2e3d84.circultural.com Open in urlscan Pro
104.25.143.28 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://balloflightning.com/
Effective URL:
https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
Submission: On March 04 via automatic, source urlhaus (March 4th 2019, 10:59:40 am UTC)

Summary HTTP 54 Redirects Behaviour Indicators

Summary

This website contacted 21 IPs in 7 countries across 21 domains to perform 54 HTTP transactions. The main IP is 104.25.143.28, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is 2e3d84.circultural.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on March 1st 2019. Valid for: 6 months.

This is the only time 2e3d84.circultural.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
19	192.252.146.33 192.252.146.33	3561 (CENTURYLI...) (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications)
1 2	192.0.72.22 192.0.72.22	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	2600:9000:200... 2600:9000:200c:3a00:13:6fb5:1080:21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	23.210.248.226 23.210.248.226	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:2800:234... 2606:2800:234:9f9:e6a:1ade:3a9:26d9	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
2	2a00:1450:400... 2a00:1450:4001:81f::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:816::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700:30:... 2606:4700:30::6812:3390	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	46.105.201.240 46.105.201.240	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	198.27.67.211 198.27.67.211	16276 (OVH) (OVH)
1 1	213.226.124.253 213.226.124.253	9123 (TIMEWEB-AS) (TIMEWEB-AS)
1 3	198.143.165.221 198.143.165.221	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
1 3	107.6.174.196 107.6.174.196	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
1	104.25.212.28 104.25.212.28	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	104.25.41.115 104.25.41.115	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	52.29.145.24 52.29.145.24	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	104.25.143.28 104.25.143.28	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	2a00:1450:400... 2a00:1450:4001:815::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81a::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
54	21

19 192.252.146.33 (Waltham, United States)

ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US)
PTR: s483.sureserver.com

balloflightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.72.22 (San Francisco, United States) 1 redirects

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

stevengoddard.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:200c:3a00:13:6fb5:1080:21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

dxxf6u5a9tfeq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.248.226 (Cambridge, United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-210-248-226.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:820::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:234:9f9:e6a:1ade:3a9:26d9 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

widgets.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::6812:3390 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

oshona.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.201.240 (France)

ASN16276 (OVH, FR)

s10.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.27.67.211 (Montréal, Canada)

ASN16276 (OVH, FR)
PTR: ns510716.ip-198-27-67.net

s4.histats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.226.124.253 (None, ) 1 redirects

ASN9123 (TIMEWEB-AS, RU)
PTR: vds-cv10433.timeweb.ru

ifbattrecha.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.143.165.221 (Chicago, United States) 1 redirects

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: server04.com-2.mobi

search.frenkulok.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.6.174.196 (Amsterdam, Netherlands) 1 redirects

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: bigfish.setupcentral.network

up.trkgenius.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.25.212.28 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

onwardinated.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.25.41.115 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

presicdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.145.24 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-29-145-24.eu-central-1.compute.amazonaws.com

trck-ms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.25.143.28 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

circultural.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2e3d84.circultural.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:815::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	balloflightning.com balloflightning.com	892 KB
4	circultural.com circultural.com 2e3d84.circultural.com	92 KB
4	google.com adservice.google.com www.google.com	780 B
4	googlesyndication.com pagead2.googlesyndication.com	170 KB
3	trkgenius.com 1 redirects up.trkgenius.com	4 KB
3	frenkulok.info 1 redirects search.frenkulok.info	8 KB
2	trck-ms.com trck-ms.com	292 B
2	histats.com s10.histats.com s4.histats.com	5 KB
2	doubleclick.net googleads.g.doubleclick.net
2	google-analytics.com www.google-analytics.com	17 KB
2	paypalobjects.com www.paypalobjects.com	4 KB
2	wordpress.com 1 redirects stevengoddard.files.wordpress.com	23 KB
1	gstatic.com www.gstatic.com	90 KB
1	presicdn.com presicdn.com	4 KB
1	onwardinated.com onwardinated.com	3 KB
1	ifbattrecha.tk 1 redirects ifbattrecha.tk	659 B
1	googletagservices.com www.googletagservices.com	28 KB
1	oshona.in oshona.in	356 B
1	google.de adservice.google.de	171 B
1	twimg.com widgets.twimg.com	2 KB
1	cloudfront.net dxxf6u5a9tfeq.cloudfront.net	23 KB
54	21

	Domain	Requested by
19	balloflightning.com	balloflightning.com www.google-analytics.com
4	pagead2.googlesyndication.com	balloflightning.com pagead2.googlesyndication.com
3	www.google.com	2e3d84.circultural.com www.gstatic.com
3	2e3d84.circultural.com	2e3d84.circultural.com
3	up.trkgenius.com	1 redirects search.frenkulok.info up.trkgenius.com
3	search.frenkulok.info	1 redirects balloflightning.com search.frenkulok.info
2	trck-ms.com	presicdn.com 2e3d84.circultural.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	www.google-analytics.com	balloflightning.com
2	www.paypalobjects.com	balloflightning.com
2	stevengoddard.files.wordpress.com	1 redirects balloflightning.com
1	www.gstatic.com	www.google.com
1	circultural.com	onwardinated.com
1	presicdn.com	onwardinated.com
1	onwardinated.com
1	ifbattrecha.tk	1 redirects
1	s4.histats.com	s10.histats.com
1	www.googletagservices.com	pagead2.googlesyndication.com
1	s10.histats.com	balloflightning.com
1	oshona.in	balloflightning.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	widgets.twimg.com	balloflightning.com
1	dxxf6u5a9tfeq.cloudfront.net	balloflightning.com
54	24

This site contains no links.

Subject Issuer	Validity	Valid
*.files.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2019-01-15` - `2021-01-14`	2 years	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2018-10-08` - `2019-10-09`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2018-08-14` - `2020-08-18`	2 years	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
sni170396.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-02-27` - `2019-09-05`	6 months	crt.sh
up.trkgenius.com Let's Encrypt Authority X3	`2019-01-21` - `2019-04-21`	3 months	crt.sh
ssl378821.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-03` - `2019-09-09`	6 months	crt.sh
ssl377659.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-03` - `2019-09-09`	6 months	crt.sh
trck-ms.com Amazon	`2018-10-05` - `2019-11-05`	a year	crt.sh
ssl381364.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-01` - `2019-09-07`	6 months	crt.sh
www.google.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
Frame ID: 868319380133DF0A390C9686A10092C7
Requests: 49 HTTP requests in this frame

Frame: http://pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/show_ads_impl.js
Frame ID: ADC693F66DB91E68A79862F0F5D4CE3B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20190227/r20190131/zrt_lookup.html
Frame ID: 3A2B974312B27A9E22677A4C447E1BA7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9157972950764477&output=html&h=250&slotname=1942146633&adk=3856083767&adf=290942192&w=250&lmt=1551697165&guci=1.2.0.0.2.2.0.0&url=http%3A%2F%2Fballoflightning.com%2F&flash=0&wgl=1&adsid=NT&dt=1551697164945&bpp=18&bdt=941&fdt=86&idt=85&shv=r20190227&cbv=r20190131&saldr=sa&abxe=1&correlator=6507346771907&frm=20&pv=2&ga_vid=298265030.1551697165&ga_sid=1551697165&ga_hid=295565593&ga_fc=1&iag=0&icsg=8840&dssz=13&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=978&ady=395&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21063245&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=7&ifi=1&uci=1.qxt68arrcvrp&fsb=1&xpc=cp4JSm7syQ&p=http%3A//balloflightning.com&dtd=117
Frame ID: 4AA8E20CC90D9552274562B9CE185345
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&co=aHR0cHM6Ly8yZTNkODQuY2lyY3VsdHVyYWwuY29tOjQ0Mw..&hl=en&type=image&v=v1550471573786&theme=light&size=normal&cb=5kccoy5bw153
Frame ID: BE75448055FA1800A7D084BA6C315F0C
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1550471573786&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&cb=yroa22x3r2oy
Frame ID: 7F651A329CF74AE66848DB6C9DCB8143
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://balloflightning.com/ Page URL
http://ifbattrecha.tk/index/?5731550755135 HTTP 302
http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808 Page URL
http://search.frenkulok.info/?utm_term=6664488581282661163&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
http://search.frenkulok.info/proc.php?5cf93c8a8cc3112fa2e8fb6be5daafd5d8a895f4 HTTP 302
https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=666448858128266... Page URL
https://up.trkgenius.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661... Page URL
https://up.trkgenius.com/out.php?v=8c8620572fbec2b1f301a8e81bbb7130 HTTP 302
https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b... Page URL
https://circultural.com/v/940b9788-3e6c-11e9-8576-0143ed1a8fa4/c/5a37c8ad-f104-11e5-9f1f-0626cc8adce... Page URL
https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/ Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

