxUmbDWkFkAqSwXoy3aEu95PuDd2fmK44%2F%2Fib0BH1MqETAjThY27ss2dD%2F41KqK"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294dabcd177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pro.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 3 KB
4 KB 23ms
22ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da198edcbb6e4845e1b27930e433a0fa776f3a9eec26dabd758b0d3d06edab61

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pro.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3028
cf-request-id: 0a9af8248b0000177ad426a000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-bd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uKPP%2B0Ul7Lg2Org181G5gtpr53O5G%2BoK1ghphx2rhcReZ4uEkLs6nW5Wr55Arnfm%2FYaih7vttIMVmmHqhj75UwwgpV1pslwz%2Fq%2BR844WGMbgoQuW1hHt8Laytt%2BVNpd1vZ1y26UcVoBn"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294dabce177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 mic.gif
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 2 KB
3 KB 26ms
24ms Image
image/gif 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f63a29085e0086c93e316ac91ea971ca7ff5f925e0327ea9b006c15c793d38bb

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/mic.gif
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2555
cf-request-id: 0a9af8248b0000177a94bcd000000001
last-modified: Thu, 10 Jun 2021 23:19:15 GMT
server: cloudflare
etag: "60c29df3-9fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2nwVlUPwJhUZF68AJKu7SyXmV9WODPvFFR6NI513OQjjdl%2FDl107zCAZGhfBJi66v4PZEqa6wSHD2Bas6QbCVKtb0RLnA%2BITy0XS2xqXiaxZ8aszgZgg%2FrN7ZoXy1lYkzvNCdhzAqgfY"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294dabcf177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 microsoft.png
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 977 B
2 KB 26ms
24ms Image
image/png 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36

Request headers

:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/microsoft.png
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 10
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 977
cf-request-id: 0a9af8248b0000177a769d3000000001
last-modified: Thu, 10 Jun 2021 23:19:14 GMT
server: cloudflare
etag: "60c29df2-3d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qd%2FYhdXpeLYnMrYUXzlXIodn5Y%2BlgJp2h564qdOVAajbEdRySCa4WLiFekMcpisIe9EzatoC9GvG3Pbx0NCiUFnoNaUkbaJ%2FeBLcBNPs7F0wROnHxZIg0evlhdecpxztjpjhlP4CsKoq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65d8294dabd1177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b59630aa8075df2e3a9ed299d54f02dbe8b35998a0ef8414ff0caeb2137920bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36065
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Jun 2021 04:40:26 GMT

GET
H3-29 404 css.css
642retrieval.ga/ 0
0 14ms
12ms Stylesheet
text/html 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/css.css
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:path: /css.css
pragma: no-cache
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 10 Jun 2021 23:18:01 GMT
server: cloudflare
age: 11
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l%2FBu0XDajpDTlXOozHJD9VO91ugcQxeei3B%2ByB1DNpzvroK8JtP3Yaxv3w4lyAsYlr8lfRQ1DA6h7C%2FvBYn7Y6dek%2Btsfc0X71lOgObXEsO1Soy3icIbQbqSq74L928TbZ0UVRhYozZE"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65d8294d6b6c177a-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a9af824630000177a6cbf9000000001

GET
H3-29 200 css2
fonts.googleapis.com/ 19 KB
907 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/pop.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05a55848815c20ac9e0c5df2732b2ce6b0c12018dec636956bd3f792c06c4aeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Jun 2021 03:20:32 GMT
server: ESF
date: Fri, 11 Jun 2021 04:40:26 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Jun 2021 04:40:26 GMT

GET
DATA 200
OK truncated
/ 309 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0531410bc1f8a477f7305af86f43dabcd10be9a3742e6e26ce6d3ed4f6a8425

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:25:12 GMT
x-content-type-options: nosniff
age: 209714
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7776
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 18:25:12 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:48:38 GMT
x-content-type-options: nosniff
age: 197508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7848
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:23 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:48:38 GMT

GET
H3-29 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:28:26 GMT
x-content-type-options: nosniff
age: 198720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7900
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 21:28:26 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 14:59:05 GMT
x-content-type-options: nosniff
age: 222081
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7988
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:02:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 14:59:05 GMT

GET
H3-29 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/ 8 KB
8 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://642retrieval.ga
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:02:10 GMT
x-content-type-options: nosniff
age: 214696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7832
x-xss-protection: 0
last-modified: Thu, 05 Nov 2020 22:01:48 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 17:02:10 GMT

