www.firstleaf.com Open in urlscan Pro
2606:4700:10::6816:2cf6 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://lot18.com/
Effective URL:
https://www.firstleaf.com/?utm_source=lot18
Submission Tags: tranco_l324
Submission: On May 11 via api (May 11th 2024, 10:21:09 am UTC) from DE — Scanned from DE

Summary HTTP 176 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 62 IPs in 6 countries across 55 domains to perform 176 HTTP transactions. The main IP is 2606:4700:10::6816:2cf6, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.firstleaf.com.
TLS certificate: Issued by GTS CA 1P5 on April 25th 2024. Valid for: 3 months.

This is the only time www.firstleaf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.64.119.150 192.64.119.150	22612 (NAMECHEAP...) (NAMECHEAP-NET)
64	2606:4700:10:... 2606:4700:10::6816:2cf6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	23.197.116.174 23.197.116.174	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	137.184.29.70 137.184.29.70	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.244.142.80 35.244.142.80	15169 (GOOGLE) (GOOGLE)
3	35.201.112.186 35.201.112.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 7	35.227.244.1 35.227.244.1	15169 (GOOGLE) (GOOGLE)
3	2600:9000:26e... 2600:9000:26e8:6c00:d:370a:51c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	67.225.220.126 67.225.220.126	32244 (LIQUIDWEB) (LIQUIDWEB)
2	35.204.89.238 35.204.89.238	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	95.101.111.156 95.101.111.156	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2600:9000:20e... 2600:9000:20eb:f000:16:4ed5:12c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.65.39.36 18.65.39.36	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:36::36	15169 (GOOGLE) (GOOGLE)
1	35.186.247.156 35.186.247.156	15169 (GOOGLE) (GOOGLE)
1	165.227.198.72 165.227.198.72	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2400:52e0:1e0... 2400:52e0:1e00::1080:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2600:9000:236... 2600:9000:236e:8c00:d:87ae:bb80:21	16509 (AMAZON-02) (AMAZON-02)
1	18.172.103.101 18.172.103.101	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:d383	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	35.186.194.58 35.186.194.58	15169 (GOOGLE) (GOOGLE)
4	138.197.61.175 138.197.61.175	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
1	104.16.53.111 104.16.53.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1f16:ebf... 2600:1f16:ebf:1f02:523f:9ec2:fef8:984a	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	104.17.2.184 104.17.2.184	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.16.200 172.217.16.200	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
1	18.65.39.29 18.65.39.29	16509 (AMAZON-02) (AMAZON-02)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
17 22	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:211... 2600:9000:211e:8000:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4264:5164:8407:81ce:65ea	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.158.59.121 35.158.59.121	16509 (AMAZON-02) (AMAZON-02)
1 1	3.123.78.215 3.123.78.215	16509 (AMAZON-02) (AMAZON-02)
2 2	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1 2	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1	52.70.157.54 52.70.157.54	14618 (AMAZON-AES) (AMAZON-AES)
1	72.246.169.24 72.246.169.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.77.42.245 54.77.42.245	16509 (AMAZON-02) (AMAZON-02)
1	18.203.106.185 18.203.106.185	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 3	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2 2	142.250.185.132 142.250.185.132	15169 (GOOGLE) (GOOGLE)
2	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
1 3	185.89.210.20 185.89.210.20	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	16.182.71.201 16.182.71.201	16509 (AMAZON-02) (AMAZON-02)
1	35.190.54.17 35.190.54.17	15169 (GOOGLE) (GOOGLE)
1	99.83.128.14 99.83.128.14	16509 (AMAZON-02) (AMAZON-02)
1	18.214.101.0 18.214.101.0	14618 (AMAZON-AES) (AMAZON-AES)
1	216.239.36.54 216.239.36.54	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	() ()
2	2a00:1450:400... 2a00:1450:400c:c02::9b	() ()
176	62

1 192.64.119.150 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)

lot18.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

64 2606:4700:10::6816:2cf6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.firstleaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.firstleaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.firstleaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ct.firstleaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.197.116.174 (Düsseldorf, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-116-174.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 137.184.29.70 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: metrics.production.nyc1.025

rbv9j7km.firstleaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.142.80 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 80.142.244.35.bc.googleusercontent.com

cdn.pdst.fm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com

edge.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.227.244.1 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 1.244.227.35.bc.googleusercontent.com

shop.pe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.shop.pe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
manage.safeopt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:26e8:6c00:d:370a:51c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

d2mjzob2nc713b.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.225.220.126 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: host.rtb123.com

www.rtb123.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.89.238 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 238.89.204.35.bc.googleusercontent.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.101.111.156 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-156.deploy.static.akamaitechnologies.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20eb:f000:16:4ed5:12c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.mczbf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.65.39.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-36.ams1.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 165.227.198.72 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: metrics.production.nyc1.002

rbv9j7km.firstleaf.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)

files1.cybba.solutions	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:236e:8c00:d:87ae:bb80:21 (United States)

ASN16509 (AMAZON-02, US)

d2rp1k1dldbai6.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.172.103.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-172-103-101.fra60.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:d383 (United States)

ASN13335 (CLOUDFLARENET, US)

www.lightboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com

rs.fullstory.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.197.61.175 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

app.cybba.solutions	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)

penrosehill.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f16:ebf:1f02:523f:9ec2:fef8:984a (Columbus, United States)

ASN16509 (AMAZON-02, US)

fbapi.firstleaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.2.184 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.65.39.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-39-29.ams1.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 35.204.74.118 (Groningen, Netherlands) 17 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:8000:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:5164:8407:81ce:65ea (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.158.59.121 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-59-121.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.123.78.215 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-78-215.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:8eee:: (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.254.47 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.70.157.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-70-157-54.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.246.169.24 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-169-24.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.42.245 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-42-245.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.106.185 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-106-185.eu-west-1.compute.amazonaws.com

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.132 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.20 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 16.182.71.201 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

addshoppers.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.54.17 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 17.54.190.35.bc.googleusercontent.com

shopper.shop.pe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.83.128.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: a954c1fc80b8251dc.awsglobalaccelerator.com

nytrng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.214.101.0 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-101-0.compute-1.amazonaws.com

b0vbfk2zr6.execute-api.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.36.54 (United States)

ASN15169 (GOOGLE, US)

us-central1-adaptive-growth.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (None, )

ASN- ()

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c02::9b (None, )

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	firstleaf.com www.firstleaf.com images.firstleaf.com rbv9j7km.firstleaf.com fbapi.firstleaf.com api.firstleaf.com ct.firstleaf.com	3 MB
24	simpli.fi 17 redirects tag.simpli.fi — Cisco Umbrella Rank: 4639 i.simpli.fi — Cisco Umbrella Rank: 3809 um.simpli.fi — Cisco Umbrella Rank: 870	11 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 312	168 KB
7	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 2248 ekr.zdassets.com — Cisco Umbrella Rank: 2556	362 KB
7	shop.pe 1 redirects shop.pe — Cisco Umbrella Rank: 12157 shopper.shop.pe — Cisco Umbrella Rank: 14997 app.shop.pe — Cisco Umbrella Rank: 14169	11 KB
6	doubleclick.net 1 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 272 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 stats.g.doubleclick.net	1 KB
6	fullstory.com edge.fullstory.com — Cisco Umbrella Rank: 2197 rs.fullstory.com — Cisco Umbrella Rank: 2240	77 KB
5	cybba.solutions files1.cybba.solutions — Cisco Umbrella Rank: 40733 app.cybba.solutions — Cisco Umbrella Rank: 40839	29 KB
4	cloudfront.net d2mjzob2nc713b.cloudfront.net d2rp1k1dldbai6.cloudfront.net	75 KB
4	bing.com bat.bing.com — Cisco Umbrella Rank: 345	14 KB
3	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	3 KB
3	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com	303 B
3	cloudfunctions.net us-central1-adaptive-growth.cloudfunctions.net — Cisco Umbrella Rank: 3535	164 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	304 KB
2	amazonaws.com addshoppers.s3.amazonaws.com — Cisco Umbrella Rank: 18043 b0vbfk2zr6.execute-api.us-east-1.amazonaws.com — Cisco Umbrella Rank: 115989	3 KB
2	google.de www.google.de — Cisco Umbrella Rank: 7810	127 B
2	exelator.com 1 redirects loadm.exelator.com — Cisco Umbrella Rank: 1990	2 KB
2	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 2568	914 B
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 546 d.agkn.com — Cisco Umbrella Rank: 758	1 KB
2	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 493	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 539	712 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	21 KB
2	cloudflare.com 1 redirects challenges.cloudflare.com — Cisco Umbrella Rank: 4500	14 KB
2	lightboxcdn.com www.lightboxcdn.com — Cisco Umbrella Rank: 5764	2 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1370 insight.adsrvr.org — Cisco Umbrella Rank: 691	4 KB
2	stripe.com js.stripe.com — Cisco Umbrella Rank: 1088	148 KB
2	mczbf.com www.mczbf.com — Cisco Umbrella Rank: 6034	15 KB
2	trkn.us 1 redirects trkn.us — Cisco Umbrella Rank: 2455	1 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 183	153 KB
1	nytrng.com nytrng.com — Cisco Umbrella Rank: 10126
1	safeopt.com manage.safeopt.com — Cisco Umbrella Rank: 20936	833 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 527	273 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 404	239 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 126	23 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 456	98 B
1	lijit.com ce.lijit.com — Cisco Umbrella Rank: 891	223 B
1	crwdcntrl.net bcp.crwdcntrl.net — Cisco Umbrella Rank: 983	266 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 931	478 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 1605	421 B
1	tremorhub.com simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6505	175 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 413	140 B
1	unrulymedia.com sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1260	378 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 653	237 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	274 B
1	zendesk.com penrosehill.zendesk.com	1 KB
1	ip-api.com pro.ip-api.com — Cisco Umbrella Rank: 6182	427 B
1	firstleaf.club rbv9j7km.firstleaf.club	409 B
1	sentry.io sentry.io — Cisco Umbrella Rank: 158	324 B
1	rtb123.com www.rtb123.com — Cisco Umbrella Rank: 29517	5 KB
1	pdst.fm cdn.pdst.fm — Cisco Umbrella Rank: 3462	6 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 533	295 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 804	7 KB
1	typography.com 1 redirects cloud.typography.com — Cisco Umbrella Rank: 7973	441 B
1	lot18.com 1 redirects lot18.com	259 B
0	intentiq.com Failed sync.intentiq.com Failed
176	55

	Domain	Requested by
58	www.firstleaf.com	www.firstleaf.com
22	um.simpli.fi	17 redirects
11	cdn.cookielaw.org	www.firstleaf.com cdn.cookielaw.org
6	static.zdassets.com	www.googletagmanager.com static.zdassets.com
4	app.cybba.solutions	files1.cybba.solutions
4	bat.bing.com	www.googletagmanager.com bat.bing.com www.firstleaf.com
4	rbv9j7km.firstleaf.com	www.firstleaf.com rbv9j7km.firstleaf.com
3	app.shop.pe	www.firstleaf.com
3	ib.adnxs.com	1 redirects edge.fullstory.com
3	api.firstleaf.com	www.firstleaf.com
3	rs.fullstory.com	www.firstleaf.com
3	us-central1-adaptive-growth.cloudfunctions.net	www.firstleaf.com edge.fullstory.com
3	d2mjzob2nc713b.cloudfront.net	www.firstleaf.com shop.pe
3	shop.pe	1 redirects d2mjzob2nc713b.cloudfront.net
3	edge.fullstory.com	www.firstleaf.com edge.fullstory.com
3	www.googletagmanager.com	www.firstleaf.com www.googletagmanager.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.firstleaf.com
2	www.google.de
2	www.google.com	2 redirects
2	googleads.g.doubleclick.net	1 redirects
2	loadm.exelator.com	1 redirects
2	cm.g.doubleclick.net
2	fei.pro-market.net	2 redirects
2	pixel.tapad.com	1 redirects
2	sync.1rx.io	2 redirects
2	ct.firstleaf.com	www.firstleaf.com
2	www.google-analytics.com	www.googletagmanager.com www.firstleaf.com
2	challenges.cloudflare.com	1 redirects www.firstleaf.com
2	www.lightboxcdn.com	www.firstleaf.com
2	js.stripe.com	www.firstleaf.com js.stripe.com
2	www.mczbf.com	www.firstleaf.com
2	trkn.us	1 redirects www.firstleaf.com
2	connect.facebook.net	www.firstleaf.com connect.facebook.net
1	region1.analytics.google.com	www.googletagmanager.com
1	b0vbfk2zr6.execute-api.us-east-1.amazonaws.com	www.firstleaf.com
1	nytrng.com	d2mjzob2nc713b.cloudfront.net
1	manage.safeopt.com	www.firstleaf.com
1	shopper.shop.pe	shop.pe
1	addshoppers.s3.amazonaws.com	d2mjzob2nc713b.cloudfront.net
1	us-u.openx.net
1	pixel.rubiconproject.com
1	www.googleadservices.com	1 redirects
1	idsync.rlcdn.com
1	ce.lijit.com
1	bcp.crwdcntrl.net
1	stags.bluekai.com
1	sync.bfmio.com
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com
1	eb2.3lift.com
1	sync.targeting.unrulymedia.com
1	s.ad.smaato.net
1	insight.adsrvr.org	js.adsrvr.org
1	i.simpli.fi	tag.simpli.fi
1	www.facebook.com	www.firstleaf.com
1	fbapi.firstleaf.com	www.firstleaf.com
1	penrosehill.zendesk.com	static.zdassets.com
1	pro.ip-api.com	www.firstleaf.com
1	js.adsrvr.org	www.rtb123.com
1	d2rp1k1dldbai6.cloudfront.net	www.rtb123.com
1	files1.cybba.solutions	www.rtb123.com
1	rbv9j7km.firstleaf.club	rbv9j7km.firstleaf.com
1	sentry.io	www.firstleaf.com
1	ekr.zdassets.com	www.firstleaf.com
1	tag.simpli.fi	www.googletagmanager.com
1	www.rtb123.com	www.firstleaf.com
1	cdn.pdst.fm	www.firstleaf.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	images.firstleaf.com	www.firstleaf.com
1	static.cloudflareinsights.com	www.firstleaf.com
1	cloud.typography.com	1 redirects
1	lot18.com	1 redirects
0	sync.intentiq.com Failed
176	74

This site contains links to these domains. Also see Links.

Domain
help.firstleaf.com
apply.workable.com
apps.apple.com
play.google.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
firstleaf.com GTS CA 1P5	`2024-04-25` - `2024-07-24`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
.getrockerbox.com .getrockerbox.com	`2019-06-06` - `2049-05-29`	30 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-18` - `2024-05-18`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-05-01` - `2024-06-27`	2 months	crt.sh
cdn.pdst.fm GTS CA 1D4	`2024-03-19` - `2024-06-17`	3 months	crt.sh
edge.fullstory.com GTS CA 1D4	`2024-05-03` - `2024-08-01`	3 months	crt.sh
rtb123.com R3	`2024-04-29` - `2024-07-28`	3 months	crt.sh
*.simpli.fi DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-12-07`	a year	crt.sh
zdassets.com E1	`2024-05-01` - `2024-07-30`	3 months	crt.sh
www.mczbf.com Amazon RSA 2048 M03	`2024-04-20` - `2025-05-19`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-03-27` - `2024-06-27`	3 months	crt.sh
misc.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2024-09-07`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
files1.cybba.solutions R3	`2024-04-14` - `2024-07-13`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
lightboxcdn.com Cloudflare Inc ECC CA-3	`2023-10-09` - `2024-10-08`	a year	crt.sh
rs.fullstory.com GTS CA 1D4	`2024-05-02` - `2024-07-31`	3 months	crt.sh
*.cybba.solutions Sectigo RSA Domain Validation Secure Server CA	`2023-08-08` - `2024-06-17`	10 months	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-21` - `2025-01-20`	a year	crt.sh
penrosehill.zendesk.com E1	`2024-03-16` - `2024-06-14`	3 months	crt.sh
fbapi.firstleaf.com Amazon RSA 2048 M01	`2023-06-20` - `2024-07-18`	a year	crt.sh
*.shop.pe RapidSSL TLS RSA CA G1	`2023-07-13` - `2024-07-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-03`	9 months	crt.sh
*.safeopt.com GlobeSSL DV CA	`2023-05-23` - `2024-06-14`	a year	crt.sh
nytrng.com Amazon RSA 2048 M03	`2024-02-23` - `2025-03-23`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.execute-api.us-east-1.amazonaws.com Amazon RSA 2048 M02	`2024-04-22` - `2025-05-20`	a year	crt.sh
*.google.de GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.firstleaf.com/?utm_source=lot18
Frame ID: 0DC83CCAB61638CCC65979ADA79AC216
Requests: 219 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1220b2e.js
Frame ID: 7D842CF0328F64059A3621A6F2B38413
Requests: 6 HTTP requests in this frame

Frame: https://edge.fullstory.com/s/fs.js
Frame ID: 291E5B39C6FFBB480EF27D45AD778717
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 5D2F6B59129515DCDE2645CEACDEE666
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=l7cyjy0&ref=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&upid=hm2fj8w&upv=1.1.0
Frame ID: F92764504CF08761881D8299FC68776A
Requests: 1 HTTP requests in this frame

Frame: https://nytrng.com/iframe?vcp=4dd5h0np&as_id=11fb4566d4c24b5abccd6745a0c38c01
Frame ID: 237EFC7DE92898E437D76C16376FAFCF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

America's #1 Awarded Wine Club Subscription - Firstleaf

Page URL History Show full URLs

http://lot18.com/ HTTP 307
https://lot18.com/ HTTP 307
http://lot18.com/ HTTP 302
https://www.firstleaf.com/?utm_source=lot18 Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

176
Requests

84 %
HTTPS

31 %
IPv6

55
Domains

74
Subdomains

62
IPs

6
Countries

4441 kB
Transfer

15767 kB
Size

57
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://help.firstleaf.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

URL: https://apply.workable.com/firstleaf/
Title: Careers

Search URL Search Domain Scan URL

URL: https://help.firstleaf.com/hc/en-us/sections/360004728873-Shipping-Delivery
Title: Shipping

Search URL Search Domain Scan URL

URL: https://apps.apple.com/app/6449933795
Title: <picture><source type="image/webp" srcSet="/static/0c1319a5c4fac32586a58822c813ff66/26fa5/app_store.webp 85w, /static/0c1319a5c4fac32586a58822c813ff66/a7134/app_store.webp 170w, /static/0c1319a5c4fac32586a58822c813ff66/b5934/app_store.webp 339w" sizes="(min-width: 339px) 339px, 100vw"/><img width="339" height="138" data-main-image="" style="object-fit:cover;opacity:1" sizes="(min-width: 339px) 339px, 100vw" decoding="async" loading="lazy" src="/static/0c1319a5c4fac32586a58822c813ff66/ddfdb/app_store.png" srcSet="/static/0c1319a5c4fac32586a58822c813ff66/14368/app_store.png 85w, /static/0c1319a5c4fac32586a58822c813ff66/4eedb/app_store.png 170w, /static/0c1319a5c4fac32586a58822c813ff66/ddfdb/app_store.png 339w" alt="App Store image"/></picture>

Search URL Search Domain Scan URL

URL: http://play.google.com/store/apps/details?id=com.firstleaf
Title: <picture><source type="image/webp" srcSet="/static/643138a8cf22e49297e7f623d0b627d0/d3a4b/google_play.webp 101w, /static/643138a8cf22e49297e7f623d0b627d0/a7e87/google_play.webp 203w, /static/643138a8cf22e49297e7f623d0b627d0/08bd6/google_play.webp 405w" sizes="(min-width: 405px) 405px, 100vw"/><img width="405" height="138" data-main-image="" style="object-fit:cover;opacity:1" sizes="(min-width: 405px) 405px, 100vw" decoding="async" loading="lazy" src="/static/643138a8cf22e49297e7f623d0b627d0/cc3cd/google_play.png" srcSet="/static/643138a8cf22e49297e7f623d0b627d0/cd98b/google_play.png 101w, /static/643138a8cf22e49297e7f623d0b627d0/901cf/google_play.png 203w, /static/643138a8cf22e49297e7f623d0b627d0/cc3cd/google_play.png 405w" alt="Google Play Store image"/></picture>

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lot18.com/ HTTP 307
https://lot18.com/ HTTP 307
http://lot18.com/ HTTP 302
https://www.firstleaf.com/?utm_source=lot18 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://cloud.typography.com/7410416/6307592/css/fonts.css HTTP 302
https://www.firstleaf.com/fonts/863556/14C15B4DD1F268EF7.css

Request Chain 57

https://shop.pe/widget/widget_async.js HTTP 301
https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js

Request Chain 61

https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1390492721 HTTP 302
https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1390492721;ip=217.114.218.29;cuidchk=1

Request Chain 139

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onTurnstileLoad HTTP 302
https://challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js

Request Chain 173

https://um.simpli.fi/smaato HTTP 302
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=56DF409606C14FB68B386DBAF1949BE3

Request Chain 174

https://um.simpli.fi/nexxen HTTP 302
https://sync.1rx.io/usersync/simplifi/56DF409606C14FB68B386DBAF1949BE3 HTTP 302
https://sync.1rx.io/usersync/simplifi/56DF409606C14FB68B386DBAF1949BE3?zcc=1&cb=1715422863886 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-8a1e7395-aa3f-4ab9-9fbe-ef3be44cdc59-003

Request Chain 175

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=56DF409606C14FB68B386DBAF1949BE3&dongle=yf3

Request Chain 176

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=56DF409606C14FB68B386DBAF1949BE3

