friends-with-benefits.com Open in urlscan Pro
52.28.209.149 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymiuzqsuymnhtbc5nywxheh...
Effective URL:
https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&trackin...
Submission: On November 18 via api (November 18th 2024, 12:02:56 am UTC) from US — Scanned from US

Summary HTTP 33 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 2 countries across 12 domains to perform 33 HTTP transactions. The main IP is 52.28.209.149, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is friends-with-benefits.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 29th 2024. Valid for: a year.

This is the only time friends-with-benefits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 7	173.214.240.15 173.214.240.15	15317 (SERVEREL-AS) (SERVEREL-AS)
4	2607:f8b0:400... 2607:f8b0:4004:c08::5f	15169 (GOOGLE) (GOOGLE)
2 2	199.182.164.180 199.182.164.180	15317 (SERVEREL-AS) (SERVEREL-AS)
2 2	5.9.117.150 5.9.117.150	24940 (HETZNER-A...) (HETZNER-AS Hetzner Online GmbH)
2 2	2a02:b48:207:... 2a02:b48:207:1::7	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS DataWeb Global Group B.V.)
2	45.133.44.32 45.133.44.32	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS DataWeb Global Group B.V.)
3	64.233.180.94 64.233.180.94	15169 (GOOGLE) (GOOGLE)
1 1	136.243.92.81 136.243.92.81	24940 (HETZNER-A...) (HETZNER-AS Hetzner Online GmbH)
1	52.28.209.149 52.28.209.149	16509 (AMAZON-02) (AMAZON-02)
15	2600:1408:ec0... 2600:1408:ec00:36::1736:7f26	() ()
2	2607:f8b0:400... 2607:f8b0:4004:c0b::61	() ()
2	2600:1408:c40... 2600:1408:c400:2a::17da:da1b	() ()
1	34.96.102.137 34.96.102.137	() ()
33	9

7 173.214.240.15 (United States) 4 redirects

ASN15317 (SERVEREL-AS, US)
PTR: 173.214.240.15.serverel.net

freshchronicles3.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
freetrckr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
shoesday4.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c08::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.182.164.180 (United States) 2 redirects

ASN15317 (SERVEREL-AS, US)
PTR: 180.164.182.199.serverel.net

xml.rexsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.9.117.150 (Giessen, Germany) 2 redirects

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: static.150.117.9.5.clients.your-server.de

search.topdealad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:b48:207:1::7 (Ashburn, United States) 2 redirects

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)

tefinx.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.133.44.32 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL)

i.wmgtr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.233.180.94 (United States)

ASN15169 (GOOGLE, US)
PTR: pe-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.243.92.81 (Cologne, Germany) 1 redirects

ASN24940 (HETZNER-AS Hetzner Online GmbH, DE)
PTR: static.81.92.243.136.clients.your-server.de

search.topdealad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.209.149 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-209-149.eu-central-1.compute.amazonaws.com

friends-with-benefits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:1408:ec00:36::1736:7f26 (None, )

ASN- ()

cdn.friends-with-benefits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c0b::61 (None, )

ASN- ()

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:c400:2a::17da:da1b (None, )

ASN- ()

lpimg.friends-with-benefits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.102.137 (None, )

ASN- ()

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	friends-with-benefits.com friends-with-benefits.com cdn.friends-with-benefits.com lpimg.friends-with-benefits.com	402 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
4	shoesday4.xyz 1 redirects shoesday4.xyz	3 KB
3	gstatic.com fonts.gstatic.com	73 KB
3	topdealad.com 3 redirects search.topdealad.com — Cisco Umbrella Rank: 658523	715 B
2	googletagmanager.com www.googletagmanager.com	196 KB
2	wmgtr.com i.wmgtr.com — Cisco Umbrella Rank: 26920	974 KB
2	tefinx.click 2 redirects tefinx.click	662 B
2	rexsrv.com 2 redirects xml.rexsrv.com — Cisco Umbrella Rank: 136861	256 B
2	freetrckr.com 2 redirects freetrckr.com	633 B
1	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	250 B
1	freshchronicles3.xyz 1 redirects freshchronicles3.xyz	129 B
33	12

	Domain	Requested by
15	cdn.friends-with-benefits.com	friends-with-benefits.com
4	fonts.googleapis.com	shoesday4.xyz friends-with-benefits.com
4	shoesday4.xyz	1 redirects shoesday4.xyz
3	fonts.gstatic.com	fonts.googleapis.com
3	search.topdealad.com	3 redirects
2	lpimg.friends-with-benefits.com	friends-with-benefits.com
2	www.googletagmanager.com	friends-with-benefits.com www.googletagmanager.com
2	i.wmgtr.com	shoesday4.xyz
2	tefinx.click	2 redirects
2	xml.rexsrv.com	2 redirects
2	freetrckr.com	2 redirects
1	dev.visualwebsiteoptimizer.com	cdn.friends-with-benefits.com
1	friends-with-benefits.com	shoesday4.xyz
1	freshchronicles3.xyz	1 redirects
33	14

This site contains no links.