env /^Recaptcha$/i

Page Statistics

54
Requests

50 %
HTTPS

45 %
IPv6

21
Domains

24
Subdomains

21
IPs

7
Countries

1365 kB
Transfer

1906 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://balloflightning.com/ Page URL
http://ifbattrecha.tk/index/?5731550755135 HTTP 302
http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808 Page URL
http://search.frenkulok.info/?utm_term=6664488581282661163&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8db283b08186b684859a9ba999d9f0f3fafef6b0d8f8f4ba95d8dfe8dbdaefeced96919584e6e7d5e5cbcdc8c9fecececdc2f3c0c1c3c2c4c1fca8c8f9fefffcfdf2f3f0f1f6f7f0f5eaebe856 Page URL
http://search.frenkulok.info/proc.php?5cf93c8a8cc3112fa2e8fb6be5daafd5d8a895f4 HTTP 302
https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608 Page URL
https://up.trkgenius.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608&m=MQk_qMkcNMiWAba6-tPzM.INeq_UhEGQJBO4I_XBkaJjtjD4D_DjtjOhDoH1tBt_MkJ_D4kshNofecpBOmtaHhtOsF2Qh9Gs-qis-no6e9p6D_HUw9XNdi Page URL
https://up.trkgenius.com/out.php?v=8c8620572fbec2b1f301a8e81bbb7130 HTTP 302
https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx Page URL
https://circultural.com/v/940b9788-3e6c-11e9-8576-0143ed1a8fa4/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx&_i=1&_s=940ba3cc-3e6c-11e9-afb9-0143ed1a8f30&_r=up.trkgenius.com&_n=&_d=7|0|0|0|1|1|t|t|1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|148|1|1|t|t|lum0y,6nq96o,0|en-US|Linux%20x86_64|aaaa0|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36|0|8|148.251.45.170|u|t|t|t|u|u|u|u|ex:nq6ww|1|u|t|n|n|n|n|1600x1200|0|0|t|0|t|940c4840-3e6c-11e9-bbeb-1143ed1a8f21|cs_rr Page URL
https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

http://stevengoddard.files.wordpress.com/2012/07/screenhunter_73-jul-10-18-54.jpg?w=640 HTTP 301
https://stevengoddard.files.wordpress.com/2012/07/screenhunter_73-jul-10-18-54.jpg?w=640

Request Chain 20

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 32

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1000267135&utmhn=balloflightning.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ball%20of%20lightning%20%5Bdot%5D%20com%20%7C%20Hitting%20more%20home%20runs%20than%20Julio%20Lugo%20since%202002%E2%80%A6&utmhid=295565593&utmr=-&utmp=%2F&utmht=1551697164997&utmac=UA-20486931-3&utmcc=__utma%3D178274231.298265030.1551697165.1551697165.1551697165.1%3B%2B__utmz%3D178274231.1551697165.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=365623345&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1000267135&utmhn=balloflightning.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ball%20of%20lightning%20%5Bdot%5D%20com%20%7C%20Hitting%20more%20home%20runs%20than%20Julio%20Lugo%20since%202002%E2%80%A6&utmhid=295565593&utmr=-&utmp=%2F&utmht=1551697164997&utmac=UA-20486931-3&utmcc=__utma%3D178274231.298265030.1551697165.1551697165.1551697165.1%3B%2B__utmz%3D178274231.1551697165.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=365623345&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Request Chain 38

http://ifbattrecha.tk/index/?5731550755135 HTTP 302
http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808

Request Chain 40

http://search.frenkulok.info/proc.php?5cf93c8a8cc3112fa2e8fb6be5daafd5d8a895f4 HTTP 302
https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608

Request Chain 42

https://up.trkgenius.com/out.php?v=8c8620572fbec2b1f301a8e81bbb7130 HTTP 302
https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx

54 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
balloflightning.com/ 56 KB
58 KB 546ms
435ms Document
text/html 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to

Full URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 74118bc99f1f193809765fad477944b2717d2d03bb0d05b1f42b11fc1862cb5d

Request headers

Host: balloflightning.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:23 GMT
Server: Apache
X-Pingback: http://balloflightning.com/xmlrpc.php
Upgrade: h2
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.css
balloflightning.com/wp-content/themes/vigilance/ 2 KB
2 KB 296ms
95ms Stylesheet
text/css 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to

Full URL: http://balloflightning.com/wp-content/themes/vigilance/style.css
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 0d71874261776c450b6afff80c9303469eb4d42a98277d74ea654ab30aceea63

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Mon, 12 Jan 2009 07:50:32 GMT
Server: Apache
ETag: "77a-460445c742200"
Upgrade: h2
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=5, max=100
Content-Length: 1914

GET
H/1.1 200
OK rotate.php
balloflightning.com/wp-content/themes/vigilance/images/top-banner/ 75 KB
75 KB 263ms
153ms Image
image/jpeg 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/wp-content/themes/vigilance/images/top-banner/rotate.php
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: c894a9b667569066ff4c2eda4528f5b10582fb20ad99295445c997ce3c02b3ff

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Upgrade: h2
Date: Mon, 04 Mar 2019 10:59:24 GMT
Server: Apache
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: image/jpeg

GET
H2

200

screenhunter_73-jul-10-18-54.jpg
stevengoddard.files.wordpress.com/2012/07/
Redirect Chain

http://stevengoddard.files.wordpress.com/2012/07/screenhunter_73-jul-10-18-54.jpg?w=640
https://stevengoddard.files.wordpress.com/2012/07/screenhunter_73-jul-10-18-54.jpg?w=640

23 KB
23 KB

313ms
265ms

Image
image/webp

192.0.72.22
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stevengoddard.files.wordpress.com/2012/07/screenhunter_73-jul-10-18-54.jpg?w=640
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.72.22 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 571a11332198177498c7172062bd9bfbb6494d7fa0fe06a294d628b5c08361e5

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: MISS fra 22 np
date: Mon, 04 Mar 2019 10:59:24 GMT
last-modified: Wed, 11 Jul 2012 01:02:26 GMT
server: nginx
vary: Accept
content-type: image/webp
status: 200
x-orig-src: 0_imageresize
accept-ranges: bytes
content-length: 23196
expires: Wed, 03 Apr 2019 14:53:29 GMT

Redirect headers

Location: https://stevengoddard.files.wordpress.com/2012/07/screenhunter_73-jul-10-18-54.jpg?w=640
Date: Mon, 04 Mar 2019 10:59:24 GMT
Server: nginx
Connection: keep-alive
Content-Length: 178
Content-Type: text/html

