promo-nordfx.com Open in urlscan Pro
96.46.181.166 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Submission: On August 20 via api (August 20th 2023, 8:19:04 am UTC) from US — Scanned from DE

Summary HTTP 51 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 11 domains to perform 51 HTTP transactions. The main IP is 96.46.181.166, located in United States and belongs to SERVERS-COM, US. The main domain is promo-nordfx.com.
TLS certificate: Issued by R3 on July 12th 2023. Valid for: 3 months.

This is the only time promo-nordfx.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20	96.46.181.166 96.46.181.166	7979 (SERVERS-COM) (SERVERS-COM)
4	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
5 12	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
1	193.233.15.208 193.233.15.208	42745 (SAFEVALUE-AS) (SAFEVALUE-AS)
1 3	2600:9000:20c... 2600:9000:20c3:8600:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:303... 2606:4700:3036::ac43:b429	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a05:d018:cc3... 2a05:d018:cc3:fe05:887b:343b:6e24:6fce	16509 (AMAZON-02) (AMAZON-02)
51	14

20 96.46.181.166 (United States)

ASN7979 (SERVERS-COM, US)

promo-nordfx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:6b8::1:119 (Moscow, Russian Federation) 5 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.233.15.208 (Russian Federation)

ASN42745 (SAFEVALUE-AS, SC)

cdn.nordfx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20c3:8600:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3036::ac43:b429 (United States)

ASN13335 (CLOUDFLARENET, US)

scripts.mediamathrdrt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe05:887b:343b:6e24:6fce (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	promo-nordfx.com promo-nordfx.com	3 MB
9	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 10691	3 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5345	686 B
4	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 122 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55	2 KB
4	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2706 www.google.com — Cisco Umbrella Rank: 3	871 B
4	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 3122 d.adroll.com — Cisco Umbrella Rank: 1612	28 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 76	320 KB
3	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 3768	75 KB
2	mediamathrdrt.com scripts.mediamathrdrt.com — Cisco Umbrella Rank: 212154	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 62	21 KB
1	nordfx.com cdn.nordfx.com	904 B
51	11

	Domain	Requested by
20	promo-nordfx.com	promo-nordfx.com
9	mc.yandex.com	3 redirects promo-nordfx.com mc.yandex.ru
4	www.google.de	promo-nordfx.com
4	www.googletagmanager.com	promo-nordfx.com www.googletagmanager.com www.google-analytics.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	s.adroll.com	1 redirects promo-nordfx.com
3	mc.yandex.ru	2 redirects promo-nordfx.com
2	www.google.com	promo-nordfx.com
2	region1.analytics.google.com	www.googletagmanager.com
2	scripts.mediamathrdrt.com	www.googletagmanager.com scripts.mediamathrdrt.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	d.adroll.com	s.adroll.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	cdn.nordfx.com	www.googletagmanager.com
51	14

This site contains links to these domains. Also see Links.

Domain
account.nordfx.com
nuode.info
indonesia-nordfx.com
es.nordfx.com
pt.nordfx.com
ae.nordfx.com
hi.nordfx.com
persian-nordfx.com
th.nordfx.com
bn.nordfx.com
lk.nordfx.com
nordvn.info
ja.nordfx.com
ua.nordfx.com
ta.nordfx.com
nordfxvn-en.com
nordfxmalaysian.com
nordfx.com

Subject Issuer	Validity	Valid
promo-nordfx.com R3	`2023-07-12` - `2023-10-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
*.nordfx.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-22` - `2023-12-28`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
mediamathrdrt.com GTS CA 1P5	`2023-07-08` - `2023-10-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Frame ID: 3A3220ACADCC4017C7BF86A34B23E928
Requests: 51 HTTP requests in this frame

Frame: https://scripts.mediamathrdrt.com/safeframe
Frame ID: 519DA68C4A17F689BFB8CC900FCD82C1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Invest in a wide range of financial derivatives with NordFX

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

51
Requests

92 %
HTTPS

85 %
IPv6

11
Domains

14
Subdomains

14
IPs

5
Countries

3382 kB
Transfer

5211 kB
Size

19
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://account.nordfx.com/?lang=en
Title: Login