Subject Issuer	Validity	Valid
newstodai4.xyz E5	`2024-10-20` - `2025-01-18`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
friends-with-benefits.com Amazon RSA 2048 M03	`2024-10-29` - `2025-11-28`	a year	crt.sh
cdn.friends-with-benefits.com E6	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
lpimg.friends-with-benefits.com E6	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Frame ID: D36F23E8FF9AFDABD6BE9D399CEEF6AA
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymi... HTTP 307
https://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymi... HTTP 302
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=1&ch=1 HTTP 302
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=2&ch=1 HTTP 302
https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJT... Page URL
https://xml.rexsrv.com/click?s=1&tid=467&sid=2631650ec1608e23dca30a85965b93cf&rnd=185017954 HTTP 302
https://search.topdealad.com/click/01xzd93wbkks7e1yy?token=kfxfrsk6kigwgwkzmbjirso8bcnrg HTTP 303
https://tefinx.click/dsp/ph/clcm?aid=14712837097052850257&mid=0&t=1731888168&s=857430&sid=1808 HTTP 302
https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnr... Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

94 %
HTTPS

38 %
IPv6

12
Domains

14
Subdomains

9
IPs

2
Countries

1651 kB
Transfer

2204 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymiuzqsuymnhtbc5nywxhehlwdxnolmnvbsuymiuyqyuymnulmjilm0elnuilmjixnjqylthmzgy0ztu3mzg1yzrmn2m3mzkyngexnge4ywjkogzhltm5mjitmc4wmdg4nsuymiu1rcu3ra%3d%3d&t=1731855419647&rnd=225164...%20311%20...fanbfdxnfzgvzayuymiu3ra==&if=1 HTTP 307
https://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymiuzqsuymnhtbc5nywxhehlwdxnolmnvbsuymiuyqyuymnulmjilm0elnuilmjixnjqylthmzgy0ztu3mzg1yzrmn2m3mzkyngexnge4ywjkogzhltm5mjitmc4wmdg4nsuymiu1rcu3ra%3d%3d&t=1731855419647&rnd=225164...%20311%20...fanbfdxnfzgvzayuymiu3ra==&if=1 HTTP 302
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=1&ch=1 HTTP 302
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=2&ch=1 HTTP 302
https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D Page URL
https://xml.rexsrv.com/click?s=1&tid=467&sid=2631650ec1608e23dca30a85965b93cf&rnd=185017954 HTTP 302
https://search.topdealad.com/click/01xzd93wbkks7e1yy?token=kfxfrsk6kigwgwkzmbjirso8bcnrg HTTP 303
https://tefinx.click/dsp/ph/clcm?aid=14712837097052850257&mid=0&t=1731888168&s=857430&sid=1808 HTTP 302
https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymiuzqsuymnhtbc5nywxhehlwdxnolmnvbsuymiuyqyuymnulmjilm0elnuilmjixnjqylthmzgy0ztu3mzg1yzrmn2m3mzkyngexnge4ywjkogzhltm5mjitmc4wmdg4nsuymiu1rcu3ra%3d%3d&t=1731855419647&rnd=225164...%20311%20...fanbfdxnfzgvzayuymiu3ra==&if=1 HTTP 307
https://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymiuzqsuymnhtbc5nywxhehlwdxnolmnvbsuymiuyqyuymnulmjilm0elnuilmjixnjqylthmzgy0ztu3mzg1yzrmn2m3mzkyngexnge4ywjkogzhltm5mjitmc4wmdg4nsuymiu1rcu3ra%3d%3d&t=1731855419647&rnd=225164...%20311%20...fanbfdxnfzgvzayuymiu3ra==&if=1 HTTP 302
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=1&ch=1 HTTP 302
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=2&ch=1 HTTP 302
https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D

Request Chain 2

https://shoesday4.xyz/event_90cd25a1-dad6-f210-ae01-505662ba67ff_7_4048_4001?payload=aHR0cHMlM0ElMkYlMkZ4bWwucmV4c3J2LmNvbSUyRmljb24lM0ZzaWQlM0QyNjMxNjUwZWMxNjA4ZTIzZGNhMzBhODU5NjViOTNjZiUyNnJuZCUzRDgwNzYyOTA2Nw%3D%3D&t=1731888168846&rnd=897588228&i=1 HTTP 302
https://xml.rexsrv.com/icon?sid=2631650ec1608e23dca30a85965b93cf&rnd=807629067 HTTP 302
https://search.topdealad.com/icon/01xzd93wbkks7e1yy?token=kfxfrsk6kigwgwkzmbjirso8bcnrg HTTP 303
https://tefinx.click/dsp/ph/icm?aid=14712837097052850257&mid=0&sid=1808&t=1731888168&subid=kfxfrs4hkigwgwkimjjirso8bcnrg HTTP 302
https://i.wmgtr.com/cic/ZTcvKGFRc-_qf3O9ww0lv2-vlEUPk5Rk.png

Request Chain 3

https://search.topdealad.com/image/01xzd93wbkks7e1yy?token=kfxfrsk6kigwgwkzmbjirso8bcnrg HTTP 303
https://i.wmgtr.com/cim/YnuDSqweRYh-_ToLPsyA8QqVwBXD1Kjv.png