GET
H2 200 r_h_product_2016-2719_opt.jpg
dxxf6u5a9tfeq.cloudfront.net/media/catalog/product/cache/5/thumbnail/500x/17f82f742ffe127f42dca9de82fb58b1/r/_/ 23 KB
23 KB 142ms
9ms Image
image/jpeg 2600:9000:200c:3a00:13:6fb5:1080:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dxxf6u5a9tfeq.cloudfront.net/media/catalog/product/cache/5/thumbnail/500x/17f82f742ffe127f42dca9de82fb58b1/r/_/r_h_product_2016-2719_opt.jpg
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:200c:3a00:13:6fb5:1080:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 99fcd8cf69319906ca3c10cffd03a8826e961480993b020792caa1e8dc7964a2

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 05:28:00 GMT
via: 1.1 7af5638099b4c0c5cbf2f9c79d5100fd.cloudfront.net (CloudFront)
last-modified: Tue, 13 Feb 2018 23:56:04 GMT
server: Apache/2.4.7 (Ubuntu)
age: 19884
etag: "5bcd-56520bcc8ce67"
x-cache: Hit from cloudfront
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 23501
x-amz-cf-id: Wgtnen-Zv2pPn_9Fnzqo7wOV7Z7WuITmvnCJBBeIYdGjil2vXcGOjw==

GET
H/1.1 200
OK Screen-shot-2011-11-07-at-10.39.41-PM-300x295.png
balloflightning.com/wp-content/uploads/2011/11/ 151 KB
151 KB 106ms
106ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/wp-content/uploads/2011/11/Screen-shot-2011-11-07-at-10.39.41-PM-300x295.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: ecce47be44c12bff8c37f8f7c898c1642d844d77d2b9ee04c8811e2f7e7299ab

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Tue, 08 Nov 2011 03:40:12 GMT
Server: Apache
ETag: "25bbf-4b130edbd5f00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 154559

GET
H/1.1 200
OK twitternotifications.png
balloflightning.com/images/20110627/ 95 KB
95 KB 103ms
103ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/images/20110627/twitternotifications.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 3d9340ba848d79a415261a77c34a55dd7d31aa84089cc509a04a80349f5e1abe

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Mon, 27 Jun 2011 19:16:57 GMT
Server: Apache
ETag: "17c90-4a6b665155c40"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 97424

GET
H/1.1 200
OK vort1.png
balloflightning.com/images/wx/2011_01_31_12zGFS/ 65 KB
65 KB 98ms
97ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/images/wx/2011_01_31_12zGFS/vort1.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: ace0ac699af336c48232b8ce7c02a2173fba6c0186965a966dff6bf3a59d629c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Mon, 31 Jan 2011 16:34:00 GMT
Server: Apache
ETag: "10345-49b26fba80e00"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 66373

GET
H/1.1 200
OK vort2.png
balloflightning.com/images/wx/2011_01_31_12zGFS/ 77 KB
77 KB 101ms
100ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/images/wx/2011_01_31_12zGFS/vort2.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: e512f69565f251b48ea54fdb5bfe4b53659ffbbf60f21c9d8e5fee9b3867a438

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Mon, 31 Jan 2011 16:34:00 GMT
Server: Apache
ETag: "13245-49b26fba80e00"
Upgrade: h2
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Content-Length: 78405

GET
H/1.1 200
OK vort3.png
balloflightning.com/images/wx/2011_01_31_12zGFS/ 75 KB
75 KB 140ms
98ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/images/wx/2011_01_31_12zGFS/vort3.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 5e52b9eb721386fcb0962d9a32b5ae13c25b267c1d1320f414e0ef70fc82e238

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Mon, 31 Jan 2011 16:33:59 GMT
Server: Apache
ETag: "12bc2-49b26fb98cbc0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 76738

GET
H/1.1 200
OK vort4.png
balloflightning.com/images/wx/2011_01_31_12zGFS/ 74 KB
74 KB 245ms
100ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/images/wx/2011_01_31_12zGFS/vort4.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 1147ea1b4b33f450ab6849dd78cc58a7efbc59d4b9689f55a9d06d295a3703d9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Last-Modified: Mon, 31 Jan 2011 16:33:59 GMT
Server: Apache
ETag: "127da-49b26fb98cbc0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 75738

GET
H/1.1 200
OK vort5.png
balloflightning.com/images/wx/2011_01_31_12zGFS/ 73 KB
73 KB 231ms
98ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/images/wx/2011_01_31_12zGFS/vort5.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: f0debcec2d08ffe1e881fb1db234f60608d9ef2e00ea911e3aea0bbfbc5c1f4f

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Last-Modified: Mon, 31 Jan 2011 16:33:59 GMT
Server: Apache
ETag: "1244e-49b26fb98cbc0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 74830

GET
H/1.1 200
OK vort6.png
balloflightning.com/images/wx/2011_01_31_12zGFS/ 124 KB
124 KB 98ms
97ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/images/wx/2011_01_31_12zGFS/vort6.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 6d11f739366a95d1659c34a7bb6b1aad1095966563392b7422afad176960251b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/
Cookie: __utma=178274231.298265030.1551697165.1551697165.1551697165.1; __utmc=178274231; __utmz=178274231.1551697165.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=178274231.1.10.1551697165; HstCfa4214393=1551697165076; HstCla4214393=1551697165076; HstCmu4214393=1551697165076; HstPn4214393=1; HstPt4214393=1; HstCnv4214393=1; HstCns4214393=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Last-Modified: Mon, 31 Jan 2011 16:33:59 GMT
Server: Apache
ETag: "1ef61-49b26fb98cbc0"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 126817

GET
H2 200 btn_donateCC_LG.gif
www.paypalobjects.com/en_US/i/btn/ 3 KB
3 KB 118ms
18ms Image
image/gif 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif

Requested by

Host: balloflightning.com
URL: http://balloflightning.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

fbaa02863040d15c4410d572c4d213c2b8c75425279c5a01672c6ff86fd9d6c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2019 10:59:24 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 May 2018 20:41:52 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 2993
expires: Mon, 04 Mar 2019 10:59:24 GMT

GET
H2 200 pixel.gif
www.paypalobjects.com/en_US/i/scr/ 43 B
371 B 117ms
18ms Image
image/gif 23.210.248.226
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: balloflightning.com
URL: http://balloflightning.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.210.248.226 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-210-248-226.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2019 10:59:24 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 May 2018 20:41:53 GMT
server: Apache
strict-transport-security: max-age=31536000
p3p: CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
status: 200
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 43
expires: Mon, 04 Mar 2019 10:59:24 GMT

GET
H/1.1 200
OK show_ads.js Show response
pagead2.googlesyndication.com/pagead/ 62 KB
24 KB 38ms
17ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: balloflightning.com
URL: http://balloflightning.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

eed728e34c9952a37c51ad4a25a65fe5ae65e0e6405e0a6591e2259e44d086bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Type: text/javascript; charset=UTF-8
Server: cafe
ETag: 5564504645197155611
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 24359
X-XSS-Protection: 1; mode=block
Expires: Mon, 04 Mar 2019 10:59:24 GMT

GET
H/1.1 200
OK widget.js Show response
widgets.twimg.com/j/2/ 1 KB
2 KB 37ms
10ms Script
application/javascript 2606:2800:234:9f9:e6a:1ade:3a9:26d9
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL

http://widgets.twimg.com/j/2/widget.js

Requested by

Host: balloflightning.com
URL: http://balloflightning.com/

Protocol

HTTP/1.1

Server

2606:2800:234:9f9:e6a:1ade:3a9:26d9 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),

Reverse DNS

Software

ECS (fcn/41AD) /

Resource Hash

5785a387e59253fa27e975333d4e76a7facad8727d0859edf46a111307f70565

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jun 2013 21:33:46 GMT
Server: ECS (fcn/41AD)
Etag: "a111d4a9b0db37e0221e23abb503f413"
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=28800
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 1489

GET
H/1.1 200
OK undo.css
balloflightning.com/wp-content/themes/vigilance/css/ 329 B
596 B 96ms
95ms Stylesheet
text/css 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to