Search URL Search Domain Scan URL

URL: https://nuode.info/promo/iwtb.html?lang=en
Title: 中文

Search URL Search Domain Scan URL

URL: https://indonesia-nordfx.com/promo/iwtb.html?lang=en
Title: Indonesian

Search URL Search Domain Scan URL

URL: https://es.nordfx.com/promo/iwtb.html?lang=en
Title: Español

Search URL Search Domain Scan URL

URL: https://pt.nordfx.com/promo/iwtb.html?lang=en
Title: Português

Search URL Search Domain Scan URL

URL: https://ae.nordfx.com/promo/iwtb.html?lang=en
Title: العربي

Search URL Search Domain Scan URL

URL: https://hi.nordfx.com/promo/iwtb.html?lang=en
Title: हिन्दी

Search URL Search Domain Scan URL

URL: https://persian-nordfx.com/promo/iwtb.html?lang=en
Title: فارسی

Search URL Search Domain Scan URL

URL: https://th.nordfx.com/promo/iwtb.html?lang=en
Title: ภาษาไทย

Search URL Search Domain Scan URL

URL: https://bn.nordfx.com/promo/iwtb.html?lang=en
Title: বাংলা Bāṇlā

Search URL Search Domain Scan URL

URL: https://lk.nordfx.com/promo/iwtb.html?lang=en
Title: සිංහල

Search URL Search Domain Scan URL

URL: https://nordvn.info/promo/iwtb.html?lang=en
Title: Tiếng Việt

Search URL Search Domain Scan URL

URL: https://ja.nordfx.com/promo/iwtb.html?lang=en
Title: 日本語

Search URL Search Domain Scan URL

URL: https://ua.nordfx.com/promo/iwtb.html?lang=en
Title: Українська

Search URL Search Domain Scan URL

URL: https://ta.nordfx.com/promo/iwtb.html?lang=en
Title: தமிழ்

Search URL Search Domain Scan URL

URL: https://nordfxvn-en.com/promo/iwtb.html?lang=en
Title: Tiếng Việt(En)

Search URL Search Domain Scan URL

URL: https://nordfxmalaysian.com/promo/iwtb.html?lang=en
Title: Melayu

Search URL Search Domain Scan URL

URL: https://account.nordfx.com/account/register_demo?lang=en
Title: Open a Demo Account

Search URL Search Domain Scan URL

URL: https://account.nordfx.com/account/register?lang=en
Title: Open a Real Account

Search URL Search Domain Scan URL

URL: https://nordfx.com/client-agreement.html
Title: Client Agreement

Search URL Search Domain Scan URL

URL: https://nordfx.com/privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://nordfx.com/do/support
Title: Customer Support

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://s.adroll.com/j/exp/RWL6YYFSSFF6DHIMKGV3ZG/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 45

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10101._2bWZ79_0LNr6cn_mNeD7zLw6yXupKOG4X-BkM-hbdgQGbEaWucuwwEhnLI30Jeo.fBtwrX7oJHZeBvUgLwgenacXKuM%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10101.cYtf0l4U6XBIfz7st9gKoM0o9ZrwXfwyaEadxM39dgDhzjmzj8eL6ip-m7DKfxinQYS_2GIMlzJrO_AtgYO5W4_yB-pFFjJqUPlURA7D6X4%2C.SWtTjhzGQP2jG_huhmvz3QyXtP4%2C

Request Chain 47

https://mc.yandex.com/watch/33133148?wmode=7&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aeygqx1x5sixaiiugyrqh3hb%3Afp%3A1667%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1093%3Acn%3A1%3Adp%3A0%3Als%3A1477166636557%3Ahid%3A263820351%3Az%3A120%3Ai%3A20230820101859%3Aet%3A1692519539%3Ac%3A1%3Arn%3A411692491%3Arqn%3A1%3Au%3A1692519539825989078%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A204%2C223%2C503%2C1%2C0%2C0%2C%2C844%2C0%2C%2C%2C%2C1777%3Aco%3A0%3Acpf%3A1%3Ans%3A1692519536893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1692519539%3At%3AInvest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP 302
https://mc.yandex.com/watch/33133148/1?wmode=7&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aeygqx1x5sixaiiugyrqh3hb%3Afp%3A1667%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1093%3Acn%3A1%3Adp%3A0%3Als%3A1477166636557%3Ahid%3A263820351%3Az%3A120%3Ai%3A20230820101859%3Aet%3A1692519539%3Ac%3A1%3Arn%3A411692491%3Arqn%3A1%3Au%3A1692519539825989078%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A204%2C223%2C503%2C1%2C0%2C0%2C%2C844%2C0%2C%2C%2C%2C1777%3Aco%3A0%3Acpf%3A1%3Ans%3A1692519536893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1692519539%3At%3AInvest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1