GET
H3-29 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ 65 KB
66 KB 19ms
17ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://642retrieval.ga
Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 723, 617, 617, 617
age: 10
cdn-cachedat: 2021-06-08 21:35:39
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 66624
cf-request-id: 0a9af8249500002ba15637e000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e9724039cf930044db00c3fe573acbf5
accept-ranges: bytes
cf-ray: 65d8294db9e62ba1-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 206 alertmicrosoft.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 6 KB
0 197ms
195ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/alertmicrosoft.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-216737/216738
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 216738
cf-request-id: 0a9af824930000177ae0aee000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-34ea2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GHvVsE1H68zAStjj%2Fx8OPg2XOpvM4JIHgIl3V4UvsSEJzjmjzvIA6mZ2%2F8GprbIMS04VOR%2BclA7B5NrEssMS%2BhqEhaUEZMKQuKAANc6DgBkfMK47SuAqRmQXP%2Bbq6qLXd9gTuCfFacGY"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8294dbbe4177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 206 warning.mp3
642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/ 6 KB
0 187ms
186ms Media
audio/mpeg 2606:4700:3031::6815:47f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
Requested by: Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:47f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-fetch-mode: no-cors
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
sec-fetch-dest: audio
cookie: _ga=GA1.2.1159906311.1623386416; _gid=GA1.2.1834396702.1623386416; _gat_gtag_UA_179488279_1=1
:path: /Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/warning.mp3
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 642retrieval.ga
referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 11 Jun 2021 04:40:26 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
Content-Range: bytes 0-13668/13669
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Content-Length: 13669
cf-request-id: 0a9af824940000177ac3946000000001
last-modified: Thu, 10 Jun 2021 23:19:18 GMT
server: cloudflare
etag: "60c29df6-3565"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4NKmbsKZ1vpXF%2BV%2Fv3rlk6YQx6phVpGZ%2FV9PUZOpwQe8T40XLBDD9zfRuGrWkEumyZFXRq8TmcLUJ2K1fONtunDlRwspO3E7xwW1xk5A30shcZdVNGTMT34Xl6FPAJHq7Mo5EplX7H87"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
cache-control: max-age=315360000
cf-ray: 65d8294dbbe5177a-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-179488279-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 2385
date: Fri, 11 Jun 2021 04:00:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 11 Jun 2021 06:00:41 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1492916203&t=pageview&_s=1&dl=https%3A%2F%2F642retrieval.ga%2FWin-E-22Oc0_2475_IEDGE08279-1.hhlyf88%2FPVkfsdbfMSdFFhfj1188%2F&ul=en-us&de=UTF-8&dt=%3Ctitle%3E**%20%E3%81%82%E3%81%AA%E3%81%9F%E3%81%AE%E3%82%B3%E3%83%B3%E3%83%94%E3%83%A5%E3%83%BC%E3%82%BF%E3%81%AF%E3%83%96%E3%83%AD%E3%83%83%E3%82%AF%E3%81%95%E3%82%8C%E3%81%A6%E3%81%84%E3%81%BE%E3%81%99%20**&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUAB~&jid=&gjid=&cid=1159906311.1623386416&tid=UA-179488279-1&_gid=1834396702.1623386416&gtm=2ou690&z=710627893

Requested by

Host: 642retrieval.ga
URL: https://642retrieval.ga/Win-E-22Oc0_2475_IEDGE08279-1.hhlyf88/PVkfsdbfMSdFFhfj1188/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://642retrieval.ga/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 19:44:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32146
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Tech Support Scam (Consumer)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

642retrieval.ga
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
www.google-analytics.com
www.googletagmanager.com
2606:4700:3031::6815:47f8
2606:4700::6812:acf
2606:4700::6812:bcf
2a00:1450:4001:803::2003
2a00:1450:4001:812::200a
2a00:1450:4001:813::200e
2a00:1450:4001:827::2008
2a00:1450:4001:82a::200a
05a55848815c20ac9e0c5df2732b2ce6b0c12018dec636956bd3f792c06c4aeb
0685c4b3332ef18d007ce13a6543d7ede43d6b748419a038e7bd783c9e4a72db
16861757a5b0d72f3333bc0955f7d3447b6bcb15254308d47893659802b8457e
1d14552be6ee4946f37aab45221783569a7de93bf04647d430d36102b4dcd748
2b6c8e23b2a2c49ac71393cb3e1740b7e2fccaa310ee06b68ca27b693d133f8e
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
6333ca0936bbf247b1c47eb69f76e19eef3aeff5a8a1b592f31c17f254bfef8c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
75d0898af3d149b79084e1e6cfa046da47d3dbcc6c103bf35932c4d7c9618480
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
7a8b8ab6fef6a243e7a03d0c260a525a50df879953b26c34b83e97c61d36001b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
838be9174158c44d15a2558ec3ec8ef346d59a3409ebbdd4003a2213fff94c26
844a92ee435552f7f26b4ec467220c537841f8245a16bbb265975ce4b3081f36
b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
b59630aa8075df2e3a9ed299d54f02dbe8b35998a0ef8414ff0caeb2137920bc
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
cf62f979316b022634fc2c671ff6f8c731cf6205bb70e5069bf0dfc3c6ebb6ce
d25cf2403704d5208d662af4ef703d424cedeac253a43a1aec6e60e0db43837f
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
da198edcbb6e4845e1b27930e433a0fa776f3a9eec26dabd758b0d3d06edab61
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
de9fbe2de348e17bd4948011260ef297c4102b69068692daaba02bf632acd291
e0531410bc1f8a477f7305af86f43dabcd10be9a3742e6e26ce6d3ed4f6a8425
e0f52d9433540bafa2f05fc3c04839b4990c2ce5ef718975a8d4eef9866f06be
f4d5cae00178437f63e868ded066dde7503207230142ab3c37ef8ca70a03574d
f63a29085e0086c93e316ac91ea971ca7ff5f925e0327ea9b006c15c793d38bb
f70249b342aecd9e3d2367aea39df606e92562f9d7945ad8849b36cd3e3a85a1
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

642retrieval.ga Open in urlscan Pro 2606:4700:3031::6815:47f8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

166 Requests

100 %HTTPS

100 %IPv6

6 Domains

7 Subdomains

9 IPs

2 Countries

3250 kBTransfer

5263 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

166 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

642retrieval.ga Open in urlscan Pro
2606:4700:3031::6815:47f8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

166
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

9
IPs

2
Countries

3250 kB
Transfer

5263 kB
Size

0
Cookies

166 HTTP transactions
5 data transactions