Request Chain 177

https://um.simpli.fi/tapad HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=56DF409606C14FB68B386DBAF1949BE3 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=56DF409606C14FB68B386DBAF1949BE3

Request Chain 178

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=56DF409606C14FB68B386DBAF1949BE3 HTTP 302
https://d.agkn.com/pixel/10751/?che=1715422863866&ip=217.114.218.29&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D217273104879001114375 HTTP 302
https://um.simpli.fi/aa_px?sk=217273104879001114375 HTTP 302
https://um.simpli.fi/empty.gif

Request Chain 179

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=56DF409606C14FB68B386DBAF1949BE3

Request Chain 182

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=56DF409606C14FB68B386DBAF1949BE3;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=56DF409606C14FB68B386DBAF1949BE3;mimetype=img;sr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NDg3NzQ3NDYxMjI4MDcwNzYxNw==

Request Chain 183

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=56DF409606C14FB68B386DBAF1949BE3&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=56DF409606C14FB68B386DBAF1949BE3&j=0&xl8blockcheck=1

Request Chain 185

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=56DF409606C14FB68B386DBAF1949BE3

Request Chain 186

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=56DF409606C14FB68B386DBAF1949BE3

Request Chain 187

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=56DF409606C14FB68B386DBAF1949BE3

Request Chain 188

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=56DF409606C14FB68B386DBAF1949BE3

Request Chain 189

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=56DF409606C14FB68B386DBAF1949BE3

Request Chain 190

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1715422863648&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI4-65k7CFhgMVWkUdCR3iUQWEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6Gmh0dHBzOi8vd3d3LmZpcnN0bGVhZi5jb20v HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI4-65k7CFhgMVWkUdCR3iUQWEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6Gmh0dHBzOi8vd3d3LmZpcnN0bGVhZi5jb20v&is_vtc=1&cid=CAQSGwB7FLtqtYq3_DjMO6iF45w01s0VseJ-TWPoVQ&random=838564781 HTTP 302
https://www.google.de/pagead/1p-conversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI4-65k7CFhgMVWkUdCR3iUQWEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6Gmh0dHBzOi8vd3d3LmZpcnN0bGVhZi5jb20v&is_vtc=1&cid=CAQSGwB7FLtqtYq3_DjMO6iF45w01s0VseJ-TWPoVQ&random=838564781&ipr=y

Request Chain 192

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=56DF409606C14FB68B386DBAF1949BE3 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D56DF409606C14FB68B386DBAF1949BE3

Request Chain 193

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=56DF409606C14FB68B386DBAF1949BE3&expires=365

Request Chain 194

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=56DF409606C14FB68B386DBAF1949BE3

Request Chain 225

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3l2l5&rnd=2133474707.1715422869&url=https%3A%2F%2Fwww.firstleaf.com%2F&dma_cps=sypham&dma=1&npa=1&gtm=45He4580n71TKCVNWv71863389za200&auid=63613877.1715422869 HTTP 302
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3l2l5&rnd=2133474707.1715422869&url=https%3A%2F%2Fwww.firstleaf.com%2F&dma_cps=sypham&dma=1&npa=1&gtm=45He4580n71TKCVNWv71863389za200&auid=63613877.1715422869

176 HTTP transactions
56 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.firstleaf.com/
Redirect Chain

http://lot18.com/
https://lot18.com/
http://lot18.com/
https://www.firstleaf.com/?utm_source=lot18

2 MB
296 KB

586ms
500ms

Document
text/html

2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24acf6c7aba42dd5b78b0e5f5a9188bd4bba25f783278eaa930395583693b6ba

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 88217093199e9006-FRA
content-encoding: gzip
content-type: text/html
date: Sat, 11 May 2024 10:21:01 GMT
last-modified: Sat, 11 May 2024 08:12:38 GMT
server: cloudflare
vary: Accept-Encoding
via: 1.1 1eee8db55908814c8f0cde754e3bee5a.cloudfront.net (CloudFront)
x-amz-cf-id: t-PnKjga9SxPsflt3p2e96DS-4nDbjqQ6on6bRbwcap05q8XNwZX0w==
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront

Redirect headers

Connection: keep-alive
Content-Length: 66
Content-Type: text/html; charset=utf-8
Date: Sat, 11 May 2024 10:21:01 GMT
Location: https://www.firstleaf.com/?utm_source=lot18
Server: namecheap-nginx
X-Served-By: Namecheap URL Forward

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 101ms
45ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a2f825beb3b540a044cdb0515177c34497aa2ce92e335bf1498fa42bb5baf88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Dw6K+rTuf8kOuPIEBw1QQA==
age: 49288
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6881
x-ms-lease-status: unlocked
last-modified: Thu, 09 May 2024 19:31:27 GMT
server: cloudflare
etag: 0x8DC705E9ED21249
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 50cd5284-b01e-0012-5cf4-a27575000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 882170969a543605-FRA

GET
H2

200

14C15B4DD1F268EF7.css
www.firstleaf.com/fonts/863556/
Redirect Chain

https://cloud.typography.com/7410416/6307592/css/fonts.css
https://www.firstleaf.com/fonts/863556/14C15B4DD1F268EF7.css

251 KB
188 KB

59ms
58ms

Stylesheet
text/css

2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/fonts/863556/14C15B4DD1F268EF7.css
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 122604dbe0e33b2a80cff78e90bd1aefe742828d19a66b357bde8c250035ca33

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
via: 1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
last-modified: Tue, 13 Jun 2023 18:04:53 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
etag: W/"01b0c035e870e010817990f18af07eeb"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=14400
cf-ray: 8821709cabe79006-FRA
x-amz-cf-id: c0lvZkH_6PxrW3CTMl-bxpewcBmltqu-Ihdj2OBkuU-zSP4fecqqFQ==

Redirect headers

Date: Sat, 11 May 2024 10:21:02 GMT
Last-Modified: Tue, 13 Jun 2023 18:10:29 GMT
Server: AkamaiNetStorage
X-HCo-pid: 16
ETag: "9a52622c3b0b353cd052a5e4518bd213:1686679828.962264"
Content-Type: text/html
Location: https://www.firstleaf.com/fonts/863556/14C15B4DD1F268EF7.css
Cache-Control: must-revalidate, private
Connection: keep-alive
Content-Length: 154
Expires: Sat, 11 May 2024 10:21:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 392 KB
115 KB 182ms
131ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW&gtm_auth=1BfIqc--iU-7Fmd2boouvg&gtm_preview=env-1&gtm_cookies_win=x

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0e7d6b393a4f9c8707f239263e7e146671ed8892b9a36cb32431fba53bc8946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:01 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 117647
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 90pts-15e4ebaa7e7b9b01d8b91feb293cd430.png
www.firstleaf.com/static/ 14 KB
14 KB 42ms
41ms Image
image/png 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/90pts-15e4ebaa7e7b9b01d8b91feb293cd430.png
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29096421d65f89dbc13eae16c384c9740d9501763d3e205b640ec6c8ec9ddead

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:01 GMT
via: 1.1 7b85fc567b776c0d31c5ac07cc6c2ae6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-P8
age: 60979
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 14042
last-modified: Wed, 24 Aug 2022 12:51:54 GMT
server: cloudflare
etag: "f9402bea176c89b78d9e749da3df939b"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 882170968d449006-FRA
x-amz-cf-id: eRUjsX4ocLmOzU6qIMOMEFogxgcL24OU9gjEuTJTTPejHabRLmytCg==

GET
H2 200 email-decode.min.js Show response
www.firstleaf.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
848 B 23ms
22ms Script
application/javascript 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstleaf.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 08 May 2024 09:31:53 GMT
server: cloudflare
etag: W/"663b4689-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 882170968d459006-FRA
expires: Mon, 13 May 2024 10:21:01 GMT

GET
H2 200 app-2928ab446c328d4b8660.js Show response
www.firstleaf.com/ 6 MB
2 MB 118ms
117ms Script
application/javascript 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 662a72ac2db3a6272b96390ddd783475c2fc847d9e5d714b7c6c6bed7be18093

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
via: 1.1 b8455bc5c5405f573b6e4da5524ee9e2.cloudfront.net (CloudFront)
cf-cache-status: MISS
last-modified: Sat, 11 May 2024 08:12:36 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
etag: W/"fd5a33ee0337874c8bbd6ed830ddab5e-2"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 882170975e159006-FRA
x-amz-cf-id: udIIblstP24PGX2SUkhTcAXibwqSnG8unPMy1TciBKWSXcD6zpxZMw==

GET
H2 200 framework-a08bc9de2f7ae97b3053.js Show response
www.firstleaf.com/ 146 KB
46 KB 116ms
115ms Script
application/javascript 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/framework-a08bc9de2f7ae97b3053.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 292105f3e2b9986f0cd0ccdbd5e7b6c77ac28631b7177931cc503b6a131a9496

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:01 GMT
content-encoding: gzip
via: 1.1 74cd4e6bd806cc7209ac94e0173f5ac8.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-P8
age: 586730
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 04 May 2024 08:16:28 GMT
server: cloudflare
etag: W/"fc7b78db7bf9648a0640f7723a6613ce"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 882170975e169006-FRA
x-amz-cf-id: it1IvYy9E3lrATZqpdAOqVl90wjT2gAQNN13eMyWcYTLs1Cl4HzX5g==

GET
H2 200 webpack-runtime-f525e7a8a4a781acd402.js Show response
www.firstleaf.com/ 4 KB
2 KB 117ms
116ms Script
application/javascript 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/webpack-runtime-f525e7a8a4a781acd402.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 335db6f7e7fe937fe6970c770d18c5c962039ac12a4bb9c375ce50cb4886a892

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:01 GMT
content-encoding: gzip
via: 1.1 0befec97ec8a388fe199ea682db0cdc0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: CDG50-P4
age: 72976
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 10 May 2024 13:52:26 GMT
server: cloudflare
etag: W/"46a34b83719c77e9d4dd215ae8df1a77"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 882170975e189006-FRA
x-amz-cf-id: 3mvQD0VpQ_ekadf5EE3bTxlDSj5v8bKz6QqJSb6DH0HDNhDIPAERfg==

GET
H2 200 vedd3670a3b1c4e178fdfb0cc912d969e1713874337387 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 240ms
108ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vedd3670a3b1c4e178fdfb0cc912d969e1713874337387
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
last-modified: Mon, 06 May 2024 19:01:13 GMT
server: cloudflare
etag: W/"2024.4.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 882170982d8d371f-FRA

GET
H2 200 d59f7da2-0cea-4d7b-9f00-32f1d3392306.json Show response
cdn.cookielaw.org/consent/d59f7da2-0cea-4d7b-9f00-32f1d3392306/ 5 KB
2 KB 190ms
146ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/d59f7da2-0cea-4d7b-9f00-32f1d3392306/d59f7da2-0cea-4d7b-9f00-32f1d3392306.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5079c2044ec67bf73a5e412ccd6a94937df21a933b67aa05537651d828b08688

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: VUgUDxTIPqfnxbrARuTO+A==
content-length: 1814
x-ms-lease-status: unlocked
last-modified: Tue, 20 Feb 2024 20:31:55 GMT
server: cloudflare
etag: 0x8DC3252FAC58192
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: fe39f0cf-301e-00a2-413b-64039a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 882170972d045c38-FRA
expires: Sun, 12 May 2024 10:21:02 GMT

GET
H2 200 sp-at-v2-14-0.js Show response
images.firstleaf.com/js/ 98 KB
30 KB 120ms
104ms Script
application/javascript 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://images.firstleaf.com/js/sp-at-v2-14-0.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50cf303cfaa020fcbedd6ad1bf045a008cbb88dfc792f731f07235dd1ca13599

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
via: 1.1 6641a812839e5267ee0880e96b41efc4.cloudfront.net (CloudFront)
cf-cache-status: HIT
last-modified: Mon, 27 Jul 2020 04:28:00 GMT
server: cloudflare
x-amz-cf-pop: FRA60-P9
age: 6991
etag: W/"8dba669b94e3865c9205ef8fd15ee4d1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=5356800
cf-ray: 882170976e2d9006-FRA
x-amz-cf-id: E5f_jVW7_IzxXodrIaRrWsu-BXV0Hxrqu-uU4iiVNxhwZsYksuh_1A==

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db72946d7e5de9f5eedf02409003a70621fb312a412b20ad7101dce429f4c660

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 53eaf9466a795a087255c7e4a310819a511548dfc5220d962b2e9bb17f879a38

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 629 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3bcc757a74075b4ec306f3edcb47a085c32d371d2358d8ab3712158a9ecc6a8d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0957d3f57a55721932bb9108206408cf1ab73cb07b68c906b0bae5b33d6c86da

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 370 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 265ee206b3bbec34580c9ccd3d5c99b07aab46a6979b8b6c6d8ad7795ec8d29c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34d47e495f9f683e26f67a8757fdd6053f8a9bc1d95d1ffe1c69358567105a44

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 613 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76390c8f01397fe473dd1a9689e94caea2a001592c7b71bc85410c388078d304

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1cef3c9f2d582f913f12a16fe304c7d64bd80739793a9bf8d7d8978c311e294

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 304 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 752b0df67450b460c6070644d74502a5ee3bf5f7681cde08b88b9a565ea7d900

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75abe68aefa57c71e32c2a41bc8d4e55918f581d76029cd09184f4a686e16885

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef7c3ec15e1e423c22bab123027bd62ff8d14d0905051478fd115c3fcf482d56

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 320 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df4915a52982babc1ba87778cb1c1d68184fee5fe5d8133daf63ee37916d6b4e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 381 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84202b70bdd60a2d4d292c955cb907a98ff6c96939d043aa3aeb73cddb7ff14a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98b1cfc36a0f3d40f2e7750ec4c544c44148745f86a584b49f4a73eb615be70e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb90630563e30e234ad66a39f4fe11f207a37232dd0b8de2e045299a41166a4b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 12a71a8d2d1307f74607a807ceb66a66f427a11d65538021190b620efcb0bb3e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49e44366a56a91fd7870e6427b68d01a63cf56679eb0d5406542b6244bb379fb

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1045430f393626478daa15a99c433956371eb7363b26a5239f721f014ba52fa0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 258d39625e15cbce053f80b72dc2f7ca999fc5a6943fb10e75e3cb2126be996e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 248545e3f805a6f3ff979c55e0e3951a2fa6f1018529b99f291e93c7a803ee1d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 631 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3235f2fbf9e2142357ed4a2a96e684976b5c0928dfe3419edde88e9b030678f9

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b5bb6b017ac0ac368ddddd713df7f918eeb1d86fbe3ef7895f040f170b15699

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 671 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4eb1ca83acf3409e1a0553e0d84cec3787630361ec5668dd1dde93860f3bc357

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5e3256799bc9eb6a1ad57001ad69b0946e4532d103092dd0557c02d84e6b4a7

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 492 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 623c33b9ef9f3871f596b2f721d622b8c4a530b147cc6a9ec2e405f89fe68f7a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d5ac92cc9565d62cd713fe2d946793ffb805012b57f610830403afb67907030

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 568 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02d0cddb81ecbfffffc3b2eba469a45372e7cc0244222faa422b502b3046a509

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e092bea366a94333d8ec48137987e2df19f61288f6e073032b2a8bdde6264d6a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 logged-out-hero-landscape.webp
www.firstleaf.com/static/7a548a9ecc6bdd3bea4930ec0c2a1104/abe93/ 89 KB
90 KB 91ms
89ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/7a548a9ecc6bdd3bea4930ec0c2a1104/abe93/logged-out-hero-landscape.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 40f79fdc21e779237795d76946072a423c435cc04a00aab38b6181962f88171c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 de9b04903710e9099bfc75aaf59c8eda.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: VIE50-C2
age: 60977
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 91440
last-modified: Thu, 08 Feb 2024 16:12:22 GMT
server: cloudflare
etag: "74ebe192501debe16162377bfb155d23"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fedb9006-FRA
x-amz-cf-id: htSYj3HiRIIUYV_oz7tyeYWBIFs2S186cCPpUYuYnHM4DJ9P_Tq5mA==

GET
H2 200 delish-logo.webp
www.firstleaf.com/static/099f203950f76a6b78aa045527551a6b/316c5/ 5 KB
5 KB 97ms
95ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/099f203950f76a6b78aa045527551a6b/316c5/delish-logo.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fef107653c701e27e261629b2811d42812092e1a84dd37cf78505f2fc8b9263

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 5d650f4d20204610aaf075ff8f6494c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: VIE50-C2
age: 60977
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5296
last-modified: Wed, 24 Aug 2022 12:51:45 GMT
server: cloudflare
etag: "6635b416d10084f4b359d8540323ee89"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fedd9006-FRA
x-amz-cf-id: M1qsjXYyBP_WG0g6kTM7mCKa6tn36CMriGZqm7pOn_5lNtcCiUY1HA==

GET
H2 200 et-logo.webp
www.firstleaf.com/static/f5ab334bcff67d57ad02724d710d65c5/fdda5/ 2 KB
3 KB 90ms
88ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/f5ab334bcff67d57ad02724d710d65c5/fdda5/et-logo.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2b3af7627754fb77e81a93ea2f16b79b2031053d89874185cae2c56a483d08c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 c3919dfed58c39e6da91faec1344110c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: AMS58-P3
age: 60978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2556
last-modified: Wed, 24 Aug 2022 12:52:01 GMT
server: cloudflare
etag: "accddb4eea8a3c48a125329a5bd884d7"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fee09006-FRA
x-amz-cf-id: WCFHqbwL-e8yWqPE794jpFfM4orX-8IECbKIo19QOCLspbDTN1XyCg==

GET
H2 200 refinery-logo.webp
www.firstleaf.com/static/225ee55e4cf2354368ab0e4c6852b77d/7916f/ 9 KB
10 KB 96ms
94ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/225ee55e4cf2354368ab0e4c6852b77d/7916f/refinery-logo.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 205c86a65825a5cae580606dc8db260aba5150e8e664ce82429210373dc55500

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 3ab47e7bb911be04b665845f18319950.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: AMS58-P3
age: 1293730
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 9686
last-modified: Wed, 24 Aug 2022 12:51:48 GMT
server: cloudflare
etag: "a0edff43f8f9820869016fff9c1a9a3c"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fee19006-FRA
x-amz-cf-id: lPIymFraOsxfLZ-uDPeNzz5FdcU2gJEgbX-CBfYDdV0HnAEs2qEmYw==

GET
H2 200 gq-logo.webp
www.firstleaf.com/static/5ec02f8cf7724ed8f47fb54cf9ef4615/2dd6f/ 3 KB
4 KB 104ms
102ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/5ec02f8cf7724ed8f47fb54cf9ef4615/2dd6f/gq-logo.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1415968c3140de6e284d1cfb23dea33007c6a6d330266e79285435391c5eb6ea

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 852513de831fa3235a0fcf6b4f0116c4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: AMS58-P3
age: 60978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3406
last-modified: Wed, 24 Aug 2022 12:51:51 GMT
server: cloudflare
etag: "ea5cc5225df2bdbb32b7a3af8e073f65"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fee39006-FRA
x-amz-cf-id: xmO7VcuRUxk9gGJKX6FoobGU7yutKSnE5g23gD_xaYEGC3-jen179A==

GET
H2 200 vogue-logo.webp
www.firstleaf.com/static/09d59b0136674797911e344bd81bb44d/316c5/ 5 KB
5 KB 94ms
92ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/09d59b0136674797911e344bd81bb44d/316c5/vogue-logo.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daefedd2e398c22660777ab5ef9484f17e983582e7e37acf86eedc070939b5b1

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 2f194b62c8c43859cbf5af8e53a8d2a6.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA2-C2
age: 3546260
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5128
last-modified: Wed, 24 Aug 2022 12:51:45 GMT
server: cloudflare
etag: "cd9b8702000743983c55087bec7f8368"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fee49006-FRA
x-amz-cf-id: 2m4vdgLa5Af9-AeLs4Rd23E77hYcVg_6pQ49Unb8tEnmYB4EfnImBw==

GET
H2 200 paste-logo.webp
www.firstleaf.com/static/161ef690d899dd6a68ecc73f173bb621/316c5/ 5 KB
6 KB 93ms
92ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/161ef690d899dd6a68ecc73f173bb621/316c5/paste-logo.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0984caa842a2742f3271f93672d42f9710b94712e52e03afe8cc48cd508f30c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 0a3248cb2729105e64fb474faf90e3b2.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: AMS58-P3
age: 60978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 5554
last-modified: Wed, 24 Aug 2022 12:51:46 GMT
server: cloudflare
etag: "670421e827b7cbfe23cd872e5f62c362"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fee59006-FRA
x-amz-cf-id: _nrBaKdh9FrIZQRtfYNAQ2oGmPOqJUghFerE3Uywe-q9d1B-qGoG9w==

GET
H2 200 how-it-works2.webp
www.firstleaf.com/static/3b28ccc45b5e797669c9daddbc1e3c17/230e2/ 206 KB
207 KB 96ms
95ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/3b28ccc45b5e797669c9daddbc1e3c17/230e2/how-it-works2.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84d7a648ca04cccfc1f7353206a38dfb8e8d83917581b6e4aabbb32fdf96d7b4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 b038919df048ba1d1a170622840d275e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: AMS58-P3
age: 60978
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 211450
last-modified: Mon, 11 Sep 2023 15:36:33 GMT
server: cloudflare
etag: "892a48fc8555d05a705468590846d6b4"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fee79006-FRA
x-amz-cf-id: VEG_snsEsWuhSPUaKebsa0FaktV1Qm86B_HF6PpcMKB__H_rHxchHg==