Full URL: http://balloflightning.com/wp-content/themes/vigilance/css/undo.css
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: e40079833661349939751b3a2d09a060e6343f16ad20f4160a66d68d01030e3b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Mon, 12 Jan 2009 07:48:29 GMT
Server: Apache
ETag: "149-46044551f4d40"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 329

GET
H/1.1 200
OK master.css
balloflightning.com/wp-content/themes/vigilance/css/ 14 KB
15 KB 98ms
98ms Stylesheet
text/css 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to

Full URL: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 5b76c6d60f6bec0ef1dde58cd97a20af7055044328a8e9a676b0082c5be178f1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Sat, 23 Jan 2010 18:25:25 GMT
Server: Apache
ETag: "390c-47dd90f4e2f40"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 14604

GET
H/1.1 200
OK style-options.php
balloflightning.com/wp-content/themes/vigilance/functions/ 2 KB
3 KB 551ms
454ms Stylesheet
text/css 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to

Full URL: http://balloflightning.com/wp-content/themes/vigilance/functions/style-options.php
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 63aac44690ebbfb481c6d4226d95a2c4fc8b0784d942e3ee0d47721e26da2d2a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://balloflightning.com/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Transfer-Encoding: chunked
Content-Type: text/css

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

6ms
6ms

Script
text/javascript

2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: balloflightning.com
URL: http://balloflightning.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 6794
date: Mon, 04 Mar 2019 09:06:10 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 17168
expires: Mon, 04 Mar 2019 11:06:10 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK comments-bubble.gif
balloflightning.com/wp-content/themes/vigilance/images/ 125 B
415 B 161ms
97ms Image
image/gif 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/wp-content/themes/vigilance/images/comments-bubble.gif
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 990ac5a06fd44ca4e5cebe8b844e327d35ea9bc00d6c33f80fb99cd5e1036291

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Last-Modified: Mon, 12 Jan 2009 07:49:09 GMT
Server: Apache
ETag: "7d-460445781a740"
Upgrade: h2
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Content-Length: 125

GET
H/1.1 200
OK blockquote.gif
balloflightning.com/wp-content/themes/vigilance/images/ 568 B
836 B 100ms
99ms Image
image/gif 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/wp-content/themes/vigilance/images/blockquote.gif
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 3d71635d6705e9cdde9bba3e408ee3d129f9fc92b88cdaa05c6b6f81d1fc0e45

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
Cookie: __utma=178274231.298265030.1551697165.1551697165.1551697165.1; __utmc=178274231; __utmz=178274231.1551697165.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=178274231.1.10.1551697165; HstCfa4214393=1551697165076; HstCla4214393=1551697165076; HstCmu4214393=1551697165076; HstPn4214393=1; HstPt4214393=1; HstCnv4214393=1; HstCns4214393=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Last-Modified: Mon, 12 Jan 2009 07:49:03 GMT
Server: Apache
ETag: "238-46044572619c0"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 568

GET
H/1.1 200
OK feed-icon.png
balloflightning.com/wp-content/themes/vigilance/images/ 689 B
957 B 100ms
99ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/wp-content/themes/vigilance/images/feed-icon.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 8ee173565b2e771fecf3b471a79bdf072aaa1bd9dc27582cfda2b2a322beeba8

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Last-Modified: Mon, 12 Jan 2009 07:49:10 GMT
Server: Apache
ETag: "2b1-460445790e980"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 689

GET
H/1.1 200
OK mail-icon.png
balloflightning.com/wp-content/themes/vigilance/images/ 443 B
734 B 165ms
99ms Image
image/png 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/wp-content/themes/vigilance/images/mail-icon.png
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: e07186cd41cce53acbb782dcf7d50bb60fd2b56d04d6337a7591dcb30182fdcc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Last-Modified: Mon, 12 Jan 2009 07:49:27 GMT
Server: Apache
ETag: "1bb-4604458944fc0"
Upgrade: h2
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: image/png
Keep-Alive: timeout=5, max=100
Content-Length: 443

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
171 B 16ms
14ms Script
application/javascript 2a00:1450:4001:816::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=balloflightning.com

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:816::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:59:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
171 B 16ms
15ms Script
application/javascript 2a00:1450:4001:816::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=balloflightning.com

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:816::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:59:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript; charset=UTF-8
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 104
x-xss-protection: 1; mode=block

GET
H2 200 ca-pub-9157972950764477.js Show response
pagead2.googlesyndication.com/pub-config/r20160913/ 133 B
430 B 22ms
6ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-9157972950764477.js

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:10:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 03 Mar 2019 20:06:34 GMT
server: sffe
age: 2959
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=43200
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 125
x-xss-protection: 1; mode=block
expires: Mon, 04 Mar 2019 22:10:05 GMT

GET
H/1.1 200
OK show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/ 195 KB
73 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

31f3224dc947d402d9c094684600cef2912ece34f6c88b4d581f8eafe315009c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Type: text/javascript; charset=UTF-8
Server: cafe
ETag: 906222807878116051
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=1209600
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 73769
X-XSS-Protection: 1; mode=block
Expires: Mon, 04 Mar 2019 10:59:24 GMT

GET
H/1.1 200
OK show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/ Frame ADC6 195 KB
73 KB 33ms
27ms Script
text/javascript 2a00:1450:4001:820::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

31f3224dc947d402d9c094684600cef2912ece34f6c88b4d581f8eafe315009c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:24 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Type: text/javascript; charset=UTF-8
Server: cafe
ETag: 906222807878116051
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=1209600
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 73769
X-XSS-Protection: 1; mode=block
Expires: Mon, 04 Mar 2019 10:59:24 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190227/r20190131/ Frame 3A2B 0
0 8ms
6ms Document
text/html 2a00:1450:4001:81c::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20190227/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20190227/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://balloflightning.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://balloflightning.com/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
vary: Accept-Encoding
date: Thu, 28 Feb 2019 02:16:43 GMT
expires: Thu, 14 Mar 2019 02:16:43 GMT
content-type: text/html; charset=UTF-8
etag: 15457983066924787283
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 6951
x-xss-protection: 1; mode=block
cache-control: public, max-age=1209600
age: 376961
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"

GET
H/1.1 200
OK list-item.gif
balloflightning.com/wp-content/themes/vigilance/images/ 114 B
381 B 99ms
99ms Image
image/gif 192.252.146.33
CenturyLink Commu...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://balloflightning.com/wp-content/themes/vigilance/images/list-item.gif
Requested by: Host: www.google-analytics.com
URL: https://www.google-analytics.com/ga.js
Protocol: HTTP/1.1
Server: 192.252.146.33 Waltham, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS - CenturyLink Communications, LLC, US),
Reverse DNS: s483.sureserver.com
Software: Apache /
Resource Hash: 96366d3cb9b77dac7c612f2ef10810f30f091d568e02299772d3a3478a0ec9cc

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: balloflightning.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
Cookie: __utma=178274231.298265030.1551697165.1551697165.1551697165.1; __utmc=178274231; __utmz=178274231.1551697165.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; __utmb=178274231.1.10.1551697165; HstCfa4214393=1551697165076; HstCla4214393=1551697165076; HstCmu4214393=1551697165076; HstPn4214393=1; HstPt4214393=1; HstCnv4214393=1; HstCns4214393=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://balloflightning.com/wp-content/themes/vigilance/css/master.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Last-Modified: Mon, 12 Jan 2009 07:49:18 GMT
Server: Apache
ETag: "72-46044580afb80"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 114

GET
H2

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1000267135&utmhn=balloflightning.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=b...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1000267135&utmhn=balloflightning.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=...