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js Show response
shoesday4.xyz/
Redirect Chain

http://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymiuzqsuymnhtbc5nywxhehlwdxnolmnvbsuymiuyqyuymnulmjilm0elnuilmjixnjqylthmzgy0ztu3mzg1yzrmn2m3mzk...
https://freshchronicles3.xyz/event_b3473c81-55f6-4178-a8ac-2317a401f66b_301_0_4002?payload=jtdcjtiyacuymiuzqsuymnhtbc5nywxhehlwdxnolmnvbsuymiuyqyuymnulmjilm0elnuilmjixnjqylthmzgy0ztu3mzg1yzrmn2m3mz...
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=1&ch=1
https://freetrckr.com/bid?id=4001&token=e807a67b57ff274565f78878190ec04e&sub_id=&rc=2&ch=1
https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D

5 KB
2 KB

396ms
97ms

Document
text/html

173.214.240.15
SERVEREL-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 173.214.240.15 , United States, ASN15317 (SERVEREL-AS, US),
Reverse DNS: 173.214.240.15.serverel.net
Software: nginx /
Resource Hash: 2cf1f6e7a7a2a806ffe23d2c48edd41d407449ad0c97b03e71dfaa301ec200f7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Mon, 18 Nov 2024 00:02:48 GMT
server: nginx

Redirect headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-WoW64, Sec-CH-UA-Bitness, Sec-CH-UA-Model
date: Mon, 18 Nov 2024 00:02:48 GMT
location: https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
server: nginx

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 193ms
70ms Stylesheet
text/css 2607:f8b0:4004:c08::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic

Requested by

Host: shoesday4.xyz
URL: https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

794e424cad112f306e1bf057c71a9c9f3c9de2adb2831f02f1159e93f6049061

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shoesday4.xyz/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 18 Nov 2024 00:02:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 00:02:49 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 17 Nov 2024 22:42:15 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2

200

ZTcvKGFRc-_qf3O9ww0lv2-vlEUPk5Rk.png
i.wmgtr.com/cic/
Redirect Chain

https://shoesday4.xyz/event_90cd25a1-dad6-f210-ae01-505662ba67ff_7_4048_4001?payload=aHR0cHMlM0ElMkYlMkZ4bWwucmV4c3J2LmNvbSUyRmljb24lM0ZzaWQlM0QyNjMxNjUwZWMxNjA4ZTIzZGNhMzBhODU5NjViOTNjZiUyNnJuZCUz...
https://xml.rexsrv.com/icon?sid=2631650ec1608e23dca30a85965b93cf&rnd=807629067
https://search.topdealad.com/icon/01xzd93wbkks7e1yy?token=kfxfrsk6kigwgwkzmbjirso8bcnrg
https://tefinx.click/dsp/ph/icm?aid=14712837097052850257&mid=0&sid=1808&t=1731888168&subid=kfxfrs4hkigwgwkimjjirso8bcnrg
https://i.wmgtr.com/cic/ZTcvKGFRc-_qf3O9ww0lv2-vlEUPk5Rk.png

20 KB
20 KB

161ms
142ms

Image
image/jpeg

45.133.44.32
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.wmgtr.com/cic/ZTcvKGFRc-_qf3O9ww0lv2-vlEUPk5Rk.png

Requested by

Host: shoesday4.xyz
URL: https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D

Protocol

Server

45.133.44.32 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

2df6d6501288176ad4c500c56c9291676930f7ecf9734e5c4f39617c60cbf7d6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shoesday4.xyz/

Response headers

cache-control: max-age=82800
x-content-type-option: nosniff
expires: Mon, 18 Nov 2024 23:02:50 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
date: Mon, 18 Nov 2024 00:02:50 GMT
x-xss-protection: 1; mode=block
content-type: image/jpeg
server: nginx/1.19.0
x-cdn-host-id: ah1742,ds8138
x-frame-options: SAMEORIGIN

Redirect headers

location: https://i.wmgtr.com/cic/ZTcvKGFRc-_qf3O9ww0lv2-vlEUPk5Rk.png
content-length: 0
date: Mon, 18 Nov 2024 00:02:50 GMT
accept-ch: Sec-CH-UA-Platform-Version
server: nginx/1.18.0

GET
H2

200

YnuDSqweRYh-_ToLPsyA8QqVwBXD1Kjv.png
i.wmgtr.com/cim/
Redirect Chain

https://search.topdealad.com/image/01xzd93wbkks7e1yy?token=kfxfrsk6kigwgwkzmbjirso8bcnrg
https://i.wmgtr.com/cim/YnuDSqweRYh-_ToLPsyA8QqVwBXD1Kjv.png

953 KB
954 KB

342ms
102ms

Image
image/gif

45.133.44.32
ADVANCEDHOSTERS-A...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.wmgtr.com/cim/YnuDSqweRYh-_ToLPsyA8QqVwBXD1Kjv.png

Requested by

Host: shoesday4.xyz
URL: https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D

Protocol

Server

45.133.44.32 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS DataWeb Global Group B.V., NL),