GET
H2 200 wineprint-in-mobile.webp
www.firstleaf.com/static/27595ab20aadca9b305a6877dedd8de0/a8d6b/ 22 KB
22 KB 96ms
94ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/27595ab20aadca9b305a6877dedd8de0/a8d6b/wineprint-in-mobile.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62dbaef1df407eb482db1fc0216896a185b5fa38224df4c3bcb8ac5785277785

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 06d36e78e8dfd9468327f09115761a9e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA2-C2
age: 3546260
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 22690
last-modified: Mon, 11 Sep 2023 15:36:33 GMT
server: cloudflare
etag: "4ca1653d35f298be8a4317172979871c"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 88217097fee89006-FRA
x-amz-cf-id: WgQg_aBYH5f0HYxsRuarpY5izZYqE-wAYQ5hL1kao2bNcBXqGzqPog==

GET
H2 200 sat-guaranteed.webp
www.firstleaf.com/static/4a79346580b4706e22079e7252d5046c/8b621/ 35 KB
35 KB 96ms
95ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/4a79346580b4706e22079e7252d5046c/8b621/sat-guaranteed.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6f7f75ba1ead3c1ec7462a8b611d4134ea5e35a55548555ae8740e09e53eb25

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 71dbd5706c5b0c7b733248e1171f2d4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA2-C2
age: 3546260
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 35550
last-modified: Wed, 24 Aug 2022 12:51:50 GMT
server: cloudflare
etag: "cd6ee276c1e8d292afd03e3891f9b8a2"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 882170980f0e9006-FRA
x-amz-cf-id: 1WrndJRdfsgivdMUKqKdc6hbmdECJBKI-80fdtWFvO6RBRNjRHJ_Pw==

GET
H2 200 new-wines.webp
www.firstleaf.com/static/a1c3206251698ad6c2fe364e00bea160/83805/ 51 KB
51 KB 98ms
97ms Image
image/webp 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstleaf.com/static/a1c3206251698ad6c2fe364e00bea160/83805/new-wines.webp
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f3fcf5221eab4ec22a205ce0368fc823df1f7331a19358975166ae170978973

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 a4079c0a5989b4b7af98433fdd07f680.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-P8
age: 1293726
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 52056
last-modified: Tue, 04 Oct 2022 15:55:48 GMT
server: cloudflare
etag: "101e5f85d968afd3c0d4cbcab3491acb"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 882170980f189006-FRA
x-amz-cf-id: pSb0WKVSWl93jlwNYK2C0NNKlvhHZfkT9HwhCd3XVBkzgTuJJyoefg==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 127ms
63ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept: application/json
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 882170988fa29b4c-FRA
access-control-allow-headers: Content-Type

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 341 KB
105 KB 45ms
44ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-3TS4P88RE5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW&gtm_auth=1BfIqc--iU-7Fmd2boouvg&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6714895e889a86779f464234b552b36508a3ba18cc2b21d71469bea86e18a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107775
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 11 May 2024 10:21:02 GMT

GET
H/1.1 200
OK wxyz.cs.js Show response
rbv9j7km.firstleaf.com/assets/ 49 KB
11 KB 418ms
115ms Script
application/javascript 137.184.29.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://rbv9j7km.firstleaf.com/assets/wxyz.cs.js?rb_sync=rbv9j7km.firstleaf.club
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 137.184.29.70 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: metrics.production.nyc1.025
Software: openresty /
Resource Hash: caa21a65dd9e1df81a57e31bd7e5c336bf6de1d84912074baa5b85fa44744a4f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Content-Encoding: gzip
Server: openresty
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/javascript

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
59 KB 67ms
21ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 11 May 2024 10:21:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57845
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=12, mss=1294, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: mNrqw/VD6VRfX/9IEbl3UZlOGYRJavhMymX74h4ZrsH61QRYEX/+P7k0mj7MIRPyLgTrjiIGkP1P0aHDRYo3xw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 138ms
59ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW&gtm_auth=1BfIqc--iU-7Fmd2boouvg&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sat, 11 May 2024 10:21:01 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7838A77CD94546CEA5CA222FCC8F5658 Ref B: DUS30EDGE0310 Ref C: 2024-05-11T10:21:02Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 ping.min.js Show response
cdn.pdst.fm/ 26 KB
6 KB 80ms
23ms Script
application/javascript 35.244.142.80
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pdst.fm/ping.min.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.142.80 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 80.142.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:18:23 GMT
content-encoding: gzip
age: 159
x-guploader-uploadid: ABPtcPplMn_1IIF8cDvxg-IgvPitkjRSR5UmiBhgV6t9A80NhoYwKK0Jsf-2GelhaRzmK1nnSL7HfcBK5w
x-goog-storage-class: STANDARD
x-goog-metageneration: 4
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5774
last-modified: Fri, 28 May 2021 20:34:03 GMT
server: UploadServer
etag: "d001d1c9f5a942fa5524eeacb047e819"
vary: Accept-Encoding
x-goog-generation: 1622234043862937
x-goog-hash: crc32c=oKoi/w==, md5=0AHRyfWpQvpVJO6ssEfoGQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 5774
accept-ranges: bytes
content-type: application/javascript;
expires: Sat, 11 May 2024 11:18:23 GMT

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ 271 KB
74 KB 87ms
23ms Script
application/javascript 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 5b1eea2bfdf21be2bcdd47f818549ae4548c93d7e525de1d376581ce85f00878

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 09:50:41 GMT
content-encoding: br
age: 1821
x-guploader-uploadid: ABPtcPp7aTi3h34rPY1-wDAeP39Vg9Ve2-iMr_zfjSnXhrLsl_g6pEwIgWEWDzbD9e-yPEtYepk
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75003
last-modified: Thu, 09 May 2024 14:47:07 GMT
server: UploadServer
etag: "6c20d1208acd7791e17afdd940bb83df"
vary: Accept-Encoding
x-goog-generation: 1715266027371467
x-goog-hash: crc32c=V4tGfA==, md5=bCDRIIrNd5Hhev3ZQLuD3w==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 75003
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 11 May 2024 10:50:41 GMT

GET
H2

200

widget_async.js Show response
d2mjzob2nc713b.cloudfront.net/widget/
Redirect Chain

https://shop.pe/widget/widget_async.js
https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js

3 KB
2 KB

77ms
19ms

Script
application/javascript

2600:9000:26e8:6c00:d:370a:51c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Server: 2600:9000:26e8:6c00:d:370a:51c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa306b2eaface9d3b2303e20af58931bfcf09740e454aab7d43b9daafba2a30a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:19:54 GMT
content-encoding: gzip
via: 1.1 098a60d50e7e132c276fd27b94c6212c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
age: 69
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1193
last-modified: Tue, 07 May 2024 18:05:52 GMT
server: AmazonS3
etag: "f319b7e417245930605327b657bc18ab"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: NiGryCmSiQzLAFdC_iI6mSngztpPa4bnRy5F8iWCt6qo7HN6TH6B6A==
x-amz-meta-mtime: 1715105151.18

Redirect headers

date: Sat, 11 May 2024 10:21:02 GMT
content-security-policy: frame-ancestors none;
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
server: nginx
x-frame-options: deny
content-type: text/html
location: https://d2mjzob2nc713b.cloudfront.net/widget/widget_async.js
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 162

GET
H2 200 btp.js Show response
www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/ 5 KB
5 KB 431ms
135ms Script
application/javascript 67.225.220.126
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 67.225.220.126 , United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS: host.rtb123.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 0f88056ae93eb3934cd9cd312a9766a14afadf3cb20c1d2a07d8a8d5344e46bc

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-powered-by-plesk: PleskWin
date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
last-modified: Wed, 15 Nov 2023 18:43:00 GMT
server: Microsoft-IIS/10.0
etag: "ec2c288ff317da1:0"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 4813

GET
H2 200 4f1bd082-d454-42cb-bafd-026640e9800e Show response
tag.simpli.fi/sifitag/ 3 KB
2 KB 136ms
31ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/4f1bd082-d454-42cb-bafd-026640e9800e
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW&gtm_auth=1BfIqc--iU-7Fmd2boouvg&gtm_preview=env-1&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 645ab215148e00ab2ba3fdfc7caec9aa6d0cd5a672078f1d033a01e0f5a44864

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F85oAStg0wJdn2dB-DiC
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ 10 KB
5 KB 107ms
49ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=b253b5fa-0522-4fcb-b2f3-9056b25ec9b1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW&gtm_auth=1BfIqc--iU-7Fmd2boouvg&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
x-amz-version-id: sR7NItkX1i3nKckB5vEat7T2DUmPnRiJ
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: 16EJPM9K30XP37FF
age: 51
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: z1V/NuijnK7Md6R8xho26aVzAi5YWZpIy2l2KX04qLLf562XDGukX+pnpGWp4oLzz96OIYLMddM=
last-modified: Mon, 15 Jan 2024 02:56:11 GMT
server: cloudflare
etag: W/"c0053b411b753138af468db1bd3b19f3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdemcRKgDmiDCGRhhbrJUpy9NBHKZ1xswHcez%2FdE2tjmZ9bJ%2B6s9MnW%2FoysgSwSNh7ykBp%2FaRLUItdyEGWFJOF1CI5cytMabG07hjlpo748YY7DSp80vJ6XaPIBbZfAVNH92lAw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8821709919586904-FRA
access-control-allow-headers: *

GET
H/1.1

200
OK

ppt=18168;g=landing_page;gid=41654;ord=1390492721;ip=217.114.218.29;cuidchk=1
trkn.us/pixel/conv/
Redirect Chain

https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1390492721
https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1390492721;ip=217.114.218.29;cuidchk=1

42 B
721 B

26ms
26ms

Image
image/gif

95.101.111.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1390492721;ip=217.114.218.29;cuidchk=1

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

HTTP/1.1

Server

95.101.111.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-156.deploy.static.akamaitechnologies.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 11 May 2024 10:21:02 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: image/gif
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Location: /pixel/conv/ppt=18168;g=landing_page;gid=41654;ord=1390492721;ip=217.114.218.29;cuidchk=1
Date: Sat, 11 May 2024 10:21:02 GMT
X-Content-Type-Options: nosniff
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK tag.js Show response
www.mczbf.com/tags/11334/ 44 KB
14 KB 131ms
20ms Script
application/javascript 2600:9000:20eb:f000:16:4ed5:12c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mczbf.com/tags/11334/tag.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:f000:16:4ed5:12c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4c7e79f7fa59ac4052d04a76cc9edecc09d2ec7bd35f35ff751eb23a070478cd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:00:26 GMT
Content-Encoding: gzip
Via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
Server: nginx
X-Amz-Cf-Pop: FRA2-C1
Age: 1236
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=UTF-8
Cache-Control: max-age=1800
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
X-Amz-Cf-Id: vFzcwU1KrPRkRbvkPjzgSV-qXFftc5AtgH2qIIz6TqTd8VqbbQ-4Xw==
X-Request-ID: 4a9b875e-0f7d-11ef-9d88-870a17faf3fb

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/ 430 KB
105 KB 39ms
39ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6972c49e66fe3c5026a1a1e26a06c49995cec36fc522cb56461f5cf0b2b2978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ekgyiOgvSPjNzcyXVUS11Q==
age: 58804
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 106739
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:28 GMT
server: cloudflare
etag: 0x8DC3E996ED117D9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e31c6377-501e-009b-7f34-71f886000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 88217098ed413605-FRA

GET
H2 200 v3 Show response
js.stripe.com/ 604 KB
148 KB 181ms
38ms Script
text/javascript 18.65.39.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.65.39.36 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-65-39-36.ams1.r.cloudfront.net

Software

Cloudfront /

Resource Hash

104e1dd42b1a93041add9e8f020e9b05405d14ac722ef40a104617435f10bc6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:20:22 GMT
content-encoding: br
via: 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 57
x-amz-cf-pop: AMS1-P1
x-cache: Hit from cloudfront
last-modified: Fri, 10 May 2024 21:45:09 GMT
server: Cloudfront
etag: W/"fdfa847c5bfd3c26d57f421bc9809b3e"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: rqXu6_pCJwiV6YI0h2_-3AZUEweazRhKfszpZiPbFgxY64icsNcNnQ==

GET
H2 200 43-045885a313a9d7be16f4.js Show response
www.firstleaf.com/ 95 KB
24 KB 33ms
32ms Script
application/javascript 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/webpack-runtime-f525e7a8a4a781acd402.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d119667c2e81e94f2b472e140074e3f61ad2e1344fc9a426c65a74f840cc803

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
via: 1.1 851fdca2e1873274a995295ecd94732e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-P8
age: 1293729
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 17 Apr 2024 16:38:46 GMT
server: cloudflare
etag: W/"ed82ab776b0de7517f560e99aa00e706"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 88217099d9059006-FRA
x-amz-cf-id: WU0DuKr86EAFB40uyt67IOc1RTXU3mLs83NKwuFclNUEnsEx61NGSw==

GET
H2 200 app-data.json Show response
www.firstleaf.com/page-data/ 50 B
304 B 487ms
486ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/app-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4fab72f47b5fe99f25ef61ca531c9f674ab91807c04fa7f13f28af586a4938ea

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Sat, 11 May 2024 08:12:40 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"648b7f2f2cdae1669294af30bbe550d9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 88217099d90b9006-FRA
x-amz-cf-id: KPQI_pkgx5nrciC2nbMLN6pc6sj_FcErmpS9Ho20A7WGkAWHonFYEw==

GET
H2 200 page-data.json Show response
www.firstleaf.com/page-data/index/ 467 B
588 B 480ms
480ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/index/page-data.json?utm_source=lot18
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb8f44264d68c7262a98c0ff3408e35c98df3173b17e4d4274554ba2050d7e4b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
via: 1.1 f996db233b87d6765cc5ad56701268d8.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:27:39 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"80cacce87d148cf2fd3151134632c48c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 88217099d90d9006-FRA
x-amz-cf-id: 6LSkAV-PIBm8vjwARkz5Ce6gD6ztsvhZXaqrkqIOQoEXzIPsMrvjLg==

GET
H2 200 b253b5fa-0522-4fcb-b2f3-9056b25ec9b1 Show response
ekr.zdassets.com/compose/ 1 KB
2 KB 291ms
225ms Fetch
application/json 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/b253b5fa-0522-4fcb-b2f3-9056b25ec9b1

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34fcc716ceb2f58bf8189d32531bf6498f4cf30c39db45270e32fb0a77e14f9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=0
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
content-encoding: br
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8811a7c3ae9589f9-SEA, 8811a7c3ae9589f9-SEA
x-runtime: 0.010907
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"34fcc716ceb2f58bf8189d32531bf649"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RPTyg4wuznFtYeHW9A1YURwmUlchegZjE687AZP4fznCdu1ap0o2kJeWIM5Pex1YJ8HsesBvxBrEINjdAPj7DSZwPYcT%2BFZuSe9WEnAKt1B0mQ%2FjLwg2Gm29YSQC8HzOt20%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes
cf-ray: 8821709b4a675d49-FRA

GET
H2 200 1669030446688031 Show response
connect.facebook.net/signals/config/ 305 KB
94 KB 558ms
557ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1669030446688031?v=2.9.156&r=stable&domain=www.firstleaf.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

884a8c6178e9646190c5420481d7a12c172ff808381bb3ac644872263d4f8921

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 11 May 2024 10:21:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=64, mss=1294, tbw=63329, tp=-1, tpl=-1, uplat=537, ullat=0
pragma: public
x-fb-debug: 4/OIWsGi5ItinXaeXcplGauwoaW+1yB/us8sxq2wfje+wMvBQ+H0NbphvRA3fWlvJDdIuSI7xdaJssgniEM+fQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/d59f7da2-0cea-4d7b-9f00-32f1d3392306/2e7c8b06-d602-4a88-beb5-ebeaca523976/ 55 KB
14 KB 49ms
49ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/d59f7da2-0cea-4d7b-9f00-32f1d3392306/2e7c8b06-d602-4a88-beb5-ebeaca523976/en.json

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b62d8bb6ef0f7b2aaaffc6023c4c9f2de1a262a77cdbf55c0da18ff9a992a08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 37110
content-md5: QRaoFyV4sBeQMNGFOhNHTg==
content-length: 13926
x-ms-lease-status: unlocked
last-modified: Tue, 20 Feb 2024 20:32:08 GMT
server: cloudflare
etag: 0x8DC3253023AF6B0
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 88b30b95-a01e-0009-5169-797c50000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8821709b084d5c38-FRA
expires: Sun, 12 May 2024 10:21:02 GMT

GET
H2 200 web Show response
edge.fullstory.com/s/settings/134SPF/v1/ 8 KB
2 KB 161ms
160ms XHR
application/json 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/settings/134SPF/v1/web
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c16efe19a048b91faa563ec423147ffbd749fa558749401c7a82b30fe2c0cab7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
x-guploader-uploadid: ABPtcPr074A6cqU3oLdAHpz3cV0RGkaT7Od5u3OXOwR5ASYefIzvPbPC6DNn4JcZLKtzJd-NedsZchv6rA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2148
last-modified: Sat, 11 May 2024 10:20:47 GMT
server: UploadServer
etag: "ca472986c79ee358a594f50e739381e5"
x-goog-generation: 1715422847242286
content-type: application/json
access-control-allow-origin: *
x-goog-hash: crc32c=AFEWyA==, md5=ykcphsee41illPUOc5OB5Q==
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=900,no-transform
x-goog-stored-content-length: 2148
accept-ranges: bytes
expires: Sat, 11 May 2024 10:36:02 GMT

POST
H2 200 pdst-events-prod-sink Show response
us-central1-adaptive-growth.cloudfunctions.net/ 2 B
123 B 185ms
185ms Fetch
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.firstleaf.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
server: Google Frontend
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 24443dcf35672c3dfc43123e261694a3
cache-control: private
function-execution-id: 4lz8bvf2xo9q
access-control-allow-headers: Content-Type, Accept
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 pdst-events-prod-sink
us-central1-adaptive-growth.cloudfunctions.net/ Frame 0
0 202ms
135ms Preflight
text/html 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.firstleaf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Accept
access-control-allow-methods: GET, POST
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Sat, 11 May 2024 10:21:02 GMT
function-execution-id: ofrhk4eadkaj
server: Google Frontend
x-cloud-trace-context: 287d4be4ab80748519683f93c4da42f1

GET
H2 204 5565374.js Show response
bat.bing.com/p/action/ 0
117 B 47ms
46ms Script
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5565374.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sat, 11 May 2024 10:21:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C35B5318B4D946C7A07A71E4919FEFE1 Ref B: DUS30EDGE0310 Ref C: 2024-05-11T10:21:02Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 69ms
68ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5565374&tm=gtm002&Ver=2&mid=43f914f4-c920-4e59-9812-6dcfa911ce16&sid=2b24d6a00f8011efaea25f75c875b433&vid=2b24bb000f8011efb9e14f1ca5de03de&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=America%27s%20%231%20Awarded%20Wine%20Club%20Subscription%20-%20Firstleaf&p=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&r=&lt=4187&evt=pageLoad&sv=1&rn=628040

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 11 May 2024 10:21:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DEE152CC373E4C0AB639F39A07A68A46 Ref B: DUS30EDGE0310 Ref C: 2024-05-11T10:21:02Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
sentry.io/api/1397651/envelope/ 2 B
324 B 205ms
135ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1397651/envelope/?sentry_key=ff909656e90d411f9069253f654c00ac&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.26.0

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

POST
H/1.1 200
OK pageInfo Show response
www.mczbf.com/11334/ 68 B
546 B 74ms
29ms Fetch
image/png 2600:9000:20eb:f000:16:4ed5:12c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mczbf.com/11334/pageInfo
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:f000:16:4ed5:12c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: https://www.firstleaf.com/
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Via: 1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
Server: nginx
X-Amz-Cf-Pop: FRA2-C1
X-Cache: Miss from cloudfront
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: no-store
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 68
X-Amz-Cf-Id: 76OBG8luZXHmfoMstsrOlIkU31nk2w6BEsFfd6mtuDyHEWjU2nXUDQ==
X-Request-ID: 2b3181e2-0f80-11ef-8155-9da3b5848601

GET
H2 200 triggerRunner.js Show response
d2mjzob2nc713b.cloudfront.net/widget/ 11 KB
4 KB 20ms
19ms Script
application/javascript 2600:9000:26e8:6c00:d:370a:51c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2mjzob2nc713b.cloudfront.net/widget/triggerRunner.js?v=53f4a9a
Requested by: Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26e8:6c00:d:370a:51c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 45fdcedbeb833ea40206c98dfcbfa73842f72d53f166a26b47ecc3b01a55286d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 18:06:15 GMT
content-encoding: gzip
via: 1.1 098a60d50e7e132c276fd27b94c6212c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
age: 317688
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3876
last-modified: Tue, 07 May 2024 18:05:53 GMT
server: AmazonS3
etag: "b6d80b0a8e17da8ab75a018bfc7bd938"
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000, public
accept-ranges: bytes
x-amz-cf-id: UJCGqzl-eW8Z-SfHlVCca0R64CHoYzvrusmtU1QmE8UKdhGkuMecIQ==
x-amz-meta-mtime: 1715105151.16

GET
H/1.1 200
OK integrations Show response
rbv9j7km.firstleaf.com/ 48 B
252 B 113ms
113ms Script
text/javascript 137.184.29.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://rbv9j7km.firstleaf.com/integrations?source=firstleaf
Requested by: Host: rbv9j7km.firstleaf.com
URL: https://rbv9j7km.firstleaf.com/assets/wxyz.cs.js?rb_sync=rbv9j7km.firstleaf.club
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 137.184.29.70 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: metrics.production.nyc1.025
Software: openresty /
Resource Hash: 4abfc20341515e0793cc89ece1d464349fdc7675f925e473fd6d99a0cc18a8b8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Content-Encoding: gzip
Server: openresty
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/javascript