35 B
111 B

16ms
16ms

Image
image/gif

2a00:1450:4001:81f::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1000267135&utmhn=balloflightning.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ball%20of%20lightning%20%5Bdot%5D%20com%20%7C%20Hitting%20more%20home%20runs%20than%20Julio%20Lugo%20since%202002%E2%80%A6&utmhid=295565593&utmr=-&utmp=%2F&utmht=1551697164997&utmac=UA-20486931-3&utmcc=__utma%3D178274231.298265030.1551697165.1551697165.1551697165.1%3B%2B__utmz%3D178274231.1551697165.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=365623345&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: balloflightning.com
URL: http://balloflightning.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81f::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2019 10:59:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1000267135&utmhn=balloflightning.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=ball%20of%20lightning%20%5Bdot%5D%20com%20%7C%20Hitting%20more%20home%20runs%20than%20Julio%20Lugo%20since%202002%E2%80%A6&utmhid=295565593&utmr=-&utmp=%2F&utmht=1551697164997&utmac=UA-20486931-3&utmcc=__utma%3D178274231.298265030.1551697165.1551697165.1551697165.1%3B%2B__utmz%3D178274231.1551697165.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=365623345&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS

GET
H2 200 r.php
oshona.in/wp-admin/css/colors/blue/ 44 B
356 B 691ms
609ms XHR
text/html 2606:4700:30::6812:3390
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://oshona.in/wp-admin/css/colors/blue/r.php
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::6812:3390 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://balloflightning.com/
Origin: http://balloflightning.com

Response headers

date: Mon, 04 Mar 2019 10:59:25 GMT
content-encoding: br
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 4b235731c94f9706-FRA

GET
H/1.1 200
OK js15_as.js Show response
s10.histats.com/ 11 KB
5 KB 39ms
9ms Script
text/javascript 46.105.201.240
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://s10.histats.com/js15_as.js
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:50:27 GMT
Content-Encoding: gzip
Last-Modified: Thu, 06 Dec 2018 14:12:12 GMT
X-CDN-Pop-IP: 137.74.120.32/27
ETag: "-139234964"
X-Cacheable: Matched cache
Vary: Accept-Encoding
X-IPLB-Instance: 4761
Content-Type: text/javascript
X-CDN-Pop: sbg
Accept-Ranges: bytes
Content-Length: 4525

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 4AA8 0
0 168ms
166ms Document
text/html 2a00:1450:4001:81c::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9157972950764477&output=html&h=250&slotname=1942146633&adk=3856083767&adf=290942192&w=250&lmt=1551697165&guci=1.2.0.0.2.2.0.0&url=http%3A%2F%2Fballoflightning.com%2F&flash=0&wgl=1&adsid=NT&dt=1551697164945&bpp=18&bdt=941&fdt=86&idt=85&shv=r20190227&cbv=r20190131&saldr=sa&abxe=1&correlator=6507346771907&frm=20&pv=2&ga_vid=298265030.1551697165&ga_sid=1551697165&ga_hid=295565593&ga_fc=1&iag=0&icsg=8840&dssz=13&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=978&ady=395&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21063245&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=7&ifi=1&uci=1.qxt68arrcvrp&fsb=1&xpc=cp4JSm7syQ&p=http%3A//balloflightning.com&dtd=117

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9157972950764477&output=html&h=250&slotname=1942146633&adk=3856083767&adf=290942192&w=250&lmt=1551697165&guci=1.2.0.0.2.2.0.0&url=http%3A%2F%2Fballoflightning.com%2F&flash=0&wgl=1&adsid=NT&dt=1551697164945&bpp=18&bdt=941&fdt=86&idt=85&shv=r20190227&cbv=r20190131&saldr=sa&abxe=1&correlator=6507346771907&frm=20&pv=2&ga_vid=298265030.1551697165&ga_sid=1551697165&ga_hid=295565593&ga_fc=1&iag=0&icsg=8840&dssz=13&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=978&ady=395&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853%2C21063245&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=16&bc=7&ifi=1&uci=1.qxt68arrcvrp&fsb=1&xpc=cp4JSm7syQ&p=http%3A//balloflightning.com&dtd=117
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://balloflightning.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://balloflightning.com/

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Mon, 04 Mar 2019 10:59:25 GMT
server: cafe
content-length: 325
x-xss-protection: 1; mode=block
set-cookie: test_cookie=CheckForPermission; expires=Mon, 04-Mar-2019 11:14:25 GMT; path=/; domain=.doubleclick.net
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
expires: Mon, 04 Mar 2019 10:59:25 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 77 KB
28 KB 67ms
40ms Script
text/javascript 2a00:1450:4001:817::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/show_ads_impl.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:817::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

1d56c4a8196ffea388207309d9f9fe87d933a2838008ebfeb003cb0c12faaced

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:59:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1551269762062339"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length: 28006
x-xss-protection: 1; mode=block
expires: Mon, 04 Mar 2019 10:59:25 GMT

GET
H/1.1 200
OK 0.php Show response
s4.histats.com/stats/ 52 B
323 B 194ms
93ms Script
text/html 198.27.67.211
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://s4.histats.com/stats/0.php?4214393&@f16&@g1&@h1&@i1&@j1551697165076&@k0&@l1&@mball%20of%20lightning%20%5Bdot%5D%20com%20%7C%20Hitting%20more%20home%20runs%20than%20Julio%20Lugo%20since%202002%E2%80%A6&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:194108315&@b3:1551697165&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fballoflightning.com%2F&@w
Requested by: Host: s10.histats.com
URL: http://s10.histats.com/js15_as.js
Protocol: HTTP/1.1
Server: 198.27.67.211 Montréal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns510716.ip-198-27-67.net
Software: /
Resource Hash: 64fe6959cf5d49e7fa2511d779daf25ddbd6d0e2ae410bbbaba190a486e95ea4

Request headers

Referer: http://balloflightning.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 04 Mar 2019 10:59:25 GMT
Connection: close
Content-Length: 52
Content-Type: text/html;charset=UTF-8

GET
H/1.1

200
OK

Cookie set / Show response
search.frenkulok.info/
Redirect Chain

http://ifbattrecha.tk/index/?5731550755135
http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808

5 KB
3 KB

286ms
108ms

Document
text/html

198.143.165.221
SingleHop LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808
Requested by: Host: balloflightning.com
URL: http://balloflightning.com/
Protocol: HTTP/1.1
Server: 198.143.165.221 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx /
Resource Hash: df171a0fcc04e1ae035a6a851eaa31c58229a168080ef6f334082aa63aef9889

Request headers

Host: search.frenkulok.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://balloflightning.com/
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://balloflightning.com/

Response headers

Server: nginx
Date: Mon, 04 Mar 2019 10:59:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: u=6f11c10609338a8d6e4f4720c42ca60e; expires=Tue, 03-Mar-2020 10:59:26 GMT; Max-Age=31536000; path=/
Content-Encoding: gzip

Redirect headers

Server: nginx/1.12.2
Date: Mon, 04 Mar 2019 10:59:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Mon, 04 Mar 2019 10:59:26 GMT
Cache-Control: max-age=0
Pragma: no-cache
Set-Cookie: 00831=%7B%22streams%22%3A%7B%227115%22%3A1551697166%7D%2C%22campaigns%22%3A%7B%22808%22%3A1551697166%7D%2C%22time%22%3A1551697166%7D; expires=Thu, 04-Apr-2019 10:59:26 GMT; Max-Age=2678400; path=/; domain=.ifbattrecha.tk
Location: http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808

GET
H/1.1 200
OK / Show response
search.frenkulok.info/ 11 KB
4 KB 122ms
121ms Document
text/html 198.143.165.221
SingleHop LLC

General

Check archive.org

Show headers Download Go to

Full URL: http://search.frenkulok.info/?utm_term=6664488581282661163&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8db283b08186b684859a9ba999d9f0f3fafef6b0d8f8f4ba95d8dfe8dbdaefeced96919584e6e7d5e5cbcdc8c9fecececdc2f3c0c1c3c2c4c1fca8c8f9fefffcfdf2f3f0f1f6f7f0f5eaebe856
Requested by: Host: search.frenkulok.info
URL: http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808
Protocol: HTTP/1.1
Server: 198.143.165.221 Chicago, United States, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),
Reverse DNS: server04.com-2.mobi
Software: nginx /
Resource Hash: 8af64fd0d6f1b74dcad8be216930e6529414083c405b62bea190859d2fccb881