Request Chain 48

https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10101._9Ko0lSjFGln1NTPAoHRmuczlvQmqzMDqBooRErb5NXgBlswAHWVivzg5v8UDdCw.eZgr1e6rBZClG6h5LPUHFR1-wZM%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10101.dYvEkPjNDdjejl8tUMCl8n6CKftJ2ZPtc6PjBk91Mk7_2d_IPzLZy38w1inWD1CFTyGyN9BnfExjXKyh3hG3sobiwY95P1C-iF3jYXC6s8Y%2C.lX5i4LLNG55Q69IKR0BvaFO23W8%2C

51 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request iwtb.html Show response
promo-nordfx.com/promo/ 12 KB
4 KB 932ms
504ms Document
text/html 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

fbdfbb93781b5fb4992eb01053812e04d4d9edbed2ef86feb1af762bc45b1dd7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-cache, must-revalidate
content-encoding: br
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
content-type: text/html; charset=UTF-8
date: Sun, 20 Aug 2023 08:18:57 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat, 19 Aug 2023 20:18:57 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload max-age=15768000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: none
x-powered-cms: FDSTAR

GET
H2 200 app_invest.css
promo-nordfx.com/stpl/default/promo/iwtb/css/ 190 KB
28 KB 665ms
662ms Stylesheet
text/css 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/css/app_invest.css?ver=1.4

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

5ba973fe543cad47153b5d2aff55da0b98b642b19bf06be619e64bdc3f5df001

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 27346
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 first_screen_bg.png
promo-nordfx.com/stpl/default/promo/iwtb/img/ 276 KB
277 KB 334ms
331ms Image
image/png 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/first_screen_bg.png

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

7792c96a7a4643a29fc9ff8713db63c47a390a5ff9a24468f28dca3f839d0e0e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
content-encoding: gzip
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: W/"45060-62c55c15-6168f31f241fb6ec;;;"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 first_screen_bg.webp
promo-nordfx.com/stpl/default/promo/iwtb/img/ 723 KB
725 KB 774ms
773ms Image
image/webp 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/first_screen_bg.webp

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

c27d994cd06046a41f6092d226ab371247bc6ec05d1c2636debd1a00218691a9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 739958
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "b4a76-62c55c15-c9bc5c82bd0762b4;;;"
x-frame-options: DENY
content-type: image/webp
cache-control: public, max-age=604800
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Sun, 27 Aug 2023 08:18:58 GMT

GET
H2 200 Mont-Bold.woff2
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 44 KB
46 KB 669ms
666ms Font
font/woff2 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-Bold.woff2

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

141fa4004c0413987f1638c827f2faba62b54bd1f618796c49a5cf8f5ac7c4bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: "b144-62c55c15-f8282f5da18ac8eb;;;"
x-frame-options: DENY
content-type: font/woff2
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 45380

GET
H2 200 Mont-Bold.woff
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 63 KB
64 KB 222ms
219ms Font
application/font-woff 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-Bold.woff

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e3bb59a5d49ed3ee29c92ae13c4c4c390eb4ddcad55fb72f698742a600efb0c5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 64572
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "fc3c-62c55c15-fc17710cfb925bf0;;;"
x-frame-options: DENY
content-type: application/font-woff
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Mont-Heavy.woff2
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 46 KB
47 KB 669ms
666ms Font
font/woff2 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-Heavy.woff2

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

f59d60e6232576f751dc60eb2e660d4b8287464f130bd77b3b2eaba1a5671390

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: "b788-62c55c15-8464f22eb3aa0fcd;;;"
x-frame-options: DENY
content-type: font/woff2
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 46984

GET
H2 200 Mont-Heavy.woff
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 65 KB
66 KB 332ms
329ms Font
application/font-woff 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-Heavy.woff

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

860084fae53b928995b4809cbf63ffb08b9db77040fcb0762dcf7d1feef6c2d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 66256
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "102d0-62c55c15-2d6bbb69f1b92bd4;;;"
x-frame-options: DENY
content-type: application/font-woff
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Mont-SemiBold.woff2
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 45 KB
46 KB 664ms
662ms Font
font/woff2 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-SemiBold.woff2