Reverse DNS

Software

nginx/1.19.0 /

Resource Hash

0f7e5b5bb46df0f6d7e2a9320a473d805603d173ae562fb47c1c08f37bb6c265

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shoesday4.xyz/

Response headers

cache-control: max-age=82800
x-content-type-option: nosniff
expires: Mon, 18 Nov 2024 23:02:49 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
date: Mon, 18 Nov 2024 00:02:49 GMT
x-xss-protection: 1; mode=block
content-type: image/gif
server: nginx/1.19.0
x-cdn-host-id: ah1742,ds8138
x-frame-options: SAMEORIGIN

Redirect headers

Location: https://i.wmgtr.com/cim/YnuDSqweRYh-_ToLPsyA8QqVwBXD1Kjv.png
Content-Length: 0
Date: Mon, 18 Nov 2024 00:02:48 GMT
Content-Type: text/html
Server: inhousead-platform

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 130ms
57ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f94.1e100.net

Software

sffe /

Resource Hash

d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shoesday4.xyz
Referer: https://fonts.googleapis.com/

Response headers

age: 14385
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 17 Nov 2025 20:03:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 17 Nov 2024 20:03:04 GMT
last-modified: Thu, 01 Aug 2024 20:41:21 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18596
x-xss-protection: 0
server: sffe

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 127ms
55ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,700,400i&subset=cyrillic

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f94.1e100.net

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://shoesday4.xyz
Referer: https://fonts.googleapis.com/

Response headers

age: 55456
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 17 Nov 2025 08:38:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 17 Nov 2024 08:38:33 GMT
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18536
x-xss-protection: 0
server: sffe

GET
H2 404 favicon.ico
shoesday4.xyz/ 548 B
245 B 144ms
93ms Other
text/html 173.214.240.15
SERVEREL-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shoesday4.xyz/favicon.ico
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 173.214.240.15 , United States, ASN15317 (SERVEREL-AS, US),
Reverse DNS: 173.214.240.15.serverel.net
Software: nginx /
Resource Hash: d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D

Response headers

content-encoding: gzip
date: Mon, 18 Nov 2024 00:02:51 GMT
content-type: text/html
server: nginx

GET
H2 200 event_90cd25a1-dad6-f210-ae01-505662ba67ff_7_0_4001
shoesday4.xyz/ 115 B
207 B 119ms
97ms Script
application/javascript 173.214.240.15
SERVEREL-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://shoesday4.xyz/event_90cd25a1-dad6-f210-ae01-505662ba67ff_7_0_4001?payload=JTdCJTIyaCUyMiUzQSUyMnhtbC5yZXhzcnYuY29tJTIyJTJDJTIydSUyMiUzQSU1QiUyMjQ2Ny0yNjMxNjUwZWMxNjA4ZTIzZGNhMzBhODU5NjViOTNjZi00MDQ4LTAuMDAwMjQ3JTIyJTVEJTdE&t=1731888168846&rnd=645905172&js=1&io=0&h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA==&if=0
Requested by: Host: shoesday4.xyz
URL: https://shoesday4.xyz/sw_967afdeb-a72e-bef7-11bd-1572362c4c5a_7_0_4001.js?h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA%3D%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 173.214.240.15 , United States, ASN15317 (SERVEREL-AS, US),
Reverse DNS: 173.214.240.15.serverel.net
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
date: Mon, 18 Nov 2024 00:02:52 GMT
content-type: application/javascript
server: nginx

GET
H2

200

Primary Request / Show response
friends-with-benefits.com/lp/precpm/
Redirect Chain

https://xml.rexsrv.com/click?s=1&tid=467&sid=2631650ec1608e23dca30a85965b93cf&rnd=185017954
https://search.topdealad.com/click/01xzd93wbkks7e1yy?token=kfxfrsk6kigwgwkzmbjirso8bcnrg
https://tefinx.click/dsp/ph/clcm?aid=14712837097052850257&mid=0&t=1731888168&s=857430&sid=1808
https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn

44 KB
9 KB

609ms
288ms

Document
text/html

52.28.209.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Requested by: Host: shoesday4.xyz
URL: https://shoesday4.xyz/event_90cd25a1-dad6-f210-ae01-505662ba67ff_7_0_4001?payload=JTdCJTIyaCUyMiUzQSUyMnhtbC5yZXhzcnYuY29tJTIyJTJDJTIydSUyMiUzQSU1QiUyMjQ2Ny0yNjMxNjUwZWMxNjA4ZTIzZGNhMzBhODU5NjViOTNjZi00MDQ4LTAuMDAwMjQ3JTIyJTVEJTdE&t=1731888168846&rnd=645905172&js=1&io=0&h=JTdCJTIycmMlMjIlM0EyJTJDJTIyaGlkJTIyJTNBMSUyQyUyMnNpZCUyMiUzQSUyMiUyMiU3RA==&if=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.28.209.149 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-209-149.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2cbf18905e78c4c70081ad76b4a3c588b592bb7434c42ab7c080c74764aca92c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 18 Nov 2024 00:02:54 GMT
geo_city: Miami
server: nginx
vary: Accept-Encoding

Redirect headers

content-length: 300
content-type: text/html; charset=utf-8
date: Mon, 18 Nov 2024 00:02:53 GMT
location: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
server: nginx/1.18.0