Request headers

Host: search.frenkulok.info
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808
Accept-Encoding: gzip, deflate
Cookie: u=6f11c10609338a8d6e4f4720c42ca60e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808

Response headers

Server: nginx
Date: Mon, 04 Mar 2019 10:59:26 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip

GET
H2

200

in.html Show response
up.trkgenius.com/
Redirect Chain

http://search.frenkulok.info/proc.php?5cf93c8a8cc3112fa2e8fb6be5daafd5d8a895f4
https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608

6 KB
3 KB

62ms
14ms

Document
text/html

107.6.174.196
SingleHop LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608

Requested by

Host: search.frenkulok.info
URL: http://search.frenkulok.info/?utm_term=6664488581282661163&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8db283b08186b684859a9ba999d9f0f3fafef6b0d8f8f4ba95d8dfe8dbdaefeced96919584e6e7d5e5cbcdc8c9fecececdc2f3c0c1c3c2c4c1fca8c8f9fefffcfdf2f3f0f1f6f7f0f5eaebe856

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

107.6.174.196 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),

Reverse DNS

bigfish.setupcentral.network

Software

nginx/1.14.0 /

Resource Hash

7e11348d49a8eb6e7584fca5405c42b697353d4c8b6946ac4d57c4e17b0e0eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: up.trkgenius.com
:scheme: https
:path: /in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://search.frenkulok.info/?utm_term=6664488581282661163&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8db283b08186b684859a9ba999d9f0f3fafef6b0d8f8f4ba95d8dfe8dbdaefeced96919584e6e7d5e5cbcdc8c9fecececdc2f3c0c1c3c2c4c1fca8c8f9fefffcfdf2f3f0f1f6f7f0f5eaebe856
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://search.frenkulok.info/?utm_term=6664488581282661163&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8db283b08186b684859a9ba999d9f0f3fafef6b0d8f8f4ba95d8dfe8dbdaefeced96919584e6e7d5e5cbcdc8c9fecececdc2f3c0c1c3c2c4c1fca8c8f9fefffcfdf2f3f0f1f6f7f0f5eaebe856

Response headers

status: 200
server: nginx/1.14.0
date: Mon, 04 Mar 2019 10:59:26 GMT
content-type: text/html
last-modified: Sun, 27 Jan 2019 05:38:08 GMT
etag: W/"5c4d43c0-1605"
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip

Redirect headers

Server: nginx
Date: Mon, 04 Mar 2019 10:59:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608

GET
H2 200 in.php
up.trkgenius.com/ 1 KB
983 B 27ms
27ms Document
text/html 107.6.174.196
SingleHop LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://up.trkgenius.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608&m=MQk_qMkcNMiWAba6-tPzM.INeq_UhEGQJBO4I_XBkaJjtjD4D_DjtjOhDoH1tBt_MkJ_D4kshNofecpBOmtaHhtOsF2Qh9Gs-qis-no6e9p6D_HUw9XNdi

Requested by

Host: up.trkgenius.com
URL: https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

107.6.174.196 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US),

Reverse DNS

bigfish.setupcentral.network

Software

nginx/1.14.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: up.trkgenius.com
:scheme: https
:path: /in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608&m=MQk_qMkcNMiWAba6-tPzM.INeq_UhEGQJBO4I_XBkaJjtjD4D_DjtjOhDoH1tBt_MkJ_D4kshNofecpBOmtaHhtOsF2Qh9Gs-qis-no6e9p6D_HUw9XNdi
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608

Response headers

status: 200
server: nginx/1.14.0
date: Mon, 04 Mar 2019 10:59:27 GMT
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
surrogate-control: no-store
refresh: 0; url=out.php?v=8c8620572fbec2b1f301a8e81bbb7130
set-cookie: t=f291562227dc18b2
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip

GET
H2

200

5a37c8ad-f104-11e5-9f1f-0626cc8adced Show response
onwardinated.com/c/
Redirect Chain

https://up.trkgenius.com/out.php?v=8c8620572fbec2b1f301a8e81bbb7130
https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx

3 KB
3 KB

167ms
68ms

Document
text/html

104.25.212.28
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.25.212.28 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / React/alpha
Resource Hash: c2f323a234a40e5a8367aa8b33d6c8719662b8e28ee09aba580d4f81984ad75d

Request headers

:method: GET
:authority: onwardinated.com
:scheme: https
:path: /c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://up.trkgenius.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608&m=MQk_qMkcNMiWAba6-tPzM.INeq_UhEGQJBO4I_XBkaJjtjD4D_DjtjOhDoH1tBt_MkJ_D4kshNofecpBOmtaHhtOsF2Qh9Gs-qis-no6e9p6D_HUw9XNdi
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://up.trkgenius.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6664488581282661163&pubid=1608&m=MQk_qMkcNMiWAba6-tPzM.INeq_UhEGQJBO4I_XBkaJjtjD4D_DjtjOhDoH1tBt_MkJ_D4kshNofecpBOmtaHhtOsF2Qh9Gs-qis-no6e9p6D_HUw9XNdi

Response headers

status: 200
date: Mon, 04 Mar 2019 10:59:27 GMT
content-length: 2962
set-cookie: __cfduid=d928ce796e3f84ae2f4b7252a2c10eff21551697167; expires=Tue, 03-Mar-20 10:59:27 GMT; path=/; domain=.onwardinated.com; HttpOnly; Secure _s=940ba3cc-3e6c-11e9-afb9-0143ed1a8f30; expires=Thu, 14-Mar-2019 10:59:27 GMT; Max-Age=864000; path=/; httponly _s=940ba3cc-3e6c-11e9-afb9-0143ed1a8f30; Path=/; Expires=Thu, 14-Mar-2019 10:59:27 GMT; HttpOnly
cache-control: no-cache, private
x-powered-by: React/alpha
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4b23573f5bf6bfef-MAN

Redirect headers

status: 302
server: nginx/1.14.0
date: Mon, 04 Mar 2019 10:59:27 GMT
content-type: text/html; charset=UTF-8
location: https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 x.static.min.js Show response
presicdn.com/js/ 9 KB
4 KB 92ms
17ms Script
application/javascript 104.25.41.115
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://presicdn.com/js/x.static.min.js
Requested by: Host: onwardinated.com
URL: https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.25.41.115 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a992976e7128e1f1691fe3675fe92ca350df6b28bce4791c2f75a11e71914d1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:59:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 15 Feb 2019 14:18:33 GMT
server: cloudflare
etag: W/"5c66ca39-25fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=2592000
cf-ray: 4b2357406e75c865-AMS
expires: Wed, 03 Apr 2019 10:59:27 GMT

GET
H2 200 / Show response
trck-ms.com/d/940c4840-3e6c-11e9-bbeb-1143ed1a8f21/b8478c/ 0
147 B 43ms
8ms Script
application/javascript 52.29.145.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://trck-ms.com/d/940c4840-3e6c-11e9-bbeb-1143ed1a8f21/b8478c/
Requested by: Host: presicdn.com
URL: https://presicdn.com/js/x.static.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.145.24 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-145-24.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Mon, 04 Mar 2019 10:59:27 GMT
server: nginx
content-length: 0
content-type: application/javascript