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

ea0681c9068fb473d3606e012e76728eb44b2e04c276266894aeca5fc1934b52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: "b3dc-62c55c15-8d4a31a34f965a6c;;;"
x-frame-options: DENY
content-type: font/woff2
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 46044

GET
H2 200 Mont-SemiBold.woff
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 64 KB
65 KB 332ms
330ms Font
application/font-woff 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-SemiBold.woff

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

1d01cc3f8fafbed1582b3182c40eafa607fb6670a179f23116d8eed2e8907481

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 65064
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "fe28-62c55c15-f45093579a92ceb0;;;"
x-frame-options: DENY
content-type: application/font-woff
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Mont-Regular.woff2
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 45 KB
46 KB 669ms
667ms Font
font/woff2 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-Regular.woff2

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

e01372b13985c09f2a168382ad044312db914801a595b4306abd7d686b0cc64b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
etag: "b364-62c55c15-15188e7c7e421521;;;"
x-frame-options: DENY
content-type: font/woff2
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 45924

GET
H2 200 Mont-Regular.woff
promo-nordfx.com/stpl/default/promo/iwtb/fonts/ 64 KB
65 KB 332ms
330ms Font
application/font-woff 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/fonts/Mont-Regular.woff

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

29c81b198136bf8a929f52133314319cb6d8375a526da5c97197df1960ceebb3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Origin: https://promo-nordfx.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 65164
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "fe8c-62c55c15-1183394fafa0ee0f;;;"
x-frame-options: DENY
content-type: application/font-woff
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 trusted.png
promo-nordfx.com/stpl/default/promo/iwtb/img/ 2 KB
4 KB 333ms
332ms Image
image/png 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/trusted.png

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

1ccc4eadb474d963d37f3abcb5f984bfd8e425db81b07336785f3cb171bbd4d2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
content-encoding: gzip
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: W/"972-62c55c15-f154351e8ba2fefd;;;"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 flexible.png
promo-nordfx.com/stpl/default/promo/iwtb/img/ 2 KB
3 KB 334ms
333ms Image
image/png 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/flexible.png

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

50127a0f9a79294c486cb7aacf21c1bf10ee63ddd648aa686a56ec793843519d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
content-encoding: gzip
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: W/"82a-62c55c15-596f24e65d044dae;;;"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 support.png
promo-nordfx.com/stpl/default/promo/iwtb/img/ 2 KB
4 KB 334ms
333ms Image
image/png 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/support.png

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

c8d94b77e8f181bef2934d0867c93672023f05d49d63cd7e06b1f150b3ccd6a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
content-encoding: gzip
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: W/"920-62c55c15-cf9b97d663fc93bc;;;"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 award.png
promo-nordfx.com/stpl/default/promo/iwtb/img/ 2 KB
3 KB 335ms
333ms Image
image/png 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/award.png

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

ff7f82678cbbfe4af2f32a2e57dee25bd5eef3b73b5aaf7ac633c20a066ed2ad

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
content-encoding: gzip
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: W/"6c6-62c55c15-d27a0f5e4de0a5fe;;;"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.js Show response
promo-nordfx.com/stpl/default/promo/iwtb/js/ 1 MB
286 KB 333ms
332ms Script
application/x-javascript 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/js/app.js

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

ee14f6fbc6bcdccec8d37343478acafcfbd3dc24cd87ea838b52281c1f138680

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:57 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-permitted-cross-domain-policies: none
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 291698
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "11bca6-62c55c15-67a961187ad64641;br"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 246 KB
85 KB 90ms
42ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NF5PZF

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c40a966414e6be3c6e97d531f790af19b453ebdcc60ce49b1e3975ef0461c7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86337
x-xss-protection: 0
last-modified: Sun, 20 Aug 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 20 Aug 2023 08:18:58 GMT

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 902feb64d8b6d481ab8ddda06fbebbba4c95dfa9b7936a7beeb197266cd8b846

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 logo.png
promo-nordfx.com/stpl/default/promo/iwtb/img/ 8 KB
9 KB 111ms
110ms Image
image/png 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/logo.png