GET
H2 200 jquery.min.397754ba49e9e0cf4e7c190da78dda05.js Show response
cdn.friends-with-benefits.com/lp/assets/common/js/ 90 KB
32 KB 575ms
88ms Script
application/javascript 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/common/js/jquery.min.397754ba49e9e0cf4e7c190da78dda05.js
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206787
content-encoding: gzip
etag: W/"67346d62-169d5"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174967_389506246_131808282_32_969_57_0_219";dur=1
content-length: 32772
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 09:12:02 GMT
vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 201ms
71ms Stylesheet
text/css 2607:f8b0:4004:c08::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald|Raleway

Requested by

Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2963883ef4158cfb2179119581b97f7c654c2432c7e09f520be364fba35c0c91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 18 Nov 2024 00:02:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 18 Nov 2024 00:02:54 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 18 KB
945 B 201ms
72ms Stylesheet
text/css 2607:f8b0:4004:c08::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:200,300,400,400i,500,500i,600,600i,700,700i&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

260e6ba6cfff5120f8ba215899086ed852257768203f3f6d37157aa5249939ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 18 Nov 2024 00:02:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sun, 17 Nov 2024 23:57:13 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 styles.074781273e726c700a9f359458196e04.css
cdn.friends-with-benefits.com/lp/assets/common/css/ 15 KB
4 KB 569ms
87ms Stylesheet
text/css 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/common/css/styles.074781273e726c700a9f359458196e04.css
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6462ecb1c90c7dcb654105ea5056923af1e065f475876f9334f91002f169eb8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206702
content-encoding: gzip
etag: W/"67346d62-3c97"
access-control-allow-origin: *
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 3461
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174682_389506246_131808279_27_1047_57_283_255";dur=1
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: text/css
last-modified: Wed, 13 Nov 2024 09:12:02 GMT
vary: Accept-Encoding

GET
H2 200 tests.9d58efc456f03751102365e373d75df3.js Show response
cdn.friends-with-benefits.com/lp/assets/common/js/ 4 KB
2 KB 573ms
92ms Script
application/javascript 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/common/js/tests.9d58efc456f03751102365e373d75df3.js
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fbf85cc2f9dea979b3518ee40dae569778a37753a20e7a9a7e28e463490625b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206693
content-encoding: gzip
etag: W/"67346dc8-10cb"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174967_389506246_131808283_38_931_57_0_219";dur=1
content-length: 1542
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 09:13:44 GMT
vary: Accept-Encoding

GET
H2 200 style.8933a3397c7af8ba9899ffaa5718be4c.css
cdn.friends-with-benefits.com/lp/assets/prelanding/css/ 7 KB
2 KB 570ms
89ms Stylesheet
text/css 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/css/style.8933a3397c7af8ba9899ffaa5718be4c.css
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 749a20ef4dc934f607705f66f3d848553cbc11f20611a5868ba71564b1ef38dd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206777
content-encoding: gzip
etag: W/"67346d63-1cf9"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174967_389506246_131808280_29_1000_57_0_255";dur=1
content-length: 1977
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: text/css
last-modified: Wed, 13 Nov 2024 09:12:03 GMT
vary: Accept-Encoding

GET
H2 200 close.8c78db28b5a3f198d980d880fa39d3c1.png
cdn.friends-with-benefits.com/lp/assets/common/images/ 3 KB
3 KB 573ms
92ms Image
image/png 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.friends-with-benefits.com/lp/assets/common/images/close.8c78db28b5a3f198d980d880fa39d3c1.png
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f090abfd9db1d2cecd4458aa419e6132809851c82b33aa4c11ee91a03abd80f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=2193925
etag: "67346dc5-af1"
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174967_389506246_131808286_38_1112_57_0_182";dur=1
content-length: 2801
geo_city: Toronto
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: image/png
last-modified: Wed, 13 Nov 2024 09:13:41 GMT

GET
H2 200 radar-scanner.78b803a76793d8269b3c25b9e138f987.gif
cdn.friends-with-benefits.com/lp/assets/prelanding/images/ 100 KB
100 KB 561ms
91ms Image
image/gif 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/images/radar-scanner.78b803a76793d8269b3c25b9e138f987.gif
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7019cba2004ebe060ca044a6de3c7013f0b8a46871b6cd4aad62200686fd317

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=2193978
etag: "67346d63-1905f"
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174968_389506246_131808285_151_756_57_0_182";dur=1
content-length: 102495
geo_city: Toronto
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: image/gif
last-modified: Wed, 13 Nov 2024 09:12:03 GMT

GET
H2 200 common.e75f6cb49ca52e4d03896beea90dfe08.js Show response
cdn.friends-with-benefits.com/lp/assets/common/js/ 20 KB
6 KB 122ms
120ms Script
application/javascript 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/common/js/common.e75f6cb49ca52e4d03896beea90dfe08.js
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67c6d6ce711c533feddcec6107b0d7c8b5e1ef15088d59c1edd4a55e46ecfbc5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206755
content-encoding: gzip
etag: W/"67346d65-5119"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175068_389506246_131809818_19_1278_81_0_182";dur=1
content-length: 5932
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 09:12:05 GMT
vary: Accept-Encoding