GET
H/1.1 200
OK jpuid Show response
rbv9j7km.firstleaf.club/ 67 B
409 B 384ms
109ms Script
text/javascript 165.227.198.72
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://rbv9j7km.firstleaf.club/jpuid?jsonp=RB.jsonPUID
Requested by: Host: rbv9j7km.firstleaf.com
URL: https://rbv9j7km.firstleaf.com/assets/wxyz.cs.js?rb_sync=rbv9j7km.firstleaf.club
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 165.227.198.72 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: metrics.production.nyc1.002
Software: openresty /
Resource Hash: 8fbfdbbb84401797714e88bb5604ce53704ae0dcf8015f46a4ce58da5a84b66e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Content-Encoding: gzip
Server: openresty
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/javascript

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/ 13 KB
3 KB 40ms
39ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otFlat.json

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BhDz7QN6NZvDbVeQXXKKbA==
age: 44738
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:21 GMT
server: cloudflare
etag: 0x8DC3E996A8D0BAE
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c12b3b06-901e-005f-19d4-708dbf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8821709ba9015c38-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/ 62 KB
13 KB 46ms
45ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/otPcCenter.json

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

777b4b4a083fe36afca14edfa9de06db28dacfe106659598d9c88f576428e2d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +7hvz1DcCYiP/7X0fBpjjw==
age: 44738
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12694
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:24 GMT
server: cloudflare
etag: 0x8DC3E996BDADDD4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: b2a2f3d4-001e-0096-34d4-703052000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8821709ba9075c38-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/ 21 KB
4 KB 43ms
42ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otCommonStyles.css

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 74344
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:34 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: d2d9e806-701e-000a-08d4-709d34000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8821709ba90a5c38-FRA

GET
H2 200 loader.min.js Show response
files1.cybba.solutions/2856/ 86 KB
27 KB 100ms
26ms Script
application/javascript 2400:52e0:1e00::1080:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://files1.cybba.solutions/2856/loader.min.js

Requested by

Host: www.rtb123.com
URL: https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1080 /

Resource Hash

f2a1abbb9637f0eace228f691af8b0fcf3524dba20769d8dd7457b03ece2c55b

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

cdn-requestpullsuccess: True
date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=3600
content-encoding: br
cdn-edgestorageid: 1079
cdn-cachedat: 05/02/2024 19:45:51
cdn-pullzone: 116099
last-modified: Tue, 05 Dec 2023 17:11:23 GMT
server: BunnyCDN-DE1-1080
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"656f59bb-156fe"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: deny
content-type: application/javascript
cdn-cache: HIT
cdn-uid: a080e070-2552-4896-b206-e42f1464eeab
cache-control: public, max-age=3600
cdn-requestid: 454ca46a0fdb21881fe4b47a2113fc7f
x-robots-tag: noindex
cdn-requestcountrycode: DE
cdn-status: 200
expires: Thu, 02 May 2024 20:45:46 GMT

GET
H2 200 cybba_latest.min.js Show response
d2rp1k1dldbai6.cloudfront.net/ 78 KB
20 KB 90ms
22ms Script
application/javascript 2600:9000:236e:8c00:d:87ae:bb80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2rp1k1dldbai6.cloudfront.net/cybba_latest.min.js
Requested by: Host: www.rtb123.com
URL: https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:8c00:d:87ae:bb80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70a0f167788e07b40c47bb0fa3afc0a9f4f26526e0a0820a85a7723c7abd87dd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: yZW6Dter.grTsHVBuURNXZgqG96f3Y_9
content-encoding: br
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
date: Sat, 11 May 2024 03:28:26 GMT
last-modified: Mon, 25 Mar 2024 21:44:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 24760
x-amz-server-side-encryption: AES256
etag: W/"76242c68cd648dfbf2fad65e0391d0c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: _xUAMzdATeERqXenAcJPfuCymHerVgfboXDq8Uh1IgkcymRbyclCHA==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 10 KB
4 KB 77ms
22ms Script
application/x-javascript 18.172.103.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.rtb123.com
URL: https://www.rtb123.com/tags/A99F5C2A-533B-31BD-43AC-B834BAFF94CB/btp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.172.103.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-172-103-101.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 04:19:05 GMT
Content-Encoding: gzip
Via: 1.1 599ca4c1e171a33647d38b2340e37b20.cloudfront.net (CloudFront)
Last-Modified: Tue, 30 Apr 2024 23:20:15 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P8
Age: 21718
x-amz-server-side-encryption: AES256
ETag: W/"d6f0435164aefe6cf324147b77c7b6bb"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: jorhLYcN2UkB7g0-zK80HXr670-5cIilMPtTRWdt46qVnmglwUXrZg==

GET
H2 200 widget.js Show response
d2mjzob2nc713b.cloudfront.net/widget/ 194 KB
49 KB 22ms
22ms Script
application/javascript 2600:9000:26e8:6c00:d:370a:51c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d2mjzob2nc713b.cloudfront.net/widget/widget.js?v=9151fab
Requested by: Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26e8:6c00:d:370a:51c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: abf799a9a6e8442dd51a2bf2dc71a6484fe05b74d6283add4e8eb4cb69f77b81

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 07 May 2024 18:06:14 GMT
content-encoding: gzip
via: 1.1 098a60d50e7e132c276fd27b94c6212c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
age: 317689
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 50178
last-modified: Tue, 07 May 2024 18:05:52 GMT
server: AmazonS3
etag: "e034948d303507c909a0e95ab2bc9617"
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000, public
accept-ranges: bytes
x-amz-cf-id: xfvTIH9w0xNO_ErzMMHDs2VQIQpLv1XOC-G5hbXlC3uoT9UcCqT9Yw==
x-amz-meta-mtime: 1715105149.28

GET
H2 200 lightbox_speed.js Show response
www.lightboxcdn.com/vendor/8158d925-0b30-4be6-bcc9-4670b48f34c8/ 3 KB
1 KB 742ms
682ms Script
application/javascript 2606:4700::6813:d383
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lightboxcdn.com/vendor/8158d925-0b30-4be6-bcc9-4670b48f34c8/lightbox_speed.js?mb=1715422862683
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b42009363398f443f68355c2daa5122107179ae338e23f44f21c0ae3ff939f07

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: br
cf-cache-status: REVALIDATED
content-md5: mtjiU6/FCK8mhCb0RXJuMw==
cf-polished: origSize=4971
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Fri, 10 May 2024 21:40:38 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b976b1cd-701e-0042-2224-a33324000000
cache-control: public, max-age=60
x-ms-version: 2009-09-19
cf-ray: 8821709c3883381c-FRA
expires: Sat, 11 May 2024 10:22:03 GMT

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
600 B 35ms
35ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 67631
x-ms-lease-status: unlocked
last-modified: Thu, 09 May 2024 19:31:29 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 10677d90-301e-0003-6689-a2426e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8821709c093b3605-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 37ms
36ms Fetch
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 74343
x-ms-lease-status: unlocked
last-modified: Wed, 08 May 2024 06:40:06 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: b60366e1-301e-0080-6755-a1e2c3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8821709c196b5c38-FRA

GET
H2 200 FL_Logotype_Purple_(3).png
cdn.cookielaw.org/logos/627cf43a-de0f-4b49-ad3a-54a9f94ef23e/8eb1dbf4-acc5-45da-85f8-9badfdf81305/49b98577-e68a-467a-877e-9da063be58e4/ 17 KB
17 KB 39ms
38ms Image
image/png 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/627cf43a-de0f-4b49-ad3a-54a9f94ef23e/8eb1dbf4-acc5-45da-85f8-9badfdf81305/49b98577-e68a-467a-877e-9da063be58e4/FL_Logotype_Purple_(3).png

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fd678871d5c502175e5233f33bb7c2cb09eda96eebfa139f527b72683f8b92b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: kb6My5twzXAEkxk7pZWjFQ==
age: 1232
content-length: 17202
x-ms-lease-status: unlocked
last-modified: Wed, 29 Jun 2022 19:40:58 GMT
server: cloudflare
etag: 0x8DA5A074A2ECBDD
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: d2af33d1-801e-0031-4f72-79d890000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8821709c29603605-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 37ms
37ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 36191
x-ms-lease-status: unlocked
last-modified: Thu, 09 May 2024 19:31:29 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 3399c783-901e-0027-580d-a3db20000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8821709c29633605-FRA

POST
H2 200 page Show response
rs.fullstory.com/rec/ 1 KB
744 B 212ms
146ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/page
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 1d439a4882debc1c8106429e5c2568eec26a1fea853def5bf41ff03cd0614eb7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
content-encoding: gzip
via: 1.1 google
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.firstleaf.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 553

GET
H/1.1 200
OK user Show response
app.cybba.solutions/ 126 B
491 B 350ms
114ms Script
text/javascript 138.197.61.175
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://app.cybba.solutions/user?callback=_vtsdk.User.callbackUser&shopId=2856&oldUserId=undefined&email=null&_ts=26433637

Requested by

Host: files1.cybba.solutions
URL: https://files1.cybba.solutions/2856/loader.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

138.197.61.175 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx, nginx /

Resource Hash

875e8912662250c9405dc51420b86292259be2759837cfc55cf1cbf8a9884597

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Strict-Transport-Security: max-age=3600
Server: nginx, nginx
X-Frame-Options: deny
Content-Type: text/javascript;; charset=utf-8
Cache-Control: no-cache
Connection: close
X-Robots-Tag: noindex
Content-Length: 126
x-process-time: 0.00042128562927246094
Expires: Sat, 11 May 2024 10:21:01 GMT

GET
H/1.1 200
OK / Show response
pro.ip-api.com/json/ 271 B
427 B 71ms
20ms XHR
application/json 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json/?key=aUoasJP8dMuydUf
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: bf4f57101738e144cbbf574a456149f3f9f84a68f23aa5c91c200464298e40c2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 11 May 2024 10:21:02 GMT
Content-Length: 271
Content-Type: application/json; charset=utf-8

GET
H2 200 web-widget-main-1220b2e.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7D84 972 KB
277 KB 40ms
39ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1220b2e.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=b253b5fa-0522-4fcb-b2f3-9056b25ec9b1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52ed746ba11175e661e72c76e0b948deec27a391b793a52904016a084b6359b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:02 GMT
x-amz-version-id: SlC9xTAY2YIwN7.6X4wCtNf670Vu5_jO
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: 2TWMYWV9FKZ8MQ6P
age: 159
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: 3AbN3v7OA1FXLB8w/dTdNl7Ont4yGUA69PT18aPHEcGchAKvFy99Lg56YQn/Lt2Y4xMny85QsIo=
last-modified: Mon, 06 May 2024 20:36:57 GMT
server: cloudflare
etag: W/"b4a428eba038e94cf613969bb9bdc78d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KuA9yWKLSGLDWQcYHwg9Z92RjkdnAoF3NrWRtmV%2F2yIpMXliakxCHHaDW3wvohA91s92zhkAh2e1rLT4aMemM1evdkvgci%2FhqDawcMLHvYieOcsziltiVIie8W5NLwcVhBVT3Ik%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8821709cbd0e6904-FRA
access-control-allow-headers: *
expires: Tue, 06 May 2025 20:36:55 GMT

GET
H2 200 1127810653.json Show response
www.firstleaf.com/page-data/sq/d/ 898 B
520 B 465ms
459ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/1127810653.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cbc6dcd7a381454f1aa9968e8213c7f46620a43e4f38ac4d248aec2c422547a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 f996db233b87d6765cc5ad56701268d8.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:05:33 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"d9e5d79a522a63af8a6e2cdcb13a408e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec189006-FRA
x-amz-cf-id: 0iv_pRwhp-SLgznOQt9YvgrBBhryvXXreqKGzWmjEeMxufWxnE3uXw==

GET
H2 200 1336607429.json Show response
www.firstleaf.com/page-data/sq/d/ 8 KB
2 KB 481ms
476ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/1336607429.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cce753ae3b1e52fa4eaeff638550c3fea3040a4e4822adfc070918eb4f1e0b4e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 193d38535c6cb246e365763e9c32e672.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Tue, 05 Sep 2023 08:20:32 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"6d0f32099667dcd6d847a977984787a3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec199006-FRA
x-amz-cf-id: GibEV_W5JTKpmV1-Jp12s8oo1wU1ZWguo5-Jr0fuxQdJkjARcaeS5Q==

GET
H2 200 1417137468.json Show response
www.firstleaf.com/page-data/sq/d/ 15 KB
3 KB 477ms
472ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/1417137468.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8899b4685b6eb6ce633b02425dae5fec9604c75a33de51871db369eac8384c05

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Sat, 11 May 2024 08:14:30 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"2161de66770fe4ae48db645fd36fef97"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec1a9006-FRA
x-amz-cf-id: aJP319mraZln7igmr-ghNBkuOj3psIx8UgDA9BmXmNmK87E-UyNrAw==

GET
H2 200 1773341317.json Show response
www.firstleaf.com/page-data/sq/d/ 321 KB
57 KB 479ms
474ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/1773341317.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06f3e4b1916126cb914e0f197759665066242437bce976b6cddbd9f713adda05

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 1feab8d6a8e5cc920c359b62fd33d3de.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:29:34 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"d232eeb450bceea8d6c1ccb3bcf40347"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec1c9006-FRA
x-amz-cf-id: sWpzuHNArE29YlHdLsg6sI0OUvTWrutLbC5faZEg9busIOun-02Jgw==

GET
H2 200 1806462600.json Show response
www.firstleaf.com/page-data/sq/d/ 3 KB
672 B 476ms
470ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/1806462600.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 448d4d591156a0c14d4990f575daea57d7ca5ae8bb4021fc38d66445578e77b3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Thu, 12 Oct 2023 19:54:11 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"98900a93434132189ab0148c1acaf82b"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec1d9006-FRA
x-amz-cf-id: 37Wkc6kAHBDjLGp1X2jhn5LlZFns916W7X-Q3MkcwAsG5nSjB4fV_Q==

GET
H2 200 2343482889.json Show response
www.firstleaf.com/page-data/sq/d/ 81 B
311 B 478ms
472ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2343482889.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c472f5fc6038aa27db8aa76648236f916446c78b691d4211ef95a546411ca8b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 f99e0a5708c6297d4aa91b3e4794707e.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Wed, 24 Aug 2022 12:51:27 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"bcbe45f39971408a2e07253a116c24f7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec1f9006-FRA
x-amz-cf-id: mVSLLIl-j9d7sCQRpxPckI2bPB0FUTvzZ10eEUm8xusjn1N-vXc35Q==

GET
H2 200 2446253125.json Show response
www.firstleaf.com/page-data/sq/d/ 2 KB
905 B 477ms
472ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2446253125.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fc84cd40ef02e70aa5996747df4659e7ea7da89f8d108eabac6e589cf34090c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 193d38535c6cb246e365763e9c32e672.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:05:33 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"220e74a11a9dd36eb3f1b15d96abe041"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec209006-FRA
x-amz-cf-id: 5ER3UC_vvh1dADvPFNKtwNpcxf8UUf_tcAHOJQG8RskXDHpxPg20kw==

GET
H2 200 2625547197.json Show response
www.firstleaf.com/page-data/sq/d/ 34 KB
6 KB 464ms
459ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2625547197.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c5237afda554fd9ffe10bf8fd2778de973cb362baf81f6e1e33918c01bc9a67

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Sat, 11 May 2024 08:14:30 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"1318b2edb223bb20f21113d7866e0016"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec219006-FRA
x-amz-cf-id: jUc9u7hg2nVEM6m7pbriam2ayX6XwsJYoTJ6MJ1xFrGKRq0NJ4WCkw==

GET
H2 200 2727750032.json Show response
www.firstleaf.com/page-data/sq/d/ 1 KB
798 B 484ms
479ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2727750032.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d706b4e3d196efcd7c73bb6e45a2adf171af07bcb7408123f660e06ec40caee6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 f996db233b87d6765cc5ad56701268d8.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:05:33 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"490497183ead171309c86ef43de5fc72"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec239006-FRA
x-amz-cf-id: 8y8yfzLTiq-UvzecW0J8Ab4r0cPCb3OrQMa9gKy9TnjBNbBxLEqdZQ==

GET
H2 200 2729198856.json Show response
www.firstleaf.com/page-data/sq/d/ 7 KB
4 KB 485ms
481ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2729198856.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6396dedda9bcf5749f2cbbcd870a17297c4bf63f19a52d54d42d3abb4b0a3b87

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 ebc0709f2918acef5e26208dffcb618c.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Sat, 11 May 2024 08:14:30 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"6abb3127553464b77f2faa50e0c833c9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709cec259006-FRA
x-amz-cf-id: tVdP3iYgYKudDECIQIW6J_xyr5pWgLt-_LXYQLcy3gfSLdSq79rjLw==

GET
H2 200 2734060729.json Show response
www.firstleaf.com/page-data/sq/d/ 20 KB
5 KB 499ms
494ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2734060729.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f83e9b440122162e26168f780eb567cbc84a351c4728c3cc8bd3679e8e362ff9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 f36453eb82bc9ab0c6e360ac52cc5972.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Wed, 01 May 2024 16:32:39 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"13482419a9f2c5b5a126e6d5bd4214a8"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c3d9006-FRA
x-amz-cf-id: oW5m0GVaMCKHWSnYbWCJBBVrv-sDwYuCKQP4ng6W40NiHeX56v2hSg==

GET
H2 200 2754068927.json Show response
www.firstleaf.com/page-data/sq/d/ 4 KB
1 KB 507ms
502ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2754068927.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6aa2e6166c7e04afa18a7adecff919c61d92877b2285d2aef27127476e4b538a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 b7c8b552077b93dc0acaa0b82d11fa62.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Thu, 21 Sep 2023 23:43:05 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"9bf2a50c53bddceb6e916d9b67ae5b54"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c3f9006-FRA
x-amz-cf-id: 3X_B3tsztE006_Dapa_F4N190oLZ64Df5p_TE1SOKduTsGOzwLmK_A==

GET
H2 200 2764483679.json Show response
www.firstleaf.com/page-data/sq/d/ 3 KB
961 B 489ms
484ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2764483679.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19bdfcbcd23b5134cd377c78bbf03971926795fa6398c62599782d4d6e381620

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 1eee8db55908814c8f0cde754e3bee5a.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Tue, 04 Oct 2022 15:55:32 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"f2aabd68d8137b9c2a2b980847ec0644"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c409006-FRA
x-amz-cf-id: UtR3BWPXTxprt7bCVr4XnYRUdbLAISSEDkUIo-6s2hJbz4unG8uX2A==

GET
H2 200 2771237727.json Show response
www.firstleaf.com/page-data/sq/d/ 622 B
622 B 497ms
493ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/2771237727.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e4a4d483e6cb4667bed478a5f53e7c24bda8c91025757357eca32835fd69d97

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 af3799c72ed879abb7633a4c3e57502e.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:05:33 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"79feae68043e971e307220f03c033a26"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c419006-FRA
x-amz-cf-id: uEB5e1D761WXDc6blSY-OV-B2YJMV_6ILsaOeW6zAAIpXRPwfjDAsw==

GET
H2 200 3065704166.json Show response
www.firstleaf.com/page-data/sq/d/ 607 B
566 B 496ms
493ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3065704166.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b042c650b6af4874dfcad48aa7fd53dc9b32a444a96fba1f7161a02607907a8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 9eb1733bea847c3a8f4910adebcc8146.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Fri, 04 Aug 2023 20:23:09 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"62267b28fd2e454d403e7198dcbde8c4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c429006-FRA
x-amz-cf-id: h8QeLhJu6jjPRL8lE8Zc288tVw3DG7tsv1ZtLP7bSHi7QLsZVLUoJQ==

GET
H2 200 3079672699.json Show response
www.firstleaf.com/page-data/sq/d/ 19 KB
11 KB 495ms
491ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3079672699.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bef875cb4110e02d8f52c061cfbeb46a870e9733cc9c45a647105ec3fe8e53f5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 b81e506afc0d8b7cd6094e636331ca78.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Sat, 11 May 2024 08:14:31 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"00dd8e53a2791a95bb737f8b8d0bce0c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c439006-FRA
x-amz-cf-id: 1zsUDXuM3SKGPOmmhc4NgpM8aXACT6vFVfScp1sORVO1m0lt3ymwWg==

GET
H2 200 3102105077.json Show response
www.firstleaf.com/page-data/sq/d/ 17 KB
8 KB 500ms
496ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3102105077.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bd05e5747309cb200f6ebb8883e8d691fa32eb5bb0154c529c41ba2b291dd2a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 f99e0a5708c6297d4aa91b3e4794707e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Wed, 10 Apr 2024 20:06:31 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"8d967784b29d2a1b7496d087f96b6df0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c469006-FRA
x-amz-cf-id: 23V6Lvk1T9ZjDUAhA-xOXIZAQAllVVi6oETVlemer1r8zGH5fMkI8w==

GET
H2 200 3102962149.json Show response
www.firstleaf.com/page-data/sq/d/ 8 KB
2 KB 487ms
483ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3102962149.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3fa27efb7fa0336505319590fa396a9672fe9e3607dea0b2fa820329d52e763

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 383422f03bfc9d77974d0ac637421c22.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Tue, 02 Apr 2024 20:37:44 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"ee16d3e928d42c463c4546c8553545ea"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c479006-FRA
x-amz-cf-id: W-eCkLrAPBXSA4Z0CTqLuSNxxyT1422eT6Ggv-UJkiQ6UMeIQvCb2w==