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

1d0024fffcee8f173034886f090ab04557130532c8dfef08e6b0036da2fecf29

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
content-encoding: gzip
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: W/"20c0-62c55c15-2dd75241d4dc1bfc;;;"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
cache-control: max-age=315360000
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 68ms
19ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF5PZF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 20 Aug 2023 07:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1755
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 20 Aug 2023 09:49:43 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 216 KB
74 KB 250ms
120ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

fd4c6ff2e56afccc04586f39418bb8f2d6003dee723968161440bc425a183758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Thu, 10 Aug 2023 13:02:56 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "64d4b5d0-127ae"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 75694
expires: Sun, 20 Aug 2023 09:18:58 GMT

GET
H2 200 utm.min.js Show response
cdn.nordfx.com/js/ 855 B
904 B 182ms
22ms Script
application/x-javascript 193.233.15.208
SAFEVALUE-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.nordfx.com/js/utm.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF5PZF
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.233.15.208 , Russian Federation, ASN42745 (SAFEVALUE-AS, SC),
Reverse DNS
Software: nginx /
Resource Hash: 5e5d9cfe7509c3c6d9ddee093a7d6fc837e67ef63c2d21a150a812e782431417

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: gzip
last-modified: Mon, 19 Feb 2018 12:37:32 GMT
server: nginx
etag: W/"357-5a8ac50c-ad534fabbde627e8;;;"
content-type: application/x-javascript
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
expires: Sun, 27 Aug 2023 07:15:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 195 KB
70 KB 36ms
36ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-995727287

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF5PZF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2c856214c421551ed494bbf442bdb5e64217a494fb52a6e32b1b5a39c7fc1cfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71909
x-xss-protection: 0
last-modified: Sun, 20 Aug 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 20 Aug 2023 08:18:58 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/RWL6YYFSSFF6DHIMKGV3ZG/ 91 KB
27 KB 89ms
35ms Script
text/javascript 2600:9000:20c3:8600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/RWL6YYFSSFF6DHIMKGV3ZG/roundtrip.js
Requested by: Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:8600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b9d56ae3ccf66187365be2310b941cc50af2ff1f924fd59337b586100632497

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

X-Amz-Version-Id: 5NDPluXtY1RrVC6B6EMVhDjCN2PEub6S
Content-Encoding: gzip
Via: 1.1 d0b8b50936db949f99b5544ecb5eda1c.cloudfront.net (CloudFront)
Date: Sun, 20 Aug 2023 07:52:34 GMT
Age: 1585
X-Amz-Cf-Pop: MUC50-C1
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Sat, 19 Aug 2023 12:15:55 GMT
Server: AmazonS3
Etag: W/"8b18f94f71fdbe6af10cc136813a1d79"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: fv0fvQqoetVXZQ8Nw04qdP81zwh1cqO7MEVsHn-b-UQE6h3La8V6uQ==

GET
H2 200 b_nordfx.js Show response
scripts.mediamathrdrt.com/scripts/ 805 B
827 B 200ms
147ms Script
text/javascript 2606:4700:3036::ac43:b429
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.mediamathrdrt.com/scripts/b_nordfx.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF5PZF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b429 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b89528e21d6f85cc11459c7b6ec733cb9f9775a351f6dda2597aa76eeca5b761

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
status: 200 OK
alt-svc: h3=":443"; ma=86400
x-request-id: fd7b9a36-1972-4482-950b-d3153d709f76
x-runtime: 0.007556
server: cloudflare
etag: W/"b89528e21d6f85cc11459c7b6ec733cb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJvllnQL%2BlT74TDSaAr4ZyQq6MzPKjendnB1OsVK5ReVTtRl1CKgNCSZurX2gmjIp9rjjM8VjwRH5FwSnQztXHu%2B8R3lN2TINYZmJFRie8g8Vh%2FMPcfLtRX9MoiHMhD48mr3X8MOSFD0nfMpXG3Kb2lUxC4K%2FE4R"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 7f99356d38821999-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 245 KB
84 KB 42ms
42ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-R6PLYM1PML&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NF5PZF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f074e0e5aea22feb23fd8b4857f98caf7fd998f1d8fd9cb48909fd7e278f2e9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86005
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 20 Aug 2023 08:18:58 GMT

GET
H2 200 map.webp
promo-nordfx.com/stpl/default/promo/iwtb/img/ 68 KB
70 KB 584ms
584ms Image
image/webp 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/map.webp

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

21309a5cb0cfa422c56bb1294130b0ae5bf93a4978cbf91627a5c79ac10fea52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 69830
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "110c6-62c55c15-efc24ce4676de6b;;;"
x-frame-options: DENY
content-type: image/webp
cache-control: public, max-age=604800
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Sun, 27 Aug 2023 08:18:59 GMT