GET
H2 200 prelanding.ca918634e523cd632838925a2e57b422.js Show response
cdn.friends-with-benefits.com/lp/assets/common/js/ 2 KB
1 KB 98ms
97ms Script
application/javascript 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/common/js/prelanding.ca918634e523cd632838925a2e57b422.js
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5f566c663ea8e807c43e06a28866aee9b15a953c08aea30ab1dc24f18e04497

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206848
content-encoding: gzip
etag: W/"67346d65-802"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175095_389506246_131810228_20_1064_81_0_182";dur=1
content-length: 828
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 09:12:05 GMT
vary: Accept-Encoding

GET
H2 200 loader.1e4843b51481a2e2237edb7251524bbb.js Show response
cdn.friends-with-benefits.com/lp/assets/prelanding/js/ 3 KB
1 KB 101ms
99ms Script
application/javascript 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/js/loader.1e4843b51481a2e2237edb7251524bbb.js
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 18d29db2e44b532346199b22a97f613e3e1e2c9aec73226d00fa748d0320e8a8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206749
content-encoding: gzip
etag: W/"67346d7a-ca5"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175098_389506246_131810255_64_920_81_0_182";dur=1
content-length: 1087
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 09:12:26 GMT
vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 291 KB
101 KB 395ms
66ms Script
application/javascript 2607:f8b0:4004:c0b::61

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WGJSH9M

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::61 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c31deb5e118f78762482460822f2d76a7ad2e2287e942d935cf375cd91ef4ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Mon, 18 Nov 2024 00:02:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 102716
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 css
fonts.googleapis.com/ 4 KB
0 0ms
0ms Stylesheet
text/css 2607:f8b0:4004:c08::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald|Raleway

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2963883ef4158cfb2179119581b97f7c654c2432c7e09f520be364fba35c0c91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 18 Nov 2024 00:02:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 18 Nov 2024 00:02:54 GMT
x-frame-options: SAMEORIGIN
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 styles.074781273e726c700a9f359458196e04.css
cdn.friends-with-benefits.com/lp/assets/common/css/ 15 KB
0 1ms
0ms Stylesheet
text/css 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/common/css/styles.074781273e726c700a9f359458196e04.css
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c6462ecb1c90c7dcb654105ea5056923af1e065f475876f9334f91002f169eb8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206702
content-encoding: gzip
etag: W/"67346d62-3c97"
access-control-allow-origin: *
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 3461
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174682_389506246_131808279_27_1047_57_283_255";dur=1
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: text/css
last-modified: Wed, 13 Nov 2024 09:12:02 GMT
vary: Accept-Encoding

GET
H2 200 style.8933a3397c7af8ba9899ffaa5718be4c.css
cdn.friends-with-benefits.com/lp/assets/prelanding/css/ 7 KB
0 1ms
1ms Stylesheet
text/css 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/css/style.8933a3397c7af8ba9899ffaa5718be4c.css
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 749a20ef4dc934f607705f66f3d848553cbc11f20611a5868ba71564b1ef38dd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206777
content-encoding: gzip
etag: W/"67346d63-1cf9"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888174967_389506246_131808280_29_1000_57_0_255";dur=1
content-length: 1977
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: text/css
last-modified: Wed, 13 Nov 2024 09:12:03 GMT
vary: Accept-Encoding

GET
H2 200 snippet.8871e34e796393232bc624a9010e3f1f.js Show response
cdn.friends-with-benefits.com/lp/assets/prelanding/js/ 12 KB
4 KB 100ms
99ms Script
application/javascript 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/js/snippet.8871e34e796393232bc624a9010e3f1f.js
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68a2bc3472f81e42a5c3dde9983685f4d7be8306cc8ff1efedb04a053d05bc88

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=206843
content-encoding: gzip
etag: W/"67346d7a-2f31"
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175097_389506246_131810257_49_833_81_0_146";dur=1
content-length: 3826
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 09:12:26 GMT
vary: Accept-Encoding

GET
H2 200 OVx9x5uSrzvhakAGJfI2kJPrxviS1uiN9s5gTI2m.webp
lpimg.friends-with-benefits.com/template/ 125 KB
126 KB 508ms
61ms Image
image/webp 2600:1408:c400:2a::17da:da1b

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lpimg.friends-with-benefits.com/template/OVx9x5uSrzvhakAGJfI2kJPrxviS1uiN9s5gTI2m.webp
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:2a::17da:da1b -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16f717b0b79cdb75671b229fbba962b4676e5ce9cf0c61ecccf50635564088f5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=6274091
etag: "34e88832a8f11c052bd6cb98f468540b"
x-amz-request-id: NG6RGM576J3PGS6S
accept-ranges: bytes
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175477_400425499_1542169068_95_1014_55_80_219";dur=1
content-length: 128046
date: Mon, 18 Nov 2024 00:02:55 GMT
last-modified: Mon, 31 Oct 2022 08:52:17 GMT
content-type: image/webp
x-amz-id-2: V4uoU3KEAjt0C2gTuR6OZ41Ks/mcHa0bIX21MF4r+85O2T8hn4BWg2nNcdqLwOvquvQtb6CeBzs=