GET
H2 200 3205276428.json Show response
www.firstleaf.com/page-data/sq/d/ 248 KB
63 KB 492ms
488ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3205276428.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85842b3426a14f199b7f46890201f03f5f62b8fb23c3ecfad1cc4c6ce50f1e8a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 1eee8db55908814c8f0cde754e3bee5a.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Wed, 01 May 2024 16:32:39 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"0132180f5bf52c2deacd275fd9a7e67e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c489006-FRA
x-amz-cf-id: q9vbBm1dSurRPlJ1i8LQqCDriaYAcg21Sv4ZB6uDNaqp7p4EZGKZZA==

GET
H2 200 3522674478.json Show response
www.firstleaf.com/page-data/sq/d/ 23 KB
5 KB 495ms
492ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3522674478.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21eb07dfa4fbf58620c4c6d09513a4bca648484ad69ab56d0593350f8e48f38d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 b81e506afc0d8b7cd6094e636331ca78.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Sat, 04 May 2024 08:18:26 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"a08ea3df8f738c79f8f78dd3cf095752"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c499006-FRA
x-amz-cf-id: HPsyCEBwCKR4kDTIPP0S9nNp7qXGg4qc_ofWHU2OmcH5_ChB7Cx4cA==

GET
H2 200 3679669099.json Show response
www.firstleaf.com/page-data/sq/d/ 22 KB
5 KB 500ms
497ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3679669099.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7aa06cdb33505b38e3b1ec87cf80aab1dfd0a4b8c6a92585f44507fd1ef8e7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 f36453eb82bc9ab0c6e360ac52cc5972.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Fri, 02 Feb 2024 14:31:02 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"368f40ddf05164a223fb500fe38e6bf0"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c4b9006-FRA
x-amz-cf-id: 5XAYt69vezeF-15YIDe0-3qSmMlIZL29PV06Z1MAv4AueeHZ7B0jKQ==

GET
H2 200 384391487.json Show response
www.firstleaf.com/page-data/sq/d/ 388 B
515 B 486ms
484ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/384391487.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c03f3488eeb6bcad6fa76499431ef68b5e0283c9eb8d71ed52851c14ff9f5d5c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 b81e506afc0d8b7cd6094e636331ca78.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Wed, 24 Aug 2022 12:51:28 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"af315518cf9c83f1a5039ef893a09a9e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c4c9006-FRA
x-amz-cf-id: KjNJi2ksJEQMVUFnQ5AaVBeVb6GbGl72c7T6nX32tg0sGeDGf1GiOA==

GET
H2 200 3963807967.json Show response
www.firstleaf.com/page-data/sq/d/ 360 B
488 B 493ms
490ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/3963807967.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c54090ff41e10e45e8d9f5b1a493db89c09a102305e71939bf7bf535fffea16

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 7b85fc567b776c0d31c5ac07cc6c2ae6.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Tue, 13 Feb 2024 17:12:54 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"a8d3a1f18572055cadecd95e072d8b80"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c4d9006-FRA
x-amz-cf-id: eOkXceG9o3q8G416HvcyEgntQbdmOZrsvNoAN6cZ-8vMf6MU9sEBFA==

GET
H2 200 4049699997.json Show response
www.firstleaf.com/page-data/sq/d/ 5 KB
2 KB 483ms
481ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/4049699997.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 236bc97a188e4940fec1bd29c0f58b4e1bcbacd475911604e5f0016c1a39f12e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 1feab8d6a8e5cc920c359b62fd33d3de.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:05:33 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"a0e3c20823fb865018375ee933b0ea4d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c4f9006-FRA
x-amz-cf-id: aBNcdWaRmEM6nO3kMgFP7M4vy34GQqOrcKgYswONAdLstLuBvoy8Uw==

GET
H2 200 4076379186.json Show response
www.firstleaf.com/page-data/sq/d/ 9 KB
3 KB 497ms
495ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/4076379186.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 641c2d6ecaf79a3923a845db8f24f99033834a7a724d98f608b16f1bddede351

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 fbd2b51fce9ee4f3aa7b93dbbda3d698.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Thu, 09 May 2024 15:02:33 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"ed91dfd24ee93e989c9edbf8cede650b"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c509006-FRA
x-amz-cf-id: HG_EUhYzMxj7CKpWWLIqcD87k4dHG-Desk8jpOi9_vGn4CqLQDyd9w==

GET
H2 200 829245689.json Show response
www.firstleaf.com/page-data/sq/d/ 2 KB
894 B 497ms
495ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/sq/d/829245689.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9079e41a84e532c7a5f6363737595134c170c9b48a0ded5a2a1519524f6bf7a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 fbd2b51fce9ee4f3aa7b93dbbda3d698.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Tue, 13 Feb 2024 17:12:54 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"62b41a52a2aee82b1c0039648ba78152"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 8821709d0c519006-FRA
x-amz-cf-id: CyY2pIvT-ReJ2m7xcxlV1muwW8ieWSIYzG8G4ckBu3t1RWp8iP7oqA==

GET
H2 200 en-us-json-1220b2e.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 7D84 25 KB
6 KB 39ms
39ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-1220b2e.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1220b2e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
x-amz-version-id: vAzFSohenz_e22Rp8lNkv2BTGPuGS.8c
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: BVNQXG9GPSV2EAK6
age: 165534
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: 4CAuRB1EffmnJlzBNn7SnikOhu6PppPQeyN+kV/1kUEEbmXpWlEAfujjfOAtpENniqqiR+9oBVY=
last-modified: Mon, 06 May 2024 20:36:58 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QGf8Spk3vXQqqhKa8QIgCvj6VVleH7H1%2FUPRiGZuo7cGd789U%2BGlWHz3fJJ90vt%2FBEny9aQyNg9hwEVVTFKThesmxJblqCDLWUAHBE%2BssA%2FtRfcD3WBnEzBsllSbtLkwfa5Cs90%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8821709e1e8e6904-FRA
access-control-allow-headers: *
expires: Tue, 06 May 2025 20:36:57 GMT

GET
H2 200 config Show response
penrosehill.zendesk.com/embeddable/ Frame 7D84 905 B
1 KB 260ms
187ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://penrosehill.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1220b2e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93025c58ee7b3cdd3f0c2829a6876b406606a68f05e8468d157ccdc3bc212495

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-64987c9f46-xssq7
x-cached: MISS
x-runtime: 0.004287
last-modified: Sat, 11 May 2024 10:15:22 GMT
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8gcl1iXc9algaNOQ108oLu42%2FbQr%2BCdoQYQZfW4rWZrqYgQPdigOb%2BZDfqnVSiFLoUEhFmYGqxBuc8EkAXnBkmb0MTP6tUj22BLVNrbfJZ0ZUrFidHyxQ5nBhNnWosgdtoXJ9FCRT8xZ"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8821709e9e08364f-FRA

GET
H/1.1 200
OK rb
rbv9j7km.firstleaf.com/v2/ 44 B
337 B 113ms
113ms Image
image/gif 137.184.29.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rbv9j7km.firstleaf.com/v2/rb?url=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&action=view&source=firstleaf&rb_source=firstleaf&script_version=wxyz.rb.js&sessionId=b2ba8581-916b-4fb7-bdf3-9cb4ced8e138&uid=rbos-488dccb2-9592-4e2e-adde-d41469edb609
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 137.184.29.70 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: metrics.production.nyc1.025
Software: openresty /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:03 GMT
Server: openresty
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H/1.1 200
OK rb
rbv9j7km.firstleaf.com/v2/ 44 B
337 B 226ms
112ms Image
image/gif 137.184.29.70
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rbv9j7km.firstleaf.com/v2/rb?url=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&action=identify&source=firstleaf&rb_source=firstleaf&podsights_session_id=49be9767743441528f9c84b0b917b2d5&script_version=wxyz.rb.js&sessionId=b2ba8581-916b-4fb7-bdf3-9cb4ced8e138&uid=rbos-488dccb2-9592-4e2e-adde-d41469edb609
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 137.184.29.70 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: metrics.production.nyc1.025
Software: openresty /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:03 GMT
Server: openresty
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a899a0398bbfbb8343c67e83098446254c1609aae412962cff6929087135a51c

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dddf04d190be2e7006f807221d5f5852bf45a97c2aad4c66b1f0a1661efa7dda

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 16 KB
16 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01af466f48d14857d97a67cd7025ce67c8a0b9ca83ddb6d3f313c7369c432868

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 5 KB
5 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51b06909334339bd5f4027e70f4d2fd30a2a3977ee44cce7385b908ec8f51903

Request headers

Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 web-widget-chat-sdk-1220b2e.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7D84 202 KB
51 KB 59ms
59ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-1220b2e.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1220b2e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

965cba95c928e95003ce37271090406eaa7d5c2d955230a785b2b3be8a9a17f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
x-amz-version-id: vQxExfzodtghL4OtCIgkSot6TaNjuL0m
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: BVNJGE599EKXR6MY
age: 165535
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: Zp/i/90lmYBjQpnCcK7kMHIdLopyG9DyKRIvyf3bxXvbW138z04FPS3rENmFkHKyO37aQwv5s3k/ivp0jADdLA==
last-modified: Mon, 06 May 2024 20:36:56 GMT
server: cloudflare
etag: W/"b8284a4b45e40625c2b90a641ebe4a68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kQfULrX%2BcS44%2BluQ8fjB8KUSf53uw3ACharXzTEo1EK5jcQIz47C9HbqQXpKmluVW4Za0Q0vs%2Bhw2ZmUm45%2FqUwdiHcmPmVSFxjRAssYi%2F3aOWowfcrD3TUJ6cfaw2kKDO1bog0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8821709eaf116904-FRA
access-control-allow-headers: *
expires: Tue, 06 May 2025 20:36:55 GMT

POST
H2 200 events Show response
fbapi.firstleaf.com/ 0
263 B 388ms
113ms XHR
text/plain 2600:1f16:ebf:1f02:523f:9ec2:fef8:984a
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fbapi.firstleaf.com/events
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f16:ebf:1f02:523f:9ec2:fef8:984a Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.firstleaf.com
date: Sat, 11 May 2024 10:21:03 GMT
access-control-allow-credentials: true
content-length: 0
vary: origin

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 71ms
21ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1669030446688031&ev=PageView&dl=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&rl=&if=false&ts=1715422863233&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1715422863228.1271167027&hmd=5b381d55f23c13eef1106b85&pl=https%3A%2F%2Fwww.firstleaf.com&eid=ob3_plugin-set_d7a84d873b7d7e1f05b5578526cb10c32fc53dc59ec20f6c37d37de1c371e362&cs_est=true&ler=empty&cdl=API_unavailable&it=1715422862546&coo=false&rqm=GET

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1294, tbw=2775, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 11 May 2024 10:21:03 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK update Show response
app.cybba.solutions/event/2856/ 79 B
442 B 329ms
112ms Script
text/javascript 138.197.61.175
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://app.cybba.solutions/event/2856/update?data=%7B%22userId%22%3A%223379843019036365%22%2C%22type%22%3A%22update%22%2C%22lastVisitDate%22%3A1715422862785%2C%22device%22%3A%22desktop%22%7D&callback=_vtsdk.eventApi.callbackEvent&_bqstore=0&_ts=48156650

Requested by

Host: files1.cybba.solutions
URL: https://files1.cybba.solutions/2856/loader.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

138.197.61.175 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx, nginx /

Resource Hash

864b44b7de74762c3ae052f54a0edc714e38b1ac585bf1b907d36c3960b59c4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Strict-Transport-Security: max-age=3600
Server: nginx, nginx
X-Frame-Options: deny
Content-Type: text/javascript;; charset=utf-8
Cache-Control: no-cache
Connection: close
X-Robots-Tag: noindex
Content-Length: 79
x-process-time: 0.0006070137023925781
Expires: Sat, 11 May 2024 10:21:01 GMT

GET
H3

200

api.js Show response
challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/
Redirect Chain

https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onTurnstileLoad
https://challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js

42 KB
14 KB

31ms
31ms

Script
application/javascript

104.17.2.184
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/g/1b3559406bc8/api.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H3
Server: 104.17.2.184 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: br
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
cf-ray: 882170a0da0f9a11-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
server: cloudflare
vary: Accept-Encoding
location: /turnstile/v0/g/1b3559406bc8/api.js
access-control-allow-origin: *
cache-control: max-age=300, public
cross-origin-resource-policy: cross-origin
cf-ray: 882170a099db9a11-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 checkouts.json Show response
api.firstleaf.com/api/ 2 KB
1 KB 702ms
625ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.firstleaf.com/api/checkouts.json

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c15a03a87528755e49e38c7416633b33bbaf47b1f1ed1d31c402b25fd05ce79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: dc03de3a-4365-4167-a86c-2e18764b53b2
x-runtime: 0.116807
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"4c15a03a87528755e49e38c7416633b3"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.firstleaf.com
access-control-expose-headers: DNT,Keep-Alive,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=0, private, must-revalidate
cf-ray: 882170a0ec8a9b7d-FRA
access-control-allow-headers: DNT,Keep-Alive,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 223-93477160dda2993c6123.js Show response
www.firstleaf.com/ 3 KB
2 KB 38ms
38ms Script
application/javascript 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/223-93477160dda2993c6123.js
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/webpack-runtime-f525e7a8a4a781acd402.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4c521d5535bd16fa41564dc19a2043f492e87104fc8089b9fca8040813a0f80

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
via: 1.1 ebc0709f2918acef5e26208dffcb618c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: FRA56-P8
age: 63440
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 20 Jun 2023 15:54:17 GMT
server: cloudflare
etag: W/"f2c96b9ae25854b1e183ec2c3ad46955"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 882170a06fb69006-FRA
x-amz-cf-id: 2sF0wTkxlzvhYLXlxc2UbECYPKJVMfpWAVdj_l-TxcEOgs2mzshw3A==

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 233 KB
83 KB 44ms
44ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-935608953&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW&gtm_auth=1BfIqc--iU-7Fmd2boouvg&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

96bba6a9b2c559d94dcffd86858e4f7ca872781568921c62d9b3bae4c34782a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84786
x-xss-protection: 0
last-modified: Sat, 11 May 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 11 May 2024 10:21:03 GMT

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d9e24b2a2c5ae741aba134a5764fe7267376ec85c5fa349acc18e4d21b600292

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 18aeba875cb986ff0c9bad79ba5b2b36158f50923f6f4c4284e61e1f2b84536c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8d171bc5152bfb08047c65650bff8f1828cc63f53d95bacd4ae24a3806607c27

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf7d99bfd85f20c422fac114ec71fa775883e8b430f1e20cdac1f5db187350a1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d3238f57e3ae44a7d0b2ef513ff2e8cf9afaf6e442f5fa5a575c4f8efd0290e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10a9fb33e08a93b89c3365895199b512887263e05716811dfedac593db29a3f4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd7e3ece391682a33c28af9cd8a27168fe9da07dfb2ce47b62142b6815c904cd

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17baaf0620679e688805c54583243a34e8491165c5f1029c16977bae6a5f76c0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 74ms
20ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKCVNW&gtm_auth=1BfIqc--iU-7Fmd2boouvg&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 11 May 2024 10:07:49 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 794
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 11 May 2024 12:07:49 GMT

GET
H2 204 0
bat.bing.com/action/ 0
238 B 48ms
47ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5565374&tm=gtm002&Ver=2&mid=43f914f4-c920-4e59-9812-6dcfa911ce16&sid=2b24d6a00f8011efaea25f75c875b433&vid=2b24bb000f8011efb9e14f1ca5de03de&vids=0&msclkid=N&gtm_tag_source=ua_e&gc=USD&tpp=1&ea=page-ready&en=Y&p=https%3A%2F%2Fwww.firstleaf.com%2F&sw=1600&sh=1200&sc=24&evt=custom&rn=211922

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 11 May 2024 10:21:02 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 281DBE57DB5F4F30B7A4B05A1179A55F Ref B: DUS30EDGE0310 Ref C: 2024-05-11T10:21:03Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 digibox.gif
www.lightboxcdn.com/z9g/ 35 B
279 B 33ms
33ms Image
image/gif 2606:4700::6813:d383
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.lightboxcdn.com/z9g/digibox.gif?c=1715422863487&h=www.firstleaf.com&e=p&u=44194
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/?utm_source=lot18
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:d383 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Sat, 11 May 2024 10:21:03 GMT
cf-cache-status: HIT
content-md5: KNaBTzCeoon4R8ac+RGUxg==
age: 2391657
cf-polished: status=not_needed
x-ms-meta-cbmodifiedtime: Fri, 02 Dec 2022 00:02:02 GMT
content-length: 35
x-ms-lease-status: unlocked
cf-bgj: imgq:85,h2pri
last-modified: Fri, 02 Dec 2022 00:02:38 GMT
server: cloudflare
etag: 0x8DAD3F8864E2F29
vary: Accept-Encoding
content-type: image/gif
x-ms-request-id: e979446f-501e-0011-4b70-752f2b000000
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 882170a0de25381c-FRA

GET
H2 200 fs.js Show response
edge.fullstory.com/s/ Frame 291E 271 KB
0 0ms
0ms Script
application/javascript 35.201.112.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.fullstory.com/s/fs.js
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 186.112.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 5b1eea2bfdf21be2bcdd47f818549ae4548c93d7e525de1d376581ce85f00878

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 09:50:41 GMT
content-encoding: br
age: 1821
x-guploader-uploadid: ABPtcPp7aTi3h34rPY1-wDAeP39Vg9Ve2-iMr_zfjSnXhrLsl_g6pEwIgWEWDzbD9e-yPEtYepk
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75003
last-modified: Thu, 09 May 2024 14:47:07 GMT
server: UploadServer
etag: "6c20d1208acd7791e17afdd940bb83df"
vary: Accept-Encoding
x-goog-generation: 1715266027371467
x-goog-hash: crc32c=V4tGfA==, md5=bCDRIIrNd5Hhev3ZQLuD3w==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 75003
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 11 May 2024 10:50:41 GMT

GET
DATA 200
OK truncated
/ 714 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b1043a0dd1a57bddb307b2bac12686151292cf08f095b86d5702a531f9413af

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 670 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4d40b3150ea8494d850dc53c34d42806f60a5afeeddd14d64c667b4978f1921

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 662 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b333edfba237a23eccd269faed9f51d3430824ba342db01043166bf8a7d1f09

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 666 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5bd4ed71008e5c241321562a82cb6d535d7db6b7fbd3783896a96ae48d5211f3

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 664 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8c79e4569e88f2104a0181ddd9428c78b94ee022fc5694a1c4c8805b5fe98560

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 681 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba174758f3512e1225fb25acd56d073b71f92d5cfc332f4ab54a4273765528da

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 659 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0cac1d717f7ebdef430e44e0c211f722a77f29207e553d69e69901276a7e224

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 642 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 136aadbe4eea0b2a6b68a3ec2cd24be6002dc085376ae638768db1d2834c653b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 644 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a0839a70494ec741f3d86d0a3c586be820886d3e5407016453a31ee304d0266

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 667 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87ab28f982528ab1259f99a8c040c11ceb6161e038c8ca1dce09651718058d1d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 658 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74342d26027f9f21a160adb21dea7121e79456c5e7e05579177c6bea0553a7b3

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

OPTIONS
H2 200 pipeline
ct.firstleaf.com/prh/ Frame 0
0 497ms
479ms Preflight 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.firstleaf.com/prh/pipeline

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.firstleaf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.firstleaf.com
access-control-max-age: 600
cf-cache-status: DYNAMIC
cf-ray: 882170a15d0f9b7d-FRA
content-length: 0
date: Sat, 11 May 2024 10:21:04 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 pipeline Show response
ct.firstleaf.com/prh/ 2 B
213 B 464ms
461ms XHR
text/plain 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.firstleaf.com/prh/pipeline

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-origin: https://www.firstleaf.com
access-control-allow-credentials: true
cf-ray: 882170a45bf99006-FRA
content-length: 2

GET
H2 200 p Show response
i.simpli.fi/ 798 B
762 B 39ms
30ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.simpli.fi/p?cid=449212&cb=sifi_att_42656._hp
Requested by: Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/4f1bd082-d454-42cb-bafd-026640e9800e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 145e421f7b16d921f58de72a91f6b92589971093c87cfc0089f4d2d2db165eb8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 5D2F 0
0 79ms
28ms Document
text/html 18.65.39.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.65.39.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-65-39-29.ams1.r.cloudfront.net

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 3122
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Sat, 11 May 2024 09:31:02 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Sat, 04 May 2024 03:50:47 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront)
x-amz-cf-id: TzX5PDicpctAhwveHqaNb_l_7oM96lD4jupwwTgKuAhnSweLwVaXCg==
x-amz-cf-pop: AMS1-P1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 params Show response
shop.pe/widget/main/init/ 260 B
758 B 143ms
142ms Script
text/javascript 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://shop.pe/widget/main/init/params?siteid=62725feabbf6c339ae0dfd75&product=America%27s%20%231%20Awarded%20Wine%20Club%20Subscription%20-%20Firstleaf&product_url=https%3A%2F%2Fwww.firstleaf.com%2F&image=&price=&currency=undefined&rating=0&rating_count=0&review_count=0&stock_status=&description=&update_product=true&subcategory=&url=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&callback=AddShoppersWidget.load_widget&no_cookie_callback=AddShoppersWidget.load_no_cookie&sos=false&rand=81256&cookie=&referer=

Requested by

Host: d2mjzob2nc713b.cloudfront.net
URL: https://d2mjzob2nc713b.cloudfront.net/widget/widget.js?v=9151fab

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

bc118189366abfd17613d474f6f091be82051816c93b2f02f4654e11e508ffe0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-security-policy: frame-ancestors none;
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
backend-version: 47
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
data-regulation-gdpr-enforced: true
referrer-policy: no-referrer-when-downgrade
server: nginx
etag: W/"dcbb1cb6d174af0a4f7a44669d7b361ad3aa5bc2"
x-frame-options: deny
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PATCH
content-type: text/javascript
access-control-allow-origin: https://my.addshoppers.com
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type, X-XSRFToken

POST
H2 204 rum Show response
www.firstleaf.com/cdn-cgi/ 0
183 B 27ms
27ms XHR
text/plain 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstleaf.com/cdn-cgi/rum?