GET
H2 200 form_bg.webp
promo-nordfx.com/stpl/default/promo/iwtb/img/ 1 MB
1 MB 576ms
576ms Image
image/webp 96.46.181.166
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://promo-nordfx.com/stpl/default/promo/iwtb/img/form_bg.webp

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.46.181.166 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx /

Resource Hash

03029d46ffc079f2650d914a10aab2a38c90a7e74999f90abe2b97159a1ee12e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=15768000
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
x-permitted-cross-domain-policies: none
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1095202
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 06 Jul 2022 09:55:33 GMT
server: nginx
etag: "10b622-62c55c15-bee054c975ed01cc;;;"
x-frame-options: DENY
content-type: image/webp
cache-control: public, max-age=604800
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(self), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), window-placement=(self), vertical-scroll=(self)
accept-ranges: bytes
expires: Sun, 27 Aug 2023 08:18:58 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
255 B 74ms
26ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-R6PLYM1PML&gtm=45je38g0&_p=976209917&_gaz=1&cid=1724657406.1692519539&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692519538&sct=1&seg=0&dl=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&dt=Invest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-R6PLYM1PML&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo-nordfx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 88ms
29ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-R6PLYM1PML&cid=1724657406.1692519539&gtm=45je38g0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-R6PLYM1PML&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo-nordfx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 96ms
47ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-R6PLYM1PML&cid=1724657406.1692519539&gtm=45je38g0&aip=1&z=1274875182

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
222 B 27ms
26ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=976209917&t=pageview&_s=1&dl=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&ul=en-us&de=UTF-8&dt=Invest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgAABAAAAAC~&jid=1228434525&gjid=74132784&cid=1724657406.1692519539&uid=123456789&tid=UA-19508124-1&_gid=1184730331.1692519539&_slc=1&gtm=45He38g0n71NF5PZF&z=1672273472

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

ecb4749bf15ff08f9d627d11ec347032a58a68c2b74c4cd4ae6a49150c4a84df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://promo-nordfx.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo-nordfx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 76ms
29ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-19508124-1&cid=1724657406.1692519539&jid=1228434525&uid=123456789&gjid=74132784&_gid=1184730331.1692519539&_u=YCDAgAABAAAAAG~&z=357783472

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://promo-nordfx.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 20 Aug 2023 08:18:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo-nordfx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/RWL6YYFSSFF6DHIMKGV3ZG/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

26ms
26ms

Script
application/javascript

2600:9000:20c3:8600:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google
Protocol: HTTP/1.1
Server: 2600:9000:20c3:8600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

X-Amz-Version-Id: e6mCeG7.PAM9gYrIJBIXJohubS3UVCEK
Date: Sat, 19 Aug 2023 14:48:10 GMT
Via: 1.1 d0b8b50936db949f99b5544ecb5eda1c.cloudfront.net (CloudFront)
Age: 98695
X-Amz-Cf-Pop: MUC50-C1
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Thu, 03 Aug 2023 18:30:18 GMT
Server: AmazonS3
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: JFqcJWbhki5ZehVdSbwa4sBzFBq_W1CI_3X5JpKXRLIpQbLg0dWceg==

Redirect headers

Date: Sun, 20 Aug 2023 06:53:24 GMT
Via: 1.1 d0b8b50936db949f99b5544ecb5eda1c.cloudfront.net (CloudFront)
Age: 5133
X-Amz-Cf-Pop: MUC50-C1
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 7jox1_k1qA37QZsauAp9w6DHsv8XqnTi9dXcYfzzKe0NxPjfl_syFg==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 231 KB
81 KB 38ms
38ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-L68KF108Z3&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1d2e2dc7d24fe71d4b93f7e96f257d9cfa8b9c22788f9a3710d4bb0b709dd719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82867
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 20 Aug 2023 08:18:58 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 92ms
44ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-19508124-1&cid=1724657406.1692519539&jid=1228434525&_u=YCDAgAABAAAAAG~&z=2040650192

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 44ms
44ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-19508124-1&cid=1724657406.1692519539&jid=1228434525&_u=YCDAgAABAAAAAG~&z=2040650192

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/995727287/ 3 KB
2 KB 86ms
38ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/995727287/?random=1692519538885&cv=11&fst=1692519538885&bg=ffffff&guid=ON&async=1&gtm=45be38g0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&hn=www.googleadservices.com&frm=0&tiba=Invest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&auid=2109651813.1692519539&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-995727287