GET
H2 200 /
circultural.com/v/940b9788-3e6c-11e9-8576-0143ed1a8fa4/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/ 89 B
486 B 233ms
77ms Document
text/html 104.25.143.28
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://circultural.com/v/940b9788-3e6c-11e9-8576-0143ed1a8fa4/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx&_i=1&_s=940ba3cc-3e6c-11e9-afb9-0143ed1a8f30&_r=up.trkgenius.com&_n=&_d=7|0|0|0|1|1|t|t|1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|148|1|1|t|t|lum0y,6nq96o,0|en-US|Linux%20x86_64|aaaa0|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36|0|8|148.251.45.170|u|t|t|t|u|u|u|u|ex:nq6ww|1|u|t|n|n|n|n|1600x1200|0|0|t|0|t|940c4840-3e6c-11e9-bbeb-1143ed1a8f21|cs_rr
Requested by: Host: onwardinated.com
URL: https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.25.143.28 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / React/alpha
Resource Hash

Request headers

:method: GET
:authority: circultural.com
:scheme: https
:path: /v/940b9788-3e6c-11e9-8576-0143ed1a8fa4/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx&_i=1&_s=940ba3cc-3e6c-11e9-afb9-0143ed1a8f30&_r=up.trkgenius.com&_n=&_d=7|0|0|0|1|1|t|t|1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|148|1|1|t|t|lum0y,6nq96o,0|en-US|Linux%20x86_64|aaaa0|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36|0|8|148.251.45.170|u|t|t|t|u|u|u|u|ex:nq6ww|1|u|t|n|n|n|n|1600x1200|0|0|t|0|t|940c4840-3e6c-11e9-bbeb-1143ed1a8f21|cs_rr
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Mon, 04 Mar 2019 10:59:27 GMT
content-type: text/html;charset=utf-8
set-cookie: __cfduid=d408781eb3a2485f8c50869d37952ee681551697167; expires=Tue, 03-Mar-20 10:59:27 GMT; path=/; domain=.circultural.com; HttpOnly; Secure
cache-control: no-cache, private
refresh: 0;url=https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
x-powered-by: React/alpha
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4b2357427af9be16-MXP
content-encoding: br

GET
H2 200 Primary Request / Show response
2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/ 61 KB
61 KB 54ms
37ms Document
text/html 104.25.143.28
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.25.143.28 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / React/alpha
Resource Hash: a7f719103983717f5455de44ca8b144a16ee6ed97df725e2f26982f039d5b72a

Request headers

:method: GET
:authority: 2e3d84.circultural.com
:scheme: https
:path: /l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://circultural.com/v/940b9788-3e6c-11e9-8576-0143ed1a8fa4/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx&_i=1&_s=940ba3cc-3e6c-11e9-afb9-0143ed1a8f30&_r=up.trkgenius.com&_n=&_d=7|0|0|0|1|1|t|t|1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|148|1|1|t|t|lum0y,6nq96o,0|en-US|Linux%20x86_64|aaaa0|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36|0|8|148.251.45.170|u|t|t|t|u|u|u|u|ex:nq6ww|1|u|t|n|n|n|n|1600x1200|0|0|t|0|t|940c4840-3e6c-11e9-bbeb-1143ed1a8f21|cs_rr
accept-encoding: gzip, deflate, br
cookie: __cfduid=d408781eb3a2485f8c50869d37952ee681551697167
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://circultural.com/v/940b9788-3e6c-11e9-8576-0143ed1a8fa4/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?subid=c4c9e5441a8fd7ee2a44eab9157c67b2&pubid=dvx&_i=1&_s=940ba3cc-3e6c-11e9-afb9-0143ed1a8f30&_r=up.trkgenius.com&_n=&_d=7|0|0|0|1|1|t|t|1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|148|1|1|t|t|lum0y,6nq96o,0|en-US|Linux%20x86_64|aaaa0|20030107|5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_13_5)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/67.0.3396.87%20Safari/537.36|0|8|148.251.45.170|u|t|t|t|u|u|u|u|ex:nq6ww|1|u|t|n|n|n|n|1600x1200|0|0|t|0|t|940c4840-3e6c-11e9-bbeb-1143ed1a8f21|cs_rr

Response headers

status: 200
date: Mon, 04 Mar 2019 10:59:27 GMT
content-length: 62408
cache-control: no-cache, private
x-powered-by: React/alpha
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4b2357432bc5be16-MXP

GET
H2 200 imag.png
2e3d84.circultural.com/static/8c579bd6-2433-11e6-9af1-02401b02a2b5/ 30 KB
30 KB 22ms
21ms Image
image/webp 104.25.143.28
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2e3d84.circultural.com/static/8c579bd6-2433-11e6-9af1-02401b02a2b5/imag.png
Requested by: Host: 2e3d84.circultural.com
URL: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.25.143.28 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a45880bfa026035a611329d03d7ee086b7679b9e5285ecc882478d357470ce82

Request headers

:path: /static/8c579bd6-2433-11e6-9af1-02401b02a2b5/imag.png
pragma: no-cache
cookie: __cfduid=d408781eb3a2485f8c50869d37952ee681551697167
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: 2e3d84.circultural.com
referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
:scheme: https
:method: GET
Referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:59:27 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=33794
status: 200
content-disposition: inline; filename="imag.webp"
content-length: 30924
last-modified: Sun, 03 Mar 2019 23:58:27 GMT
server: cloudflare
etag: "5c7c6a23-8402"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Thu, 04 Apr 2019 10:59:27 GMT
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 4b2357437c35be16-MXP
cf-bgj: imgq:85

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 837 B
609 B 16ms
16ms Script
text/javascript 2a00:1450:4001:815::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

Requested by

Host: 2e3d84.circultural.com
URL: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

f6c497ded43b1c64377d3d76cd4e64c6c79ec8f0d1e238363c92bd16b1a567ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:59:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 469
x-xss-protection: 1; mode=block
expires: Mon, 04 Mar 2019 10:59:27 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/api2/v1550471573786/ 259 KB
90 KB 17ms
6ms Script
text/javascript 2a00:1450:4001:81a::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5bea0ee3455f7e60ae32de7cda7dfd5dba2847dc80cf11818e55babcd35e361a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Feb 2019 03:30:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 17:15:00 GMT
server: sffe
age: 977314
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="44,43,39"
content-length: 92125
x-xss-protection: 1; mode=block
expires: Fri, 21 Feb 2020 03:30:53 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame BE75 0
0 27ms
26ms Document
text/html 2a00:1450:4001:815::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&co=aHR0cHM6Ly8yZTNkODQuY2lyY3VsdHVyYWwuY29tOjQ0Mw..&hl=en&type=image&v=v1550471573786&theme=light&size=normal&cb=5kccoy5bw153

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zBBr9W4/dOvi+j6TmZ7YDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&co=aHR0cHM6Ly8yZTNkODQuY2lyY3VsdHVyYWwuY29tOjQ0Mw..&hl=en&type=image&v=v1550471573786&theme=light&size=normal&cb=5kccoy5bw153
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Mar 2019 10:59:27 GMT
content-security-policy: script-src 'report-sample' 'nonce-zBBr9W4/dOvi+j6TmZ7YDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11385
server: GSE
alt-svc: quic=":443"; ma=2592000; v="44,43,39"

GET
H2 200 / Show response
trck-ms.com/resource/9f8b0fb1039c1c53513038b628b9428f/pushNotification.setId/ 0
145 B 8ms
8ms Script
application/javascript 52.29.145.24
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://trck-ms.com/resource/9f8b0fb1039c1c53513038b628b9428f/pushNotification.setId/
Requested by: Host: 2e3d84.circultural.com
URL: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.145.24 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-29-145-24.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Mon, 04 Mar 2019 10:59:28 GMT
server: nginx
content-length: 0
content-type: application/javascript