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.firstleaf.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 882170a1c9479006-FRA

GET
H2 200 up
insight.adsrvr.org/track/ Frame F927 0
0 170ms
72ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=l7cyjy0&ref=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&upid=hm2fj8w&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-length: 0
content-type: text/html
date: Sat, 11 May 2024 10:21:03 GMT
server: Kestrel

GET
H2

204

/
s.ad.smaato.net/c/
Redirect Chain

https://um.simpli.fi/smaato
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=56DF409606C14FB68B386DBAF1949BE3

0
237 B

169ms
37ms

Image
text/plain

2600:9000:211e:8000:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=56DF409606C14FB68B386DBAF1949BE3
Protocol: H2
Server: 2600:9000:211e:8000:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
cache-control: no-cache, must-revalidate
via: 1.1 2e4a0520ad8fe16707823b20e9441e08.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: b-EKvdrx0_W_7ZUORdX9EdhaAq7hTWq5m8pHWrPtkqMaX9MRW0HMOg==
x-cache: Miss from cloudfront

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

200

RX-8a1e7395-aa3f-4ab9-9fbe-ef3be44cdc59-003
sync.targeting.unrulymedia.com/csync/
Redirect Chain

https://um.simpli.fi/nexxen
https://sync.1rx.io/usersync/simplifi/56DF409606C14FB68B386DBAF1949BE3
https://sync.1rx.io/usersync/simplifi/56DF409606C14FB68B386DBAF1949BE3?zcc=1&cb=1715422863886
https://sync.targeting.unrulymedia.com/csync/RX-8a1e7395-aa3f-4ab9-9fbe-ef3be44cdc59-003

43 B
378 B

471ms
44ms

Image
image/gif

46.228.174.117
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-8a1e7395-aa3f-4ab9-9fbe-ef3be44cdc59-003
Protocol: H2
Server: 46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-8a1e7395-aa3f-4ab9-9fbe-ef3be44cdc59-003
pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
cache-control: no-store, no-cache, must-revalidate
expires: 0
content-type: text/html

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=56DF409606C14FB68B386DBAF1949BE3&dongle=yf3

37 B
140 B

136ms
25ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7969&xuid=56DF409606C14FB68B386DBAF1949BE3&dongle=yf3
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://eb2.3lift.com/xuid?mid=7969&xuid=56DF409606C14FB68B386DBAF1949BE3&dongle=yf3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=56DF409606C14FB68B386DBAF1949BE3

43 B
175 B

399ms
112ms

Image
image/gif

2600:1f18:612b:4264:5164:8407:81ce:65ea
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=56DF409606C14FB68B386DBAF1949BE3
Protocol: H2
Server: 2600:1f18:612b:4264:5164:8407:81ce:65ea Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Sat, 11 May 2024 10:21:04 GMT
server: nginx
content-type: image/gif

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://simplifi.partners.tremorhub.com/sync?UISF=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://um.simpli.fi/tapad
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=56DF409606C14FB68B386DBAF1949BE3
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=56DF409606C14FB68B386DBAF1949BE3

95 B
436 B

41ms
35ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=56DF409606C14FB68B386DBAF1949BE3

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=56DF409606C14FB68B386DBAF1949BE3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

empty.gif
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=56DF409606C14FB68B386DBAF1949BE3
https://d.agkn.com/pixel/10751/?che=1715422863866&ip=217.114.218.29&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D217273104879001114375
https://um.simpli.fi/aa_px?sk=217273104879001114375
https://um.simpli.fi/empty.gif

43 B
361 B

29ms
28ms

Image
image/gif

35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/empty.gif

Protocol

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43

Redirect headers

date: Sat, 11 May 2024 10:21:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: /empty.gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142

GET

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=56DF409606C14FB68B386DBAF1949BE3

0
0

GET
H2 200 pubmatic
um.simpli.fi/ 43 B
409 B 36ms
34ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2 200 freewheel
um.simpli.fi/ 43 B
409 B 39ms
38ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/freewheel

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=56DF409606C14FB68B386DBAF1949BE3;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=56DF409606C14FB68B386DBAF1949BE3;mimetype=img;sr
https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NDg3NzQ3NDYxMjI4MDcwNzYxNw==

170 B
232 B

31ms
30ms

Image
image/png

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NDg3NzQ3NDYxMjI4MDcwNzYxNw==

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 google
server: Apache-Coyote/1.1
anserver: gapp-eu-4.c.datonics-gcp-01.internal
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NDg3NzQ3NDYxMjI4MDcwNzYxNw==
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=56DF409606C14FB68B386DBAF1949BE3&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=56DF409606C14FB68B386DBAF1949BE3&j=0&xl8blockcheck=1

0
771 B

49ms
47ms

Image
text/plain

54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=2191&simid=56DF409606C14FB68B386DBAF1949BE3&j=0&xl8blockcheck=1
Protocol: H2
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=56DF409606C14FB68B386DBAF1949BE3&j=0&xl8blockcheck=1
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2 200 yahoo
um.simpli.fi/ 43 B
409 B 40ms
39ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/yahoo

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=56DF409606C14FB68B386DBAF1949BE3

0
421 B

523ms
114ms

Image
text/plain

52.70.157.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=56DF409606C14FB68B386DBAF1949BE3
Protocol: HTTP/1.1
Server: 52.70.157.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-70-157-54.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Date: Sat, 11 May 2024 10:21:04 GMT

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.bfmio.com/sync?pid=141&uid=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

200

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=56DF409606C14FB68B386DBAF1949BE3

62 B
478 B

306ms
181ms

Image
image/gif

72.246.169.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=56DF409606C14FB68B386DBAF1949BE3
Protocol: H2
Server: 72.246.169.24 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-246-169-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Sat, 11 May 2024 10:21:04 GMT
content-length: 62
x-request-id: e05a175ba127a69ebe6a0e47701004b9
content-type: image/gif

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://stags.bluekai.com/site/29931?id=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

404

tpid=56DF409606C14FB68B386DBAF1949BE3
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=56DF409606C14FB68B386DBAF1949BE3

49 B
266 B

169ms
45ms

Image
image/gif

54.77.42.245
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=56DF409606C14FB68B386DBAF1949BE3
Protocol: H2
Server: 54.77.42.245 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-42-245.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.31.147
content-length: 49
expires: 0

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

204

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=56DF409606C14FB68B386DBAF1949BE3

0
223 B

172ms
45ms

Image
text/plain

18.203.106.185
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=56DF409606C14FB68B386DBAF1949BE3
Protocol: H2
Server: 18.203.106.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-106-185.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

expires: Fri, 20 Mar 2009 00:00:00 GMT
pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
x-merge: GDPR Optout true
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://ce.lijit.com/merge?pid=2&3pid=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

451

419566.gif
idsync.rlcdn.com/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=56DF409606C14FB68B386DBAF1949BE3

0
98 B

155ms
32ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/419566.gif?partner_uid=56DF409606C14FB68B386DBAF1949BE3
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://idsync.rlcdn.com/419566.gif?partner_uid=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1715422863648&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1...
https://www.google.com/pagead/1p-conversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiw...
https://www.google.de/pagead/1p-conversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiww...

42 B
64 B

63ms
33ms

Image
image/gif

142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI4-65k7CFhgMVWkUdCR3iUQWEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6Gmh0dHBzOi8vd3d3LmZpcnN0bGVhZi5jb20v&is_vtc=1&cid=CAQSGwB7FLtqtYq3_DjMO6iF45w01s0VseJ-TWPoVQ&random=838564781&ipr=y

Protocol

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/1026675585/?random=1058602455&cv=7&fst=1715422863648&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI4-65k7CFhgMVWkUdCR3iUQWEMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6Gmh0dHBzOi8vd3d3LmZpcnN0bGVhZi5jb20v&is_vtc=1&cid=CAQSGwB7FLtqtYq3_DjMO6iF45w01s0VseJ-TWPoVQ&random=838564781&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 spotx_match
um.simpli.fi/ 0
272 B 41ms
40ms Image
text/plain 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/spotx_match

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=56DF409606C14FB68B386DBAF1949BE3
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D56DF409606C14FB68B386DBAF1949BE3

43 B
1 KB

73ms
71ms

Image
image/gif

185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D56DF409606C14FB68B386DBAF1949BE3

Protocol

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:04 GMT
an-x-request-uuid: 822ad78d-dfd3-40f5-8ed9-7037c0b8500c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.29; 217.114.218.29; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
an-x-request-uuid: ecc46185-5b98-4d91-bf3c-c44c837aa266
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D56DF409606C14FB68B386DBAF1949BE3
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.29; 217.114.218.29; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=56DF409606C14FB68B386DBAF1949BE3&expires=365

0
239 B

125ms
23ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=56DF409606C14FB68B386DBAF1949BE3&expires=365
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 9db1556130a9e92b896eecae836f6a70
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=56DF409606C14FB68B386DBAF1949BE3&expires=365
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=56DF409606C14FB68B386DBAF1949BE3

43 B
273 B

158ms
36ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072966&val=56DF409606C14FB68B386DBAF1949BE3
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Sat, 11 May 2024 10:21:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=56DF409606C14FB68B386DBAF1949BE3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 10 May 2024 10:21:03 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ 170 B
409 B 82ms
28ms Image
image/png 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 params Show response
shop.pe/widget/main/init/ 1 KB
681 B 151ms
151ms Script
text/javascript 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://shop.pe/widget/main/init/params?siteid=62725feabbf6c339ae0dfd75&product=America%27s%20%231%20Awarded%20Wine%20Club%20Subscription%20-%20Firstleaf&product_url=https%3A%2F%2Fwww.firstleaf.com%2F&image=&price=&currency=undefined&rating=0&rating_count=0&review_count=0&stock_status=&description=&update_product=true&subcategory=&url=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&callback=AddShoppersWidget.load_widget&rand=99263&cookie=2%7C1%3A0%7C10%3A1715422863%7C15%3Aaddshoppers.com%7C44%3AMTFmYjQ1NjZkNGMyNGI1YWJjY2Q2NzQ1YTBjMzhjMDE%3D%7Cddd26a3845c791c53a52a37e3b245148bb52aa2ff284b96cbcdc6bb6cad4931a&referer=

Requested by

Host: d2mjzob2nc713b.cloudfront.net
URL: https://d2mjzob2nc713b.cloudfront.net/widget/widget.js?v=9151fab

Protocol

Security

QUIC, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

d3895ed8351a3a92f449975826c56af1128460d3d0f60495a9da0d41f394ac3d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors none;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:03 GMT
content-security-policy: frame-ancestors none;
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
backend-version: 47
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
data-regulation-gdpr-enforced: true
referrer-policy: no-referrer-when-downgrade
server: nginx
etag: W/"650a58a82944515cc6e3495bd8d8495a459222bd"
x-frame-options: deny
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PATCH
content-type: text/javascript
access-control-allow-origin: https://my.addshoppers.com
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type, X-XSRFToken

GET
H/1.1 200
OK ba5cd1e2255e4f75a0ae1c1cd34f0620.js Show response
addshoppers.s3.amazonaws.com/customize/62725feabbf6c339ae0dfd75/ 12 KB
3 KB 394ms
151ms Script
application/javascript 16.182.71.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://addshoppers.s3.amazonaws.com/customize/62725feabbf6c339ae0dfd75/ba5cd1e2255e4f75a0ae1c1cd34f0620.js?_t=1710932643
Requested by: Host: d2mjzob2nc713b.cloudfront.net
URL: https://d2mjzob2nc713b.cloudfront.net/widget/widget.js?v=9151fab
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 16.182.71.201 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0f2a70caf9e4a17da7c2a145e34625f90d4031f5ed7b690657a514c5c89e26cd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:05 GMT
Content-Encoding: gzip
x-amz-version-id: M2ZIchM.jKTOWMYpMmD_1lJ.BPSUIS5B
Last-Modified: Wed, 20 Mar 2024 11:04:04 GMT
Server: AmazonS3
x-amz-request-id: 5MRMZG99E0ZY4GF0
ETag: "c7f138455b360f8e7e1c0070f44ec49d"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
Content-Length: 2146
x-amz-id-2: 87aOG2qa0mSBFVpv4WHP4Wa3BW2ZC2qr2f5ecA0hQeKehso0UTwbHd51rqNNPobX1zAM8Qy3rSE=

GET
H2 200 input.js Show response
shopper.shop.pe/ 26 KB
9 KB 86ms
21ms Script
application/javascript 35.190.54.17
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://shopper.shop.pe/input.js
Requested by: Host: shop.pe
URL: https://shop.pe/widget/widget_async.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.54.17 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 17.54.190.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 620a97911c6964bfc7cfacf4df74b3ba598ef728f2117675d171e4c62d500add

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 08:51:33 GMT
content-encoding: gzip
age: 5371
x-guploader-uploadid: ABPtcPpgJWaMODwkCyHr_sArfFzgDITMWLBj5fYKzT1yF5E9LY3oITwjWKGRK_G-lU_4fIKqf2_Z1cEMJg
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8831
last-modified: Tue, 13 Feb 2024 16:47:53 GMT
server: UploadServer
etag: "d311745e83077b078fa566c77a15d9b5"
vary: Accept-Encoding
x-goog-generation: 1707842873418606
x-goog-hash: crc32c=mi0bhQ==, md5=0xF0XoMHewePpWbHehXZtQ==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=14400
x-goog-stored-content-length: 8831
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
expires: Sat, 11 May 2024 12:51:33 GMT

GET
H2 200 status Show response
app.shop.pe/app/datapartners/ 34 B
509 B 211ms
136ms XHR
application/json 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shop.pe/app/datapartners/status?usersite_id=62725feabbf6c339ae0dfd75

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

b4435b5ac2f1916ed1135fb1738a1cef87cb666f4356a6678fb1c77e1273f9e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
via: 1.1 google
server: nginx
etag: W/"0467ba22658b680d6de72dc567071b5bc495547f"
x-frame-options: deny
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PATCH
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type, X-XSRFToken
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

HEAD
H2 200 consent Show response
manage.safeopt.com/ 0
833 B 206ms
134ms XHR
text/html 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://manage.safeopt.com/consent

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
data-regulation-gdpr-enforced: true
server: nginx
etag: "da39a3ee5e6b4b0d3255bfef95601890afd80709"
x-frame-options: deny
access-control-allow-methods: HEAD, GET, POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: Data-Regulation-Gdpr-Enforced
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type, Data-Regulation-Gdpr-Enforced

GET
H2 200 R912152769.json Show response
api.firstleaf.com/api/v2/cart/ 919 B
476 B 240ms
240ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.firstleaf.com/api/v2/cart/R912152769.json?order_token=mTwdqxXxE6BgrNMLrVYl7A

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

512008ab0682a825b4551ad5f180b3fabfef80345b1fdeeddffce7f947ef1ff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: ed091237-2db0-4888-9a52-5d2b4e037b13
x-runtime: 0.072625
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"512008ab0682a825b4551ad5f180b3fa"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.firstleaf.com
access-control-expose-headers: DNT,Keep-Alive,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=0, private, must-revalidate
cf-ray: 882170a4d98a9b7d-FRA
access-control-allow-headers: DNT,Keep-Alive,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 iframe
nytrng.com/ Frame 237E 0
0 504ms
168ms Document
text/html 99.83.128.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nytrng.com/iframe?vcp=4dd5h0np&as_id=11fb4566d4c24b5abccd6745a0c38c01
Requested by: Host: d2mjzob2nc713b.cloudfront.net
URL: https://d2mjzob2nc713b.cloudfront.net/widget/widget.js?v=9151fab
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.128.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a954c1fc80b8251dc.awsglobalaccelerator.com
Software: gunicorn /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-length: 416
content-type: text/html; charset=utf-8
date: Sat, 11 May 2024 10:21:04 GMT
server: gunicorn

GET
H2 200 getuidj Show response
ib.adnxs.com/ 29 B
1 KB 29ms
29ms Fetch
application/json 185.89.210.20
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.20 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

29aad6322d2def02fa3466c6ea2513dacb18480f1d6572d18d4204f91fde6d6e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:04 GMT
an-x-request-uuid: 0eb62e3c-9e43-4d30-96ac-5433a8c8b367
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.firstleaf.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.29; 217.114.218.29; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 29
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 web-widget-chat-incoming-message-notification-1220b2e.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame 7D84 236 B
843 B 42ms
41ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-1220b2e.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1220b2e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
x-amz-version-id: YnVbnvsPI6yxK4Yma2Fxs.OyXj1LwPNg
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: CPDCYVRYC76HB5V6
age: 165535
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: EtTiXRAUGpNuSy2PTejRgEynw5/MXjpKdByLt+sPcoBqGbmeGJxrO6Lk2eJerfYaJj8hVwgZQnQNoh2xZvWNMw==
last-modified: Mon, 06 May 2024 20:36:56 GMT
server: cloudflare
etag: W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5SIuznk1FK15Jw1VAivsq7OggYD2r2NYAYq3XntinxBDqYYk1jFfRLvqarb2iW4oTgULXbzpbwJ4X9YC%2F5mhXSvbu1xxJxmj1UAx4%2FdcL1Pb8fbQ8B6WbZXOFObFSdJgll64wo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 882170a62e9c6904-FRA
access-control-allow-headers: *
expires: Tue, 06 May 2025 20:36:55 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ba93f0c1f5b72395ea5024e97ba149d96cffbe73e8e4a2546921ba3404f146c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 ship_to_info.json Show response
api.firstleaf.com/api/ 14 B
163 B 256ms
256ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.firstleaf.com/api/ship_to_info.json

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aca66b739fcde148403f4735fd9091fbc02455deb4e6c186ea52cb71692f6269

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: cf362d0c-cb26-4685-9774-02a7fa5dbccb
x-runtime: 0.097746
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"aca66b739fcde148403f4735fd9091fb"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, PATCH, PUT, OPTIONS, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.firstleaf.com
access-control-expose-headers: DNT,Keep-Alive,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=0, private, must-revalidate
cf-ray: 882170a67bff9b7d-FRA
access-control-allow-headers: DNT,Keep-Alive,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 206 fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 7D84 19 KB
20 KB 37ms
37ms Media
audio/mpeg 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
x-amz-version-id: Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: KH5VE2Z70ZGQ75A2
age: 5070064
x-amz-server-side-encryption: AES256
Content-Range: bytes 0-19697/19698
x-amz-replication-status: COMPLETED
Content-Length: 19698
x-amz-id-2: LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified: Wed, 29 Nov 2023 08:06:43 GMT
server: cloudflare
etag: "f11ce9e8f40a392830217253fe75d6de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMSBJrNrAsq%2BbiH0Vk%2FaBsRijyLvxD%2B4kfXvzt05DnpEdcjev0FGR0pFXOfzpimv9eb3StvPbfHlxzOGrqtTc2ASJneH1FUb7GsuUyVeQaP5VkzSOvDNP576I%2BgxSsTd8s8Wwa0%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 882170a68ef46904-FRA
access-control-allow-headers: *
expires: Thu, 28 Nov 2024 08:06:42 GMT

POST
H3 200 triggered_email_attribution Show response
app.shop.pe/app/ 29 B
69 B 138ms
136ms XHR
application/json 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shop.pe/app/triggered_email_attribution

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

85ad9c4586b439a1f2ce5516c218bed3c64110ac93bb7c916894240392503053

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 11 May 2024 10:21:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
via: 1.1 google
server: nginx
x-frame-options: deny
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PATCH
p3p: policyref="/w3c/p3p.xml", CP="CAO PSA OUR"
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type, X-XSRFToken
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 204 triggered_email_attribution
app.shop.pe/app/ Frame 0
0 137ms
133ms Preflight 35.227.244.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.shop.pe/app/triggered_email_attribution

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.244.1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

1.244.227.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	deny

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.firstleaf.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type, X-XSRFToken
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PATCH
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 11 May 2024 10:21:04 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
x-frame-options: deny

GET
H2 200 existing_users_dynamo Show response
b0vbfk2zr6.execute-api.us-east-1.amazonaws.com/initaldeploy/ 5 B
349 B 416ms
144ms XHR
application/json 18.214.101.0
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://b0vbfk2zr6.execute-api.us-east-1.amazonaws.com/initaldeploy/existing_users_dynamo?user=3277836400188963492&shop=2856&version=1
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.214.101.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-101-0.compute-1.amazonaws.com
Software: /
Resource Hash: fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:05 GMT
x-amzn-trace-id: Root=1-663f4691-4ace40691cb5fc6c6aac24f6;Parent=47f30d2ebe806bda;Sampled=0;lineage=5a5d5642:0
x-amzn-requestid: dc09c2f8-b4b2-4a6a-bb95-585cadb9c9f3
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
x-amz-apigw-id: Xmf2tFD9IAMEAhA=
content-length: 5
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token

GET
H/1.1 200
OK generic Show response
app.cybba.solutions/event/2856/ 79 B
442 B 408ms
115ms Script
text/javascript 138.197.61.175
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://app.cybba.solutions/event/2856/generic?data=%7B%22userId%22%3A%223379843019036365%22%2C%22type%22%3A%22generic%22%2C%22generic%22%3A%7B%22event_name%22%3A%22zandruid%22%2C%22itemId%22%3A%223277836400188963492%22%7D%2C%22device%22%3A%22desktop%22%7D&callback=_vtsdk.eventApi.callbackEvent&_ts=62709219