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

282aa76ff733e5f9df029bcb71817d3b97d362368492e3dd6a5d9b3ecb4c4cbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1370
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 safeframe Show response
scripts.mediamathrdrt.com/ Frame 519D 4 KB
2 KB 132ms
132ms Document
text/html 2606:4700:3036::ac43:b429
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scripts.mediamathrdrt.com/safeframe

Requested by

Host: scripts.mediamathrdrt.com
URL: https://scripts.mediamathrdrt.com/scripts/b_nordfx.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::ac43:b429 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

963b33b968ee14442d917bb14b6c8155b4bfa633a6ce3d00e89ff9f05d630828

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo-nordfx.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 7f99356e29cf1999-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sun, 20 Aug 2023 08:18:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uQL1lt12S%2FWGjNNeEZnyOR1hwBYr7iUKOBHUAyhR7rYyPgx%2B1Wp%2FtvQhoGlNXelaKiy0Et9ncK6US3SkqYCmfCwm411S6OwRJx5cTMISiMJui2HVEPRgL2ihYTzO4rDQKWK%2BU0YO8WTqA%2BQP%2FHiSxR7jl5Nxlx8L"}],"group":"cf-nel","max_age":604800}
server: cloudflare
status: 200 OK
vary: Accept-Encoding
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-request-id: 70d27390-12e1-4914-94fe-2b99213cc043
x-runtime: 0.001789
x-xss-protection: 1; mode=block

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 28ms
27ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-L68KF108Z3&gtm=45je38g0&_p=976209917&_gaz=1&ul=en-us&sr=1600x1200&cid=1724657406.1692519539&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&dt=Invest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&uid=123456789&sid=1692519538&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L68KF108Z3&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo-nordfx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
54 B 30ms
29ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-L68KF108Z3&cid=1724657406.1692519539&gtm=45je38g0&aip=1&uid=123456789
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-L68KF108Z3&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://promo-nordfx.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 46ms
45ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-L68KF108Z3&cid=1724657406.1692519539&gtm=45je38g0&aip=1&uid=123456789&z=1831702186

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RWL6YYFSSFF6DHIMKGV3ZG Show response
d.adroll.com/consent/check/ 466 B
559 B 136ms
45ms Script
application/javascript 2a05:d018:cc3:fe05:887b:343b:6e24:6fce
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/RWL6YYFSSFF6DHIMKGV3ZG?pv=85021507752.16396&arrfrr=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&_s=974a5e8213f71b888a1da99a8267a644&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/RWL6YYFSSFF6DHIMKGV3ZG/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe05:887b:343b:6e24:6fce Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: aee23db24aefec1505dfcff3d6d7dffd8f0427a74368cbcf60c5eafcd29045b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:59 GMT
server: nginx/1.22.1
content-length: 466
content-type: application/javascript

GET
H2 200 /
www.google.com/pagead/1p-user-list/995727287/ 42 B
154 B 32ms
31ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/995727287/?random=1692519538885&cv=11&fst=1692518400000&bg=ffffff&guid=ON&async=1&gtm=45be38g0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&frm=0&tiba=Invest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2073000640&rmt_tld=0&ipr=y

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:59 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/995727287/ 42 B
64 B 33ms
32ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/995727287/?random=1692519538885&cv=11&fst=1692518400000&bg=ffffff&guid=ON&async=1&gtm=45be38g0&u_w=1600&u_h=1200&url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&frm=0&tiba=Invest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2073000640&rmt_tld=1&ipr=y

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:59 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10101._2bWZ79_0LNr6cn_mNeD7zLw6yXupKOG4X-BkM-hbdgQGbEaWucuwwEhnLI30Jeo.fBtwrX7oJHZeBvUgLwgenacXKuM%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10101.cYtf0l4U6XBIfz7st9gKoM0o9ZrwXfwyaEadxM39dgDhzjmzj8eL6ip-m7DKfxinQYS_2GIMlzJrO_AtgYO5W4_yB-pFFjJqUPlURA7D6X4%2C.SWtTjhzGQP2jG_huhmvz3QyXtP4%2C

43 B
67 B

60ms
60ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10101.cYtf0l4U6XBIfz7st9gKoM0o9ZrwXfwyaEadxM39dgDhzjmzj8eL6ip-m7DKfxinQYS_2GIMlzJrO_AtgYO5W4_yB-pFFjJqUPlURA7D6X4%2C.SWtTjhzGQP2jG_huhmvz3QyXtP4%2C