GET
H2 200 945852a8-3e6c-11e9-a6cc-11467fc2ec1a Show response
2e3d84.circultural.com/ns/ 0
59 B 36ms
36ms Fetch 104.25.143.28
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://2e3d84.circultural.com/ns/945852a8-3e6c-11e9-a6cc-11467fc2ec1a?p=none&t=7&m=&et=0.07499754428863525|0|0|0|0|0|0|0|0|0&cid=5a37c8ad-f104-11e5-9f1f-0626cc8adced&inif=false
Requested by: Host: 2e3d84.circultural.com
URL: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.25.143.28 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / React/alpha
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /ns/945852a8-3e6c-11e9-a6cc-11467fc2ec1a?p=none&t=7&m=&et=0.07499754428863525|0|0|0|0|0|0|0|0|0&cid=5a37c8ad-f104-11e5-9f1f-0626cc8adced&inif=false
pragma: no-cache
cookie: __cfduid=d408781eb3a2485f8c50869d37952ee681551697167
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: 2e3d84.circultural.com
referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
:scheme: https
:method: GET
Referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 04 Mar 2019 10:59:28 GMT
server: cloudflare
x-powered-by: React/alpha
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
cache-control: no-cache, private
cf-ray: 4b2357451e03be16-MXP
content-length: 0

GET
H2 200 bframe
www.google.com/recaptcha/api2/ Frame 7F65 0
0 18ms
17ms Document
text/html 2a00:1450:4001:815::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1550471573786&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&cb=yroa22x3r2oy

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FWux2/Dr0giXgE1t5y2h8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=v1550471573786&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&cb=yroa22x3r2oy
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://2e3d84.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/945852a8-3e6c-11e9-a6cc-11467fc2ec1a/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Mar 2019 10:59:28 GMT
content-security-policy: script-src 'report-sample' 'nonce-FWux2/Dr0giXgE1t5y2h8w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1126
server: GSE
alt-svc: quic=":443"; ma=2592000; v="44,43,39"

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.circultural.com/	1970-01-19 07:47:13	Name: __cfduid Value: d408781eb3a2485f8c50869d37952ee681551697167

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: http://widgets.twimg.com/j/2/widget.js(Line 1) Message: TWITTER WIDGET: The Twitter API v1.0 is deprecated, and this widget has ceased functioning.
console-api	warning	URL: http://widgets.twimg.com/j/2/widget.js(Line 1) Message: TWITTER WIDGET: You can replace it with a new, upgraded widget from <https://twitter.com/settings/widgets/new/user?screen_name=theweatherczar>
console-api	warning	URL: http://widgets.twimg.com/j/2/widget.js(Line 1) Message: TWITTER WIDGET: For more information on alternative Twitter tools, see <https://dev.twitter.com/docs/twitter-for-websites>

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2e3d84.circultural.com
adservice.google.com
adservice.google.de
balloflightning.com
circultural.com
dxxf6u5a9tfeq.cloudfront.net
googleads.g.doubleclick.net
ifbattrecha.tk
onwardinated.com
oshona.in
pagead2.googlesyndication.com
presicdn.com
s10.histats.com
s4.histats.com
search.frenkulok.info
stevengoddard.files.wordpress.com
trck-ms.com
up.trkgenius.com
widgets.twimg.com
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.paypalobjects.com
104.25.143.28
104.25.212.28
104.25.41.115
107.6.174.196
192.0.72.22
192.252.146.33
198.143.165.221
198.27.67.211
213.226.124.253
23.210.248.226
2600:9000:200c:3a00:13:6fb5:1080:21
2606:2800:234:9f9:e6a:1ade:3a9:26d9
2606:4700:30::6812:3390
2a00:1450:4001:815::2004
2a00:1450:4001:816::2002
2a00:1450:4001:817::2002
2a00:1450:4001:81a::2003
2a00:1450:4001:81c::2002
2a00:1450:4001:81f::200e
2a00:1450:4001:820::2002
46.105.201.240
52.29.145.24
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0d71874261776c450b6afff80c9303469eb4d42a98277d74ea654ab30aceea63
1147ea1b4b33f450ab6849dd78cc58a7efbc59d4b9689f55a9d06d295a3703d9
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1d56c4a8196ffea388207309d9f9fe87d933a2838008ebfeb003cb0c12faaced
1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31f3224dc947d402d9c094684600cef2912ece34f6c88b4d581f8eafe315009c
3d71635d6705e9cdde9bba3e408ee3d129f9fc92b88cdaa05c6b6f81d1fc0e45
3d9340ba848d79a415261a77c34a55dd7d31aa84089cc509a04a80349f5e1abe
571a11332198177498c7172062bd9bfbb6494d7fa0fe06a294d628b5c08361e5
5785a387e59253fa27e975333d4e76a7facad8727d0859edf46a111307f70565
5b76c6d60f6bec0ef1dde58cd97a20af7055044328a8e9a676b0082c5be178f1
5bea0ee3455f7e60ae32de7cda7dfd5dba2847dc80cf11818e55babcd35e361a
5e52b9eb721386fcb0962d9a32b5ae13c25b267c1d1320f414e0ef70fc82e238
63aac44690ebbfb481c6d4226d95a2c4fc8b0784d942e3ee0d47721e26da2d2a
64fe6959cf5d49e7fa2511d779daf25ddbd6d0e2ae410bbbaba190a486e95ea4
6d11f739366a95d1659c34a7bb6b1aad1095966563392b7422afad176960251b
74118bc99f1f193809765fad477944b2717d2d03bb0d05b1f42b11fc1862cb5d
7e11348d49a8eb6e7584fca5405c42b697353d4c8b6946ac4d57c4e17b0e0eaf
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8a992976e7128e1f1691fe3675fe92ca350df6b28bce4791c2f75a11e71914d1
8af64fd0d6f1b74dcad8be216930e6529414083c405b62bea190859d2fccb881
8ee173565b2e771fecf3b471a79bdf072aaa1bd9dc27582cfda2b2a322beeba8
96366d3cb9b77dac7c612f2ef10810f30f091d568e02299772d3a3478a0ec9cc
990ac5a06fd44ca4e5cebe8b844e327d35ea9bc00d6c33f80fb99cd5e1036291
99fcd8cf69319906ca3c10cffd03a8826e961480993b020792caa1e8dc7964a2
a45880bfa026035a611329d03d7ee086b7679b9e5285ecc882478d357470ce82
a7f719103983717f5455de44ca8b144a16ee6ed97df725e2f26982f039d5b72a
ace0ac699af336c48232b8ce7c02a2173fba6c0186965a966dff6bf3a59d629c
c2f323a234a40e5a8367aa8b33d6c8719662b8e28ee09aba580d4f81984ad75d
c894a9b667569066ff4c2eda4528f5b10582fb20ad99295445c997ce3c02b3ff
df171a0fcc04e1ae035a6a851eaa31c58229a168080ef6f334082aa63aef9889
e07186cd41cce53acbb782dcf7d50bb60fd2b56d04d6337a7591dcb30182fdcc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40079833661349939751b3a2d09a060e6343f16ad20f4160a66d68d01030e3b
e512f69565f251b48ea54fdb5bfe4b53659ffbbf60f21c9d8e5fee9b3867a438
ecce47be44c12bff8c37f8f7c898c1642d844d77d2b9ee04c8811e2f7e7299ab
eed728e34c9952a37c51ad4a25a65fe5ae65e0e6405e0a6591e2259e44d086bc
f0debcec2d08ffe1e881fb1db234f60608d9ef2e00ea911e3aea0bbfbc5c1f4f
f6c497ded43b1c64377d3d76cd4e64c6c79ec8f0d1e238363c92bd16b1a567ed
fbaa02863040d15c4410d572c4d213c2b8c75425279c5a01672c6ff86fd9d6c3

2e3d84.circultural.com Open in urlscan Pro 104.25.143.28 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

54 Requests

50 %HTTPS

45 %IPv6

21 Domains

24 Subdomains

21 IPs

7 Countries

1365 kBTransfer

1906 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

2e3d84.circultural.com Open in urlscan Pro
104.25.143.28 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

50 %
HTTPS

45 %
IPv6

21
Domains

24
Subdomains

21
IPs

7
Countries

1365 kB
Transfer

1906 kB
Size

1
Cookies

54 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!