Requested by

Host: files1.cybba.solutions
URL: https://files1.cybba.solutions/2856/loader.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

138.197.61.175 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx, nginx /

Resource Hash

864b44b7de74762c3ae052f54a0edc714e38b1ac585bf1b907d36c3960b59c4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Strict-Transport-Security: max-age=3600
Server: nginx, nginx
X-Frame-Options: deny
Content-Type: text/javascript;; charset=utf-8
Cache-Control: no-cache
Connection: close
X-Robots-Tag: noindex
Content-Length: 79
x-process-time: 0.0010943412780761719
Expires: Sat, 11 May 2024 10:21:01 GMT

GET
H2 200 favicon-32x32.png
www.firstleaf.com/ 1 KB
1 KB 76ms
76ms Other
image/png 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/favicon-32x32.png?v=7b7f9aa145c31aa0e609358ef9dd6eff
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c1b6421aea2826dd24de09eecdb38372dc0b2d3156f6218a1ced71e5678e148

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:05 GMT
via: 1.1 83f37b03194be210134265ef78592588.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1238
last-modified: Tue, 10 Jan 2023 16:53:12 GMT
server: cloudflare
etag: "8e44e6953a41676b481d160e68df4fd6"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 882170ab8b609006-FRA
x-amz-cf-id: x9Wty7U3awxX9arCE7IrONzZdqTV7hYYQ6LqjAznDqRRys1vxFrrUw==

GET
H/1.1 200
OK pageview Show response
app.cybba.solutions/event/2856/ 79 B
442 B 684ms
113ms Script
text/javascript 138.197.61.175
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://app.cybba.solutions/event/2856/pageview?data=%7B%22userId%22%3A%223379843019036365%22%2C%22type%22%3A%22pageview%22%2C%22url%22%3A%22https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18%22%2C%22generic%22%3A%7B%22itemId%22%3A%22DE%7CThuringia%22%7D%2C%22device%22%3A%22desktop%22%7D&callback=_vtsdk.eventApi.callbackEvent&_ts=59702274

Requested by

Host: files1.cybba.solutions
URL: https://files1.cybba.solutions/2856/loader.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

138.197.61.175 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx, nginx /

Resource Hash

864b44b7de74762c3ae052f54a0edc714e38b1ac585bf1b907d36c3960b59c4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=3600
X-Frame-Options	deny

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 11 May 2024 10:21:02 GMT
Strict-Transport-Security: max-age=3600
Server: nginx, nginx
X-Frame-Options: deny
Content-Type: text/javascript;; charset=utf-8
Cache-Control: no-cache
Connection: close
X-Robots-Tag: noindex
Content-Length: 79
x-process-time: 0.0011334419250488281
Expires: Sat, 11 May 2024 10:21:01 GMT

POST
H2 200 v2 Show response
rs.fullstory.com/rec/bundle/ 29 B
91 B 653ms
539ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle/v2?OrgId=134SPF&UserId=f63bbcc8-9e65-4ebd-a295-8dce86ddad38&SessionId=175b5cb4-25de-494a-8612-aa4f9c5a6a98&PageId=08ccdf9f-09eb-466a-a40a-e6dc625aa519&Seq=1&ClientTime=1715422865690&PageStart=1715422863077&PrevBundleTime=0&LastActivity=1928&IsNewSession=true&ContentEncoding=gzip
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 925bc8b922a68f14556aef118cbcf610f7bad372c2dd3c701352e29bf19b5448

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.firstleaf.com
date: Sat, 11 May 2024 10:21:06 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
content-type: application/json; charset=utf-8

GET
H2 200 page-data.json
www.firstleaf.com/page-data/index/ 0
492 B 463ms
463ms Other
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/index/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
via: 1.1 f996db233b87d6765cc5ad56701268d8.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:27:39 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"80cacce87d148cf2fd3151134632c48c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc2d9006-FRA
x-amz-cf-id: cGw55gV1vF2VHYqNqImneDJmgsM6wQLK2Q4prWaAZoskxhAQ_Vha0Q==

GET
H2 200 page-data.json
www.firstleaf.com/page-data/membership-plans/ 0
505 B 457ms
455ms Other
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/membership-plans/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:27:39 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"c4834ca754455399901b4ad5198458b3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc2f9006-FRA
x-amz-cf-id: zepENxuDpF4WVR59UVPdOE_7qkkscfX_sl_vQebEpAGsU8Zmwqciiw==

GET
H2 200 page-data.json
www.firstleaf.com/page-data/store/ 0
88 KB 147ms
146ms Other
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/store/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
content-encoding: gzip
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Sat, 11 May 2024 08:12:47 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"ba2d5f7afd3fe10544cd9943f3ce3ce5"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc309006-FRA
x-amz-cf-id: 0YwHA63Q7GHkw4Cy_xwSVdw51_w1EAYUGM4FC6nhi2BZeRDhlsldWQ==

GET
H2 200 page-data.json
www.firstleaf.com/page-data/accessibility/ 0
528 B 479ms
478ms Other
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/accessibility/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/app-2928ab446c328d4b8660.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Origin: https://www.firstleaf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
via: 1.1 1eee8db55908814c8f0cde754e3bee5a.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:27:38 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"1913489caf9a777e4668be1101f9da98"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc319006-FRA
x-amz-cf-id: CFEb55ZrtJoHQJhfpM2Tbpu4fEvxiTy4165vziSvj6dsLgl7Z4HNzA==

GET
H2 200 page-data.json Show response
www.firstleaf.com/page-data/store/ 607 KB
0 0ms
0ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/store/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49bd0056f6ad67d87b78284ee24a096564a95756639e3dc1e633f220a2c37f1a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
content-encoding: gzip
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
last-modified: Sat, 11 May 2024 08:12:47 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"ba2d5f7afd3fe10544cd9943f3ce3ce5"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc309006-FRA
x-amz-cf-id: 0YwHA63Q7GHkw4Cy_xwSVdw51_w1EAYUGM4FC6nhi2BZeRDhlsldWQ==

GET
H2 200 page-data.json Show response
www.firstleaf.com/page-data/membership-plans/ 500 B
0 0ms
0ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/membership-plans/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14cb3005a85511b827d2a7d05daebd0c50a5d3a2a0d1b61ca59e54598016710f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
via: 1.1 37236193bd380575cb98e661bedbb260.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:27:39 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"c4834ca754455399901b4ad5198458b3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc2f9006-FRA
x-amz-cf-id: zepENxuDpF4WVR59UVPdOE_7qkkscfX_sl_vQebEpAGsU8Zmwqciiw==

GET
H2 200 page-data.json Show response
www.firstleaf.com/page-data/index/ 467 B
0 1ms
0ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/index/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb8f44264d68c7262a98c0ff3408e35c98df3173b17e4d4274554ba2050d7e4b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
via: 1.1 f996db233b87d6765cc5ad56701268d8.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:27:39 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"80cacce87d148cf2fd3151134632c48c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc2d9006-FRA
x-amz-cf-id: cGw55gV1vF2VHYqNqImneDJmgsM6wQLK2Q4prWaAZoskxhAQ_Vha0Q==

GET
H2 200 page-data.json Show response
www.firstleaf.com/page-data/accessibility/ 488 B
0 1ms
0ms XHR
application/json 2606:4700:10::6816:2cf6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstleaf.com/page-data/accessibility/page-data.json
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2cf6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7ca79df32bcaca55c2aa4e7fd9f5836507b658f43645febc482046ead14db09

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/?utm_source=lot18
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:06 GMT
via: 1.1 1eee8db55908814c8f0cde754e3bee5a.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 29 Apr 2024 15:27:38 GMT
server: cloudflare
x-amz-cf-pop: FRA56-P8
x-amz-server-side-encryption: AES256
etag: W/"1913489caf9a777e4668be1101f9da98"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json
cache-control: public, max-age=0, must-revalidate
cf-ray: 882170b3dc319006-FRA
x-amz-cf-id: CFEb55ZrtJoHQJhfpM2Tbpu4fEvxiTy4165vziSvj6dsLgl7Z4HNzA==

POST
H3 200 pdst-events-prod-sink Show response
us-central1-adaptive-growth.cloudfunctions.net/ 2 B
41 B 190ms
189ms Fetch
text/html 216.239.36.54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink
Requested by: Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.36.54 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.firstleaf.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 11 May 2024 10:21:07 GMT
content-encoding: gzip
server: Google Frontend
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 8f78c1673a579f22442b641dc6d36ecc
cache-control: private
function-execution-id: dc2e6zbxm50y
access-control-allow-headers: Content-Type, Accept
content-length: 22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H3 200 v2 Show response
rs.fullstory.com/rec/bundle/ 29 B
43 B 151ms
144ms XHR
application/json 35.186.194.58
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rs.fullstory.com/rec/bundle/v2?OrgId=134SPF&UserId=f63bbcc8-9e65-4ebd-a295-8dce86ddad38&SessionId=175b5cb4-25de-494a-8612-aa4f9c5a6a98&PageId=08ccdf9f-09eb-466a-a40a-e6dc625aa519&Seq=2&ClientTime=1715422868193&PageStart=1715422863077&PrevBundleTime=1715422865768&LastActivity=4407&IsNewSession=true&ContentEncoding=gzip
Requested by: Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 58.194.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 5121d8fa89d52528abcb145926680c5ba691319f8c429d201b5a0e591b8ac3af

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.firstleaf.com
date: Sat, 11 May 2024 10:21:08 GMT
via: 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
content-type: application/json; charset=utf-8

GET
H3

200

landing
googleads.g.doubleclick.net/pagead/
Redirect Chain

https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3l2l5&rnd=2133474707.1715422869&url=https%3A%2F%2Fwww.firstleaf.com%2F&dma_cps=sypham&dma=1&npa=1&gtm=45He4580n71TKCVNWv71863389za200&auid=63...
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3l2l5&rnd=2133474707.1715422869&url=https%3A%2F%2Fwww.firstleaf.com%2F&dma_cps=sypham&dma=1&npa=1&gtm=45He4580n71TKCVNWv71863389...

42 B
66 B

34ms
34ms

Ping
image/gif

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3l2l5&rnd=2133474707.1715422869&url=https%3A%2F%2Fwww.firstleaf.com%2F&dma_cps=sypham&dma=1&npa=1&gtm=45He4580n71TKCVNWv71863389za200&auid=63613877.1715422869

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.firstleaf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3l2l5&rnd=2133474707.1715422869&url=https%3A%2F%2Fwww.firstleaf.com%2F&dma_cps=sypham&dma=1&npa=1&gtm=45He4580n71TKCVNWv71863389za200&auid=63613877.1715422869
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
255 B 90ms
28ms Ping
text/plain 2001:4860:4802:32::36

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-3TS4P88RE5&gtm=45je4580v887522027z871863389za200&_p=1715422861804&_gaz=1&gcs=G111&gcd=13t3tPl2l5&npa=1&dma_cps=sypham&dma=1&cid=2131404295.1715422869&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.201%7CGoogle%2520Chrome%3B124.0.6367.201%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1715422862&sct=1&seg=0&dl=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&dt=America%27s%20%231%20Awarded%20Wine%20Club%20Subscription%20-%20Firstleaf&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=10547
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3TS4P88RE5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstleaf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 93ms
27ms Ping
text/plain 2a00:1450:400c:c02::9b

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3TS4P88RE5&cid=2131404295.1715422869&gtm=45je4580v887522027z871863389za200&aip=1&dma=1&dma_cps=sypham&gcs=G111&gcd=13t3tPl2l5&npa=1&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3TS4P88RE5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c02::9b -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstleaf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
210 B 34ms
32ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=265608631&t=pageview&_s=1&dl=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&dp=%2F&ul=de-de&de=UTF-8&dt=America%27s%20%231%20Awarded%20Wine%20Club%20Subscription%20-%20Firstleaf&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDACEABFAAAACAAI~&jid=730792179&gjid=370023268&cid=2131404295.1715422869&tid=UA-68049103-4&_gid=1427574874.1715422869&_r=1&_slc=1&gtm=45He4580n71TKCVNWv71863389za200&cd1=intro-price%7Cvariant-member-pricing&cd2=intro-price-fs-050923%7Cmember-pricing-130323&gcs=G111&gcd=13t3t3l2l5&dma_cps=sypham&dma=1&npa=1&z=896580236

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstleaf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 44ms
44ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-3TS4P88RE5&cid=2131404295.1715422869&gtm=45je4580v887522027z871863389za200&aip=1&dma=1&dma_cps=sypham&gcs=G111&gcd=13t3tPl2l5&npa=1&frm=0&z=159256338

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 11 May 2024 10:21:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 33ms
27ms XHR
text/plain 2a00:1450:400c:c02::9b

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-68049103-4&cid=2131404295.1715422869&jid=730792179&gjid=370023268&_gid=1427574874.1715422869&npa=1&_u=aCDACEAAFAAAACAAI~&z=2139893891

Requested by

Host: www.firstleaf.com
URL: https://www.firstleaf.com/43-045885a313a9d7be16f4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c02::9b -, , ASN (),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.firstleaf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 11 May 2024 10:21:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstleaf.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.intentiq.com
URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=56DF409606C14FB68B386DBAF1949BE3

Verdicts & Comments Add Verdict or Comment

288 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

57 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.firstleaf.com/	1970-01-20 20:30:24	Name: _sp_ses.bd58 Value: *
.firstleaf.com/	1970-01-20 20:30:24	Name: FL_Referrer Value: 2
.trkn.us/	1970-01-21 05:15:58	Name: barometric[cuid] Value: cuid_663f468e-9cd0-4170-b2f0-72e655622c6b
.simpli.fi/	1970-01-21 05:17:25	Name: suid Value: 56DF409606C14FB68B386DBAF1949BE3
www.firstleaf.com/	1970-01-21 05:15:58	Name: __pdst Value: 3af77b93600a478289d90dbc76f73e5c
.firstleaf.com/	1970-01-21 05:59:10	Name: cjConsent Value: MHxZfDB8Tnww
.bing.com/	1970-01-21 05:51:58	Name: MUID Value: 0B97AB645F2B6DB82522BF185EEB6C2D
.firstleaf.com/	1970-01-21 05:15:58	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Sat+May+11+2024+12%3A21%3A02+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.firstleaf.com%2F%3Futm_source%3Dlot18&groups=C0003%3A0%2CC0004%3A0%2CC0002%3A0%2CC0001%3A1
.www.firstleaf.com/	1969-12-31 23:59:59	Name: _vt_shop Value: 2856
.firstleaf.club/	1970-01-20 21:13:34	Name: rbuid Value: rbos-488dccb2-9592-4e2e-adde-d41469edb609
.firstleaf.com/	1970-01-20 20:30:24	Name: fs_lua Value: 1.1715422863075
.firstleaf.com/	1970-01-21 05:15:58	Name: fs_uid Value: #134SPF#f63bbcc8-9e65-4ebd-a295-8dce86ddad38:175b5cb4-25de-494a-8612-aa4f9c5a6a98:1715422863075::1#/1746958864
.firstleaf.com/	1970-01-20 21:13:34	Name: rbuid Value: rbos-488dccb2-9592-4e2e-adde-d41469edb609
.firstleaf.com/	1970-01-20 22:39:58	Name: _fbp Value: fb.1.1715422863228.1271167027
.www.firstleaf.com/	1970-01-21 05:15:58	Name: _vt_user Value: 3379843019036365_1_false_false
widget-mediator.zopim.com/	1970-01-20 20:40:27	Name: AWSALBCORS Value: eipLdeWl6ptE47ISWXHo31bSfBSPz5dKoS5a77ZwG0gtEuDwGDUKDQD/L/oGjJAFbL9Qz6uoPHKztTPxYOQg5sC7SM39p/bQeE/OD+7GlTUt2QeT/jnlJ2D1MJ4p
.lightboxcdn.com/	1969-12-31 23:59:59	Name: _cfuvid Value: cPtB.N_5BviJE_xiLPEuE_6KvDv_CBlIrAzhKwBumEY-1715422863413-0.0.1.1-604800000
.firstleaf.com/	1970-01-20 20:31:49	Name: _uetsid Value: 2b24d6a00f8011efaea25f75c875b433
.firstleaf.com/	1970-01-21 05:51:58	Name: _uetvid Value: 2b24bb000f8011efb9e14f1ca5de03de
.bing.com/	1970-01-21 05:51:58	Name: MSPTC Value: FBLDL5NYT56Tb5SGeuettD2j5GbEgbLRBJ7GCyEWdxQ
.firstleaf.com/	1970-01-21 06:06:22	Name: _sp_id.bd58 Value: 658dc5f6-0a3f-4d2e-867e-99ffd5782ac4.1715422862.1.1715422864.1715422862.143c1f40-f8ff-4587-8d62-b92acfae40d7
.fbapi.firstleaf.com/	1970-01-20 22:39:58	Name: cee Value: jCSkD3CsnEvNBDNSKaDhiKCxyL3oeL8hOT3QkeOQUqo%3D.%7B%7D
.simpli.fi/	1970-01-20 20:40:27	Name: uid_syncd_secure Value: true
shop.pe/	1970-01-21 06:06:22	Name: addshoppers Value: "2\|1:0\|10:1715422863\|11:addshoppers\|44:MTFmYjQ1NjZkNGMyNGI1YWJjY2Q2NzQ1YTBjMzhjMDE=\|d86191c0206434765af01d92246a4f8690efb8acdf4b7c87880a33cae331b953"
www.firstleaf.com/	1970-01-21 06:06:22	Name: addshoppers.com Value: 2%7C1%3A0%7C10%3A1715422863%7C15%3Aaddshoppers.com%7C44%3AMTFmYjQ1NjZkNGMyNGI1YWJjY2Q2NzQ1YTBjMzhjMDE%3D%7Cddd26a3845c791c53a52a37e3b245148bb52aa2ff284b96cbcdc6bb6cad4931a
.doubleclick.net/	1970-01-20 20:30:23	Name: test_cookie Value: CheckForPermission
.agkn.com/	1970-01-21 05:15:58	Name: ab Value: 0001%3AeGI%2FA0Ck9MNIQXd%2FoTCw%2Bh5RVsOmybqf
.1rx.io/	1970-01-21 05:15:58	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8a1e7395-aa3f-4ab9-9fbe-ef3be44cdc59-003%22%7D
.tapad.com/	1970-01-20 21:56:46	Name: TapAd_TS Value: 1715422863887
.tapad.com/	1970-01-20 21:56:46	Name: TapAd_DID Value: 25de2274-4609-4e37-ab64-f458a9f08a46
.adnxs.com/	1970-01-20 22:39:58	Name: XANDR_PANID Value: l4Zzc84Z7s0TMNLUXnA5gk6TUpMqt4VdrcPoT897cdb_8mdsKexUg2rywVxs5mGEERyNKeIrFZ2-EnDP4zf_WhV_tEpGiDbdypgOkMqRStA.
.adnxs.com/	1970-01-21 06:06:22	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 22:39:58	Name: uuid2 Value: 3277836400188963492
.tapad.com/	1970-01-20 21:56:46	Name: TapAd_3WAY_SYNCS Value:
.pro-market.net/	1970-01-21 00:49:34	Name: anProfile Value: "1121kg7xdbzmp+1+1f=1+1g=1+1j=41+rs=s+rt=20011B60000202403247000000000007+s2=(sdbgr3)+vm=24-56DF409606C14FB68B386DBAF1949BE3"
.pro-market.net/	1970-01-20 21:13:34	Name: anHistory Value: "1121kg7xdbzmp+2+!#7%.#N#<*'"
.exelator.com/	1970-01-20 23:23:10	Name: EE Value: "1d7e55eb5886a15cf9c7725354ef1a11"
.agkn.com/	1970-01-21 05:15:58	Name: u Value: C\|0AAAAAAAALdIDEAAAAAAA
.adnxs.com/	1970-01-20 22:39:58	Name: anj Value: dTM7k!M4.FE:2jUF']wIg2GTrk!!.Z!]tbPl1N!7OnM$=BX0'eUhC>iekQRl!M`cfnv[Hk^^pSfoNE`idxWYjUC6Ks+).D(j#iP(Md+>)fyKnyXqD
.exelator.com/	1970-01-20 23:23:10	Name: ud Value: "eJxrXxzq6XKLQcEwxTzV1DQ1ydTCwizR0DQ5zTLZ3NzI1NjUJDXNMNHQcHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIZEl%252BUWb6IhfXxUUpaQyLSopPBR%252FfPA0Al6YqfQ%253D%253D"
.bluekai.com/	1970-01-21 00:55:20	Name: bku Value: blx99JOswtqtTWTz
.bluekai.com/	1970-01-21 00:55:20	Name: bkpa Value: KJy9nyexd02pSUHknp/8mE1hwtkAwEDtHWR61eAt1eje1EHsxMRTxM1TBAHYxDRhmEx8xADp9y9GExr0
www.firstleaf.com/	1970-01-20 20:40:27	Name: storeOrder Value: %7B%22token%22%3A%22mTwdqxXxE6BgrNMLrVYl7A%22%2C%22number%22%3A%22R912152769%22%7D
.firstleaf.com/	1970-01-21 05:15:58	Name: __zlcmid Value: 1Limi65HtB5Vwrm
.bfmio.com/	1970-01-21 05:15:58	Name: __141_cid Value: 56DF409606C14FB68B386DBAF1949BE3
.bfmio.com/	1970-01-21 05:15:58	Name: __io_cid Value: 94d62840c751c6dc7d6821cb5cf503aa8a9be0d5
.targeting.unrulymedia.com/	1970-01-21 05:15:58	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8a1e7395-aa3f-4ab9-9fbe-ef3be44cdc59-003%22%7D
.firstleaf.com/	1970-01-21 05:15:58	Name: sp Value: f1ac63e8-fac9-43b0-ae69-6ec177aff43c
.firstleaf.com/	1970-01-20 20:31:06	Name: CYB_ID Value: 3379843019036365
m.stripe.com/	1970-01-21 06:06:22	Name: m Value: 6c452ef8-2b4d-4a59-bdda-8e5b3a56d13896ae53
.www.firstleaf.com/	1970-01-21 05:15:58	Name: __stripe_mid Value: 8a48a684-e84c-471c-a753-24077c73632379218a
.www.firstleaf.com/	1970-01-20 20:30:24	Name: __stripe_sid Value: 33231edd-a282-456c-830d-a2f3af9c260b7469fa
www.firstleaf.com/	1970-01-20 20:40:27	Name: shipToState Value: %7B%7D
.firstleaf.com/	1970-01-20 20:30:30	Name: c_64ei Value: ZmFsc2U=
.firstleaf.com/	1970-01-20 20:31:49	Name: cybFalseID Value: 1
.firstleaf.com/	1970-01-20 20:33:15	Name: CYB_AB Value: 1
.firstleaf.com/	1970-01-20 20:31:06	Name: cybSessionID Value: 1