GET
H2 200 PwRQzXtIlD6D5j6bwIbtNApRTvTxuUQ1oSytRFz0.webp
lpimg.friends-with-benefits.com/template/ 76 KB
76 KB 621ms
175ms Image
image/webp 2600:1408:c400:2a::17da:da1b

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lpimg.friends-with-benefits.com/template/PwRQzXtIlD6D5j6bwIbtNApRTvTxuUQ1oSytRFz0.webp
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:2a::17da:da1b -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=5839770
etag: "0f297449fd0de6b7b3f23677185088b3"
x-amz-request-id: JYCTJYQWR7Y3T1CK
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="1731888175557_400425499_1542169069_205_974_55_0_219";dur=1
content-length: 77812
date: Mon, 18 Nov 2024 00:02:55 GMT
last-modified: Mon, 31 Oct 2022 08:52:17 GMT
content-type: image/webp
x-amz-id-2: sFYEP/RG/Vs+Qoshad+1+yek/fKkgmSixXcCEtHbXxKWQKodjWMqyyA52mRvET0S5d4MbHri/rREE0JimVEL8QQliSX81P0U

GET
H2 200 warning.123594de630aba4fb44d23e3c906166a.webp
cdn.friends-with-benefits.com/lp/assets/prelanding/images/ 650 B
906 B 74ms
66ms Image
image/webp 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/images/warning.123594de630aba4fb44d23e3c906166a.webp
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 559a1ddfc2fd25a689d728d9d8b6433d6fe062b1f6af304b2d8b979c93b83d66

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=2194151
etag: "67346dc6-28a"
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175118_389506246_131810566_23_1202_65_0_146";dur=1
content-length: 650
geo_city: Port Matilda
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: image/webp
last-modified: Wed, 13 Nov 2024 09:13:42 GMT

GET
H2 200 sos.f86431f76723924286832e8461fae35b.webp
cdn.friends-with-benefits.com/lp/assets/prelanding/images/ 2 KB
2 KB 73ms
65ms Image
image/webp 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/images/sos.f86431f76723924286832e8461fae35b.webp
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 383772cf6f8abbac578f4e352709526e0e34ec807550d6bf388d4d7ac12909bd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=2193950
etag: "67346d63-71e"
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175118_389506246_131810568_18_920_65_0_146";dur=1
content-length: 1822
geo_city: Toronto
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: image/webp
last-modified: Wed, 13 Nov 2024 09:12:03 GMT

GET
H2 200 bgprofiles.8134f4273e1a8706fa281f7452d02e0e.webp
cdn.friends-with-benefits.com/lp/assets/prelanding/images/ 32 KB
32 KB 74ms
67ms Image
image/webp 2600:1408:ec00:36::1736:7f26

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/images/bgprofiles.8134f4273e1a8706fa281f7452d02e0e.webp
Requested by: Host: friends-with-benefits.com
URL: https://friends-with-benefits.com/lp/precpm/?s1=evad_us&s2=US_INPG1_DESK&s3=s1808_kfxfrs4hkigwgwkimjjirso8bcnrg&s4=1262642&tracking_id=s3_14712837097052850257_1808_8_0&add=BckBtn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:36::1736:7f26 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3bbffbf7cfdc47dba07b10e697b5a42da8f3aff2824bee2a0c39ea475c4fa63a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

cache-control: max-age=2194046
etag: "67346d63-7e6e"
accept-ranges: bytes
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1731888175120_389506246_131810597_29_718_65_0_146";dur=1
content-length: 32366
geo_city: Toronto
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: image/webp
last-modified: Wed, 13 Nov 2024 09:12:03 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 19 B
250 B 264ms
50ms XHR
application/javascript 34.96.102.137

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=921607&u=https%3A%2F%2Ffriends-with-benefits.com%2Flp%2Fprecpm%2F%3Fs1%3Devad_us%26s2%3DUS_INPG1_DESK%26s3%3Ds1808_kfxfrs4hkigwgwkimjjirso8bcnrg%26s4%3D1262642%26tracking_id%3Ds3_14712837097052850257_1808_8_0%26add%3DBckBtn&vn=2.1&x=true
Requested by: Host: cdn.friends-with-benefits.com
URL: https://cdn.friends-with-benefits.com/lp/assets/prelanding/js/snippet.8871e34e796393232bc624a9010e3f1f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 -, , ASN (),
Reverse DNS
Software: gsc2 /
Resource Hash: 651b22eb1f250e8f7cb27f8221098a3644768e70b5bd8d8912428f2c89093fb0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

timing-allow-origin: *
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://friends-with-benefits.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 00:02:54 GMT
content-type: application/javascript; charset=UTF-8
server: gsc2

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v29/ 37 KB
37 KB 115ms
56ms Font
font/woff2 64.233.180.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:200,300,400,400i,500,500i,600,600i,700,700i&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

64.233.180.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pe-in-f94.1e100.net

Software

sffe /

Resource Hash

fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://friends-with-benefits.com
Referer: https://fonts.googleapis.com/