107 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1669030446688031?v=2.9.156&r=stable&domain=www.firstleaf.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 130) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://idsync.rlcdn.com/419566.gif?partner_uid=56DF409606C14FB68B386DBAF1949BE3 Message: Failed to load resource: the server responded with a status of 451 ()
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=56DF409606C14FB68B386DBAF1949BE3 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.firstleaf.com/?utm_source=lot18 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
addshoppers.s3.amazonaws.com
api.firstleaf.com
app.cybba.solutions
app.shop.pe
b0vbfk2zr6.execute-api.us-east-1.amazonaws.com
bat.bing.com
bcp.crwdcntrl.net
cdn.cookielaw.org
cdn.pdst.fm
ce.lijit.com
challenges.cloudflare.com
cloud.typography.com
cm.g.doubleclick.net
connect.facebook.net
ct.firstleaf.com
d.agkn.com
d2mjzob2nc713b.cloudfront.net
d2rp1k1dldbai6.cloudfront.net
eb2.3lift.com
edge.fullstory.com
ekr.zdassets.com
fbapi.firstleaf.com
fei.pro-market.net
files1.cybba.solutions
geolocation.onetrust.com
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
images.firstleaf.com
insight.adsrvr.org
js.adsrvr.org
js.stripe.com
loadm.exelator.com
lot18.com
manage.safeopt.com
nytrng.com
penrosehill.zendesk.com
pixel.rubiconproject.com
pixel.tapad.com
pro.ip-api.com
rbv9j7km.firstleaf.club
rbv9j7km.firstleaf.com
region1.analytics.google.com
rs.fullstory.com
s.ad.smaato.net
sentry.io
shop.pe
shopper.shop.pe
simplifi.partners.tremorhub.com
stags.bluekai.com
static.cloudflareinsights.com
static.zdassets.com
stats.g.doubleclick.net
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
sync.targeting.unrulymedia.com
tag.simpli.fi
trkn.us
um.simpli.fi
us-central1-adaptive-growth.cloudfunctions.net
us-u.openx.net
www.facebook.com
www.firstleaf.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.lightboxcdn.com
www.mczbf.com
www.rtb123.com
sync.intentiq.com
104.16.53.111
104.17.2.184
104.18.72.113
137.184.29.70
138.197.61.175
142.250.185.132
142.250.186.99
16.182.71.201
165.227.198.72
172.217.16.194
172.217.16.200
18.172.103.101
18.203.106.185
18.214.101.0
18.65.39.29
18.65.39.36
185.89.210.20
192.64.119.150
2001:4860:4802:32::36
2001:4860:4802:36::36
216.239.36.54
216.58.212.162
23.197.116.174
2400:52e0:1e00::1080:1
2600:1901:0:8eee::
2600:1f16:ebf:1f02:523f:9ec2:fef8:984a
2600:1f18:612b:4264:5164:8407:81ce:65ea
2600:9000:20eb:f000:16:4ed5:12c0:93a1
2600:9000:211e:8000:1b:5138:8a40:93a1
2600:9000:236e:8c00:d:87ae:bb80:21
2600:9000:26e8:6c00:d:370a:51c0:93a1
2606:4700:10::6816:2cf6
2606:4700:4400::ac40:9b77
2606:4700::6810:4f49
2606:4700::6813:b234
2606:4700::6813:d383
2620:1ec:c11::237
2a00:1450:4001:806::2008
2a00:1450:4001:80b::200e
2a00:1450:400c:c02::9b
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.123.78.215
3.33.220.150
34.111.113.62
35.158.59.121
35.186.194.58
35.186.247.156
35.190.54.17
35.201.112.186
35.204.74.118
35.204.89.238
35.227.244.1
35.244.142.80
35.244.159.8
35.244.174.68
46.228.174.117
51.77.64.70
52.70.157.54
54.77.42.245
54.78.254.47
67.225.220.126
69.173.144.139
72.246.169.24
76.223.111.18
95.101.111.156
99.83.128.14
01af466f48d14857d97a67cd7025ce67c8a0b9ca83ddb6d3f313c7369c432868
02d0cddb81ecbfffffc3b2eba469a45372e7cc0244222faa422b502b3046a509
039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d
04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
06f3e4b1916126cb914e0f197759665066242437bce976b6cddbd9f713adda05
0957d3f57a55721932bb9108206408cf1ab73cb07b68c906b0bae5b33d6c86da
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f2a70caf9e4a17da7c2a145e34625f90d4031f5ed7b690657a514c5c89e26cd
0f88056ae93eb3934cd9cd312a9766a14afadf3cb20c1d2a07d8a8d5344e46bc
1045430f393626478daa15a99c433956371eb7363b26a5239f721f014ba52fa0
104e1dd42b1a93041add9e8f020e9b05405d14ac722ef40a104617435f10bc6d
10a9fb33e08a93b89c3365895199b512887263e05716811dfedac593db29a3f4
122604dbe0e33b2a80cff78e90bd1aefe742828d19a66b357bde8c250035ca33
12a71a8d2d1307f74607a807ceb66a66f427a11d65538021190b620efcb0bb3e
136aadbe4eea0b2a6b68a3ec2cd24be6002dc085376ae638768db1d2834c653b
1415968c3140de6e284d1cfb23dea33007c6a6d330266e79285435391c5eb6ea
145e421f7b16d921f58de72a91f6b92589971093c87cfc0089f4d2d2db165eb8
14cb3005a85511b827d2a7d05daebd0c50a5d3a2a0d1b61ca59e54598016710f
17baaf0620679e688805c54583243a34e8491165c5f1029c16977bae6a5f76c0
18aeba875cb986ff0c9bad79ba5b2b36158f50923f6f4c4284e61e1f2b84536c
19bdfcbcd23b5134cd377c78bbf03971926795fa6398c62599782d4d6e381620
1b042c650b6af4874dfcad48aa7fd53dc9b32a444a96fba1f7161a02607907a8
1bd05e5747309cb200f6ebb8883e8d691fa32eb5bb0154c529c41ba2b291dd2a
1d439a4882debc1c8106429e5c2568eec26a1fea853def5bf41ff03cd0614eb7
205c86a65825a5cae580606dc8db260aba5150e8e664ce82429210373dc55500
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
21eb07dfa4fbf58620c4c6d09513a4bca648484ad69ab56d0593350f8e48f38d
236bc97a188e4940fec1bd29c0f58b4e1bcbacd475911604e5f0016c1a39f12e
248545e3f805a6f3ff979c55e0e3951a2fa6f1018529b99f291e93c7a803ee1d
24acf6c7aba42dd5b78b0e5f5a9188bd4bba25f783278eaa930395583693b6ba
258d39625e15cbce053f80b72dc2f7ca999fc5a6943fb10e75e3cb2126be996e
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
265ee206b3bbec34580c9ccd3d5c99b07aab46a6979b8b6c6d8ad7795ec8d29c
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29096421d65f89dbc13eae16c384c9740d9501763d3e205b640ec6c8ec9ddead
292105f3e2b9986f0cd0ccdbd5e7b6c77ac28631b7177931cc503b6a131a9496
29aad6322d2def02fa3466c6ea2513dacb18480f1d6572d18d4204f91fde6d6e
2c472f5fc6038aa27db8aa76648236f916446c78b691d4211ef95a546411ca8b
2f3fcf5221eab4ec22a205ce0368fc823df1f7331a19358975166ae170978973
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2fef107653c701e27e261629b2811d42812092e1a84dd37cf78505f2fc8b9263
3235f2fbf9e2142357ed4a2a96e684976b5c0928dfe3419edde88e9b030678f9
335db6f7e7fe937fe6970c770d18c5c962039ac12a4bb9c375ce50cb4886a892
34d47e495f9f683e26f67a8757fdd6053f8a9bc1d95d1ffe1c69358567105a44
34fcc716ceb2f58bf8189d32531bf6498f4cf30c39db45270e32fb0a77e14f9a
3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd
3bcc757a74075b4ec306f3edcb47a085c32d371d2358d8ab3712158a9ecc6a8d
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
40f79fdc21e779237795d76946072a423c435cc04a00aab38b6181962f88171c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
448d4d591156a0c14d4990f575daea57d7ca5ae8bb4021fc38d66445578e77b3
45fdcedbeb833ea40206c98dfcbfa73842f72d53f166a26b47ecc3b01a55286d
49bd0056f6ad67d87b78284ee24a096564a95756639e3dc1e633f220a2c37f1a
49e44366a56a91fd7870e6427b68d01a63cf56679eb0d5406542b6244bb379fb
4abfc20341515e0793cc89ece1d464349fdc7675f925e473fd6d99a0cc18a8b8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c15a03a87528755e49e38c7416633b33bbaf47b1f1ed1d31c402b25fd05ce79
4c5237afda554fd9ffe10bf8fd2778de973cb362baf81f6e1e33918c01bc9a67
4c7e79f7fa59ac4052d04a76cc9edecc09d2ec7bd35f35ff751eb23a070478cd
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eb1ca83acf3409e1a0553e0d84cec3787630361ec5668dd1dde93860f3bc357
4fab72f47b5fe99f25ef61ca531c9f674ab91807c04fa7f13f28af586a4938ea
5079c2044ec67bf73a5e412ccd6a94937df21a933b67aa05537651d828b08688
50cf303cfaa020fcbedd6ad1bf045a008cbb88dfc792f731f07235dd1ca13599
512008ab0682a825b4551ad5f180b3fabfef80345b1fdeeddffce7f947ef1ff4
5121d8fa89d52528abcb145926680c5ba691319f8c429d201b5a0e591b8ac3af
51b06909334339bd5f4027e70f4d2fd30a2a3977ee44cce7385b908ec8f51903
52ed746ba11175e661e72c76e0b948deec27a391b793a52904016a084b6359b7
53eaf9466a795a087255c7e4a310819a511548dfc5220d962b2e9bb17f879a38
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a0839a70494ec741f3d86d0a3c586be820886d3e5407016453a31ee304d0266
5b1043a0dd1a57bddb307b2bac12686151292cf08f095b86d5702a531f9413af
5b1eea2bfdf21be2bcdd47f818549ae4548c93d7e525de1d376581ce85f00878
5b5bb6b017ac0ac368ddddd713df7f918eeb1d86fbe3ef7895f040f170b15699
5bd4ed71008e5c241321562a82cb6d535d7db6b7fbd3783896a96ae48d5211f3
5d3238f57e3ae44a7d0b2ef513ff2e8cf9afaf6e442f5fa5a575c4f8efd0290e
5d5ac92cc9565d62cd713fe2d946793ffb805012b57f610830403afb67907030
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
620a97911c6964bfc7cfacf4df74b3ba598ef728f2117675d171e4c62d500add
623c33b9ef9f3871f596b2f721d622b8c4a530b147cc6a9ec2e405f89fe68f7a
62dbaef1df407eb482db1fc0216896a185b5fa38224df4c3bcb8ac5785277785
6396dedda9bcf5749f2cbbcd870a17297c4bf63f19a52d54d42d3abb4b0a3b87
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
641c2d6ecaf79a3923a845db8f24f99033834a7a724d98f608b16f1bddede351
645ab215148e00ab2ba3fdfc7caec9aa6d0cd5a672078f1d033a01e0f5a44864
662a72ac2db3a6272b96390ddd783475c2fc847d9e5d714b7c6c6bed7be18093
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a2f825beb3b540a044cdb0515177c34497aa2ce92e335bf1498fa42bb5baf88
6aa2e6166c7e04afa18a7adecff919c61d92877b2285d2aef27127476e4b538a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c54090ff41e10e45e8d9f5b1a493db89c09a102305e71939bf7bf535fffea16
70a0f167788e07b40c47bb0fa3afc0a9f4f26526e0a0820a85a7723c7abd87dd
74342d26027f9f21a160adb21dea7121e79456c5e7e05579177c6bea0553a7b3
752b0df67450b460c6070644d74502a5ee3bf5f7681cde08b88b9a565ea7d900
75abe68aefa57c71e32c2a41bc8d4e55918f581d76029cd09184f4a686e16885
76390c8f01397fe473dd1a9689e94caea2a001592c7b71bc85410c388078d304
777b4b4a083fe36afca14edfa9de06db28dacfe106659598d9c88f576428e2d1
7ba93f0c1f5b72395ea5024e97ba149d96cffbe73e8e4a2546921ba3404f146c
7e4a4d483e6cb4667bed478a5f53e7c24bda8c91025757357eca32835fd69d97
7fc84cd40ef02e70aa5996747df4659e7ea7da89f8d108eabac6e589cf34090c
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84202b70bdd60a2d4d292c955cb907a98ff6c96939d043aa3aeb73cddb7ff14a
84d7a648ca04cccfc1f7353206a38dfb8e8d83917581b6e4aabbb32fdf96d7b4
85842b3426a14f199b7f46890201f03f5f62b8fb23c3ecfad1cc4c6ce50f1e8a
85ad9c4586b439a1f2ce5516c218bed3c64110ac93bb7c916894240392503053
864b44b7de74762c3ae052f54a0edc714e38b1ac585bf1b907d36c3960b59c4d
875e8912662250c9405dc51420b86292259be2759837cfc55cf1cbf8a9884597
87ab28f982528ab1259f99a8c040c11ceb6161e038c8ca1dce09651718058d1d
884a8c6178e9646190c5420481d7a12c172ff808381bb3ac644872263d4f8921
8899b4685b6eb6ce633b02425dae5fec9604c75a33de51871db369eac8384c05
8b333edfba237a23eccd269faed9f51d3430824ba342db01043166bf8a7d1f09
8c79e4569e88f2104a0181ddd9428c78b94ee022fc5694a1c4c8805b5fe98560
8c7aa06cdb33505b38e3b1ec87cf80aab1dfd0a4b8c6a92585f44507fd1ef8e7
8cbc6dcd7a381454f1aa9968e8213c7f46620a43e4f38ac4d248aec2c422547a
8d171bc5152bfb08047c65650bff8f1828cc63f53d95bacd4ae24a3806607c27
8fbfdbbb84401797714e88bb5604ce53704ae0dcf8015f46a4ce58da5a84b66e
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
925bc8b922a68f14556aef118cbcf610f7bad372c2dd3c701352e29bf19b5448
93025c58ee7b3cdd3f0c2829a6876b406606a68f05e8468d157ccdc3bc212495
965cba95c928e95003ce37271090406eaa7d5c2d955230a785b2b3be8a9a17f5
96bba6a9b2c559d94dcffd86858e4f7ca872781568921c62d9b3bae4c34782a3
98b1cfc36a0f3d40f2e7750ec4c544c44148745f86a584b49f4a73eb615be70e
9b62d8bb6ef0f7b2aaaffc6023c4c9f2de1a262a77cdbf55c0da18ff9a992a08
9c1b6421aea2826dd24de09eecdb38372dc0b2d3156f6218a1ced71e5678e148
9d119667c2e81e94f2b472e140074e3f61ad2e1344fc9a426c65a74f840cc803
9fd678871d5c502175e5233f33bb7c2cb09eda96eebfa139f527b72683f8b92b
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0e7d6b393a4f9c8707f239263e7e146671ed8892b9a36cb32431fba53bc8946
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a5e3256799bc9eb6a1ad57001ad69b0946e4532d103092dd0557c02d84e6b4a7
a6972c49e66fe3c5026a1a1e26a06c49995cec36fc522cb56461f5cf0b2b2978
a6f7f75ba1ead3c1ec7462a8b611d4134ea5e35a55548555ae8740e09e53eb25
a899a0398bbfbb8343c67e83098446254c1609aae412962cff6929087135a51c
a9079e41a84e532c7a5f6363737595134c170c9b48a0ded5a2a1519524f6bf7a
abf799a9a6e8442dd51a2bf2dc71a6484fe05b74d6283add4e8eb4cb69f77b81
aca66b739fcde148403f4735fd9091fbc02455deb4e6c186ea52cb71692f6269
ae0e2e45f84d7d3d06526aafc20d4a95b486e8747bf80895f3aeb8c4aebee7f4
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0984caa842a2742f3271f93672d42f9710b94712e52e03afe8cc48cd508f30c
b0cac1d717f7ebdef430e44e0c211f722a77f29207e553d69e69901276a7e224
b42009363398f443f68355c2daa5122107179ae338e23f44f21c0ae3ff939f07
b4435b5ac2f1916ed1135fb1738a1cef87cb666f4356a6678fb1c77e1273f9e1
b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c
ba174758f3512e1225fb25acd56d073b71f92d5cfc332f4ab54a4273765528da
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb8f44264d68c7262a98c0ff3408e35c98df3173b17e4d4274554ba2050d7e4b
bc118189366abfd17613d474f6f091be82051816c93b2f02f4654e11e508ffe0
bef875cb4110e02d8f52c061cfbeb46a870e9733cc9c45a647105ec3fe8e53f5
bf4f57101738e144cbbf574a456149f3f9f84a68f23aa5c91c200464298e40c2
c03f3488eeb6bcad6fa76499431ef68b5e0283c9eb8d71ed52851c14ff9f5d5c
c16efe19a048b91faa563ec423147ffbd749fa558749401c7a82b30fe2c0cab7
c4d40b3150ea8494d850dc53c34d42806f60a5afeeddd14d64c667b4978f1921
c6714895e889a86779f464234b552b36508a3ba18cc2b21d71469bea86e18a37
caa21a65dd9e1df81a57e31bd7e5c336bf6de1d84912074baa5b85fa44744a4f
cb8d40d1eb7e2dc885affcf0012d9e1a73c270d843e8b890d36538e52d0a0342
cb90630563e30e234ad66a39f4fe11f207a37232dd0b8de2e045299a41166a4b
cce753ae3b1e52fa4eaeff638550c3fea3040a4e4822adfc070918eb4f1e0b4e
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7d99bfd85f20c422fac114ec71fa775883e8b430f1e20cdac1f5db187350a1
d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393
d2e817d2c44b9cf45f0e45cfa351abba3203af38f5aa1c8576a2db69ebd15192
d3895ed8351a3a92f449975826c56af1128460d3d0f60495a9da0d41f394ac3d
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d4c521d5535bd16fa41564dc19a2043f492e87104fc8089b9fca8040813a0f80
d706b4e3d196efcd7c73bb6e45a2adf171af07bcb7408123f660e06ec40caee6
d7ca79df32bcaca55c2aa4e7fd9f5836507b658f43645febc482046ead14db09
d9e24b2a2c5ae741aba134a5764fe7267376ec85c5fa349acc18e4d21b600292
daefedd2e398c22660777ab5ef9484f17e983582e7e37acf86eedc070939b5b1
db72946d7e5de9f5eedf02409003a70621fb312a412b20ad7101dce429f4c660
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7e3ece391682a33c28af9cd8a27168fe9da07dfb2ce47b62142b6815c904cd
dddf04d190be2e7006f807221d5f5852bf45a97c2aad4c66b1f0a1661efa7dda
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df4915a52982babc1ba87778cb1c1d68184fee5fe5d8133daf63ee37916d6b4e
e092bea366a94333d8ec48137987e2df19f61288f6e073032b2a8bdde6264d6a
e1cef3c9f2d582f913f12a16fe304c7d64bd80739793a9bf8d7d8978c311e294
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef7c3ec15e1e423c22bab123027bd62ff8d14d0905051478fd115c3fcf482d56
f2a1abbb9637f0eace228f691af8b0fcf3524dba20769d8dd7457b03ece2c55b
f2b3af7627754fb77e81a93ea2f16b79b2031053d89874185cae2c56a483d08c
f3fa27efb7fa0336505319590fa396a9672fe9e3607dea0b2fa820329d52e763
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70
f83e9b440122162e26168f780eb567cbc84a351c4728c3cc8bd3679e8e362ff9
fa306b2eaface9d3b2303e20af58931bfcf09740e454aab7d43b9daafba2a30a
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

www.firstleaf.com Open in urlscan Pro 2606:4700:10::6816:2cf6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

176 Requests

84 %HTTPS

31 %IPv6

55 Domains

74 Subdomains

62 IPs

6 Countries

4441 kBTransfer

15767 kBSize

57 Cookies

7 Outgoing links

Page URL History

Redirected requests

176 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 56 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.firstleaf.com Open in urlscan Pro
2606:4700:10::6816:2cf6 Public Scan

Screenshot
Live screenshot

Full Image

176
Requests

84 %
HTTPS

31 %
IPv6

55
Domains

74
Subdomains

62
IPs

6
Countries

4441 kB
Transfer

15767 kB
Size

57
Cookies

176 HTTP transactions
56 data transactions