Response headers

age: 36750
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 17 Nov 2025 13:50:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 17 Nov 2024 13:50:25 GMT
last-modified: Wed, 06 Nov 2024 17:30:37 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 37828
x-xss-protection: 0
server: sffe

GET
H2 200 js
www.googletagmanager.com/gtag/ 271 KB
95 KB 87ms
86ms Script
application/javascript 2607:f8b0:4004:c0b::61

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-EN5YHWKKJL&l=dataLayer&cx=c&gtm=45He4bc0v79004183za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WGJSH9M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::61 -, , ASN (),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://friends-with-benefits.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 18 Nov 2024 00:02:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 18 Nov 2024 00:02:55 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96997
x-xss-protection: 0
server: Google Tag Manager

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			friends-with-benefits.com/	1970-01-21 01:14:52	Name: AWSALB Value: lbmd+nu82aiOSbHDrEsGKSK21Mp5igILHJIqfPLBQgFPkjRrX29bwD+1d7a/kd+9uAOQ2sSmARqe1D9oiD62S+c7VF9+v+uRyqA+xtxMcbv4hXlKo7Vqj74VZj/L
			friends-with-benefits.com/	1970-01-21 01:14:52	Name: AWSALBCORS Value: lbmd+nu82aiOSbHDrEsGKSK21Mp5igILHJIqfPLBQgFPkjRrX29bwD+1d7a/kd+9uAOQ2sSmARqe1D9oiD62S+c7VF9+v+uRyqA+xtxMcbv4hXlKo7Vqj74VZj/L

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://shoesday4.xyz/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.friends-with-benefits.com
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
fonts.gstatic.com
freetrckr.com
freshchronicles3.xyz
friends-with-benefits.com
i.wmgtr.com
lpimg.friends-with-benefits.com
search.topdealad.com
shoesday4.xyz
tefinx.click
www.googletagmanager.com
xml.rexsrv.com
136.243.92.81
173.214.240.15
199.182.164.180
2600:1408:c400:2a::17da:da1b
2600:1408:ec00:36::1736:7f26
2607:f8b0:4004:c08::5f
2607:f8b0:4004:c0b::61
2a02:b48:207:1::7
34.96.102.137
45.133.44.32
5.9.117.150
52.28.209.149
64.233.180.94
0f7e5b5bb46df0f6d7e2a9320a473d805603d173ae562fb47c1c08f37bb6c265
0fbf85cc2f9dea979b3518ee40dae569778a37753a20e7a9a7e28e463490625b
16f717b0b79cdb75671b229fbba962b4676e5ce9cf0c61ecccf50635564088f5
18d29db2e44b532346199b22a97f613e3e1e2c9aec73226d00fa748d0320e8a8
260e6ba6cfff5120f8ba215899086ed852257768203f3f6d37157aa5249939ee
2963883ef4158cfb2179119581b97f7c654c2432c7e09f520be364fba35c0c91
2cbf18905e78c4c70081ad76b4a3c588b592bb7434c42ab7c080c74764aca92c
2cf1f6e7a7a2a806ffe23d2c48edd41d407449ad0c97b03e71dfaa301ec200f7
2df6d6501288176ad4c500c56c9291676930f7ecf9734e5c4f39617c60cbf7d6
383772cf6f8abbac578f4e352709526e0e34ec807550d6bf388d4d7ac12909bd
3bbffbf7cfdc47dba07b10e697b5a42da8f3aff2824bee2a0c39ea475c4fa63a
559a1ddfc2fd25a689d728d9d8b6433d6fe062b1f6af304b2d8b979c93b83d66
651b22eb1f250e8f7cb27f8221098a3644768e70b5bd8d8912428f2c89093fb0
67c6d6ce711c533feddcec6107b0d7c8b5e1ef15088d59c1edd4a55e46ecfbc5
68a2bc3472f81e42a5c3dde9983685f4d7be8306cc8ff1efedb04a053d05bc88
749a20ef4dc934f607705f66f3d848553cbc11f20611a5868ba71564b1ef38dd
794e424cad112f306e1bf057c71a9c9f3c9de2adb2831f02f1159e93f6049061
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
a5f566c663ea8e807c43e06a28866aee9b15a953c08aea30ab1dc24f18e04497
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c31deb5e118f78762482460822f2d76a7ad2e2287e942d935cf375cd91ef4ae4
c6462ecb1c90c7dcb654105ea5056923af1e065f475876f9334f91002f169eb8
c7019cba2004ebe060ca044a6de3c7013f0b8a46871b6cd4aad62200686fd317
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
f090abfd9db1d2cecd4458aa419e6132809851c82b33aa4c11ee91a03abd80f2
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1

friends-with-benefits.com Open in urlscan Pro 52.28.209.149 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

33 Requests

94 %HTTPS

38 %IPv6

12 Domains

14 Subdomains

9 IPs

2 Countries

1651 kBTransfer

2204 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

friends-with-benefits.com Open in urlscan Pro
52.28.209.149 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

94 %
HTTPS

38 %
IPv6

12
Domains

14
Subdomains

9
IPs

2
Countries

1651 kB
Transfer

2204 kB
Size

2
Cookies

33 HTTP transactions
0 data transactions