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10101.cYtf0l4U6XBIfz7st9gKoM0o9ZrwXfwyaEadxM39dgDhzjmzj8eL6ip-m7DKfxinQYS_2GIMlzJrO_AtgYO5W4_yB-pFFjJqUPlURA7D6X4%2C.SWtTjhzGQP2jG_huhmvz3QyXtP4%2C
date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
162 B 65ms
61ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 10 Aug 2023 13:02:56 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "64d4b5d0-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sun, 20 Aug 2023 09:18:59 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/33133148/
Redirect Chain

https://mc.yandex.com/watch/33133148?wmode=7&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aeygqx1x5sixaii...
https://mc.yandex.com/watch/33133148/1?wmode=7&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aeygqx1x5sixa...

454 B
757 B

66ms
65ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/33133148/1?wmode=7&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aeygqx1x5sixaiiugyrqh3hb%3Afp%3A1667%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1093%3Acn%3A1%3Adp%3A0%3Als%3A1477166636557%3Ahid%3A263820351%3Az%3A120%3Ai%3A20230820101859%3Aet%3A1692519539%3Ac%3A1%3Arn%3A411692491%3Arqn%3A1%3Au%3A1692519539825989078%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A204%2C223%2C503%2C1%2C0%2C0%2C%2C844%2C0%2C%2C%2C%2C1777%3Aco%3A0%3Acpf%3A1%3Ans%3A1692519536893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1692519539%3At%3AInvest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

5471f60de0c27659ea5ea61c2a25b8c5e20b0ce6f8bde2c05260aa384ca72e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Sun, 20-Aug-2023 08:18:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://promo-nordfx.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 454
x-xss-protection: 1; mode=block
expires: Sun, 20-Aug-2023 08:18:59 GMT

Redirect headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=31536000
last-modified: Sun, 20-Aug-2023 08:18:59 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/33133148/1?wmode=7&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3Aeygqx1x5sixaiiugyrqh3hb%3Afp%3A1667%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1093%3Acn%3A1%3Adp%3A0%3Als%3A1477166636557%3Ahid%3A263820351%3Az%3A120%3Ai%3A20230820101859%3Aet%3A1692519539%3Ac%3A1%3Arn%3A411692491%3Arqn%3A1%3Au%3A1692519539825989078%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A204%2C223%2C503%2C1%2C0%2C0%2C%2C844%2C0%2C%2C%2C%2C1777%3Aco%3A0%3Acpf%3A1%3Ans%3A1692519536893%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1692519539%3At%3AInvest%20in%20a%20wide%20range%20of%20financial%20derivatives%20with%20NordFX&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1
access-control-allow-origin: https://promo-nordfx.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Sun, 20-Aug-2023 08:18:59 GMT

GET
H2

200

sync_cookie_image_decide_secondary
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check_secondary
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10101._9Ko0lSjFGln1NTPAoHRmuczlvQmqzMDqBooRErb5NXgBlswAHWVivzg5v8UDdCw.eZgr1e6rBZClG6h5LPUHFR1-wZM%2C
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10101.dYvEkPjNDdjejl8tUMCl8n6CKftJ2ZPtc6PjBk91Mk7_2d_IPzLZy38w1inWD1CFTyGyN9BnfExjXKyh3hG3sobiwY95P1C-iF3jYXC6s8Y%2C.lX5i4LLNG55Q69IKR...

43 B
79 B

65ms
65ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10101.dYvEkPjNDdjejl8tUMCl8n6CKftJ2ZPtc6PjBk91Mk7_2d_IPzLZy38w1inWD1CFTyGyN9BnfExjXKyh3hG3sobiwY95P1C-iF3jYXC6s8Y%2C.lX5i4LLNG55Q69IKR0BvaFO23W8%2C

Requested by

Host: promo-nordfx.com
URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://promo-nordfx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10101.dYvEkPjNDdjejl8tUMCl8n6CKftJ2ZPtc6PjBk91Mk7_2d_IPzLZy38w1inWD1CFTyGyN9BnfExjXKyh3hG3sobiwY95P1C-iF3jYXC6s8Y%2C.lX5i4LLNG55Q69IKR0BvaFO23W8%2C
date: Sun, 20 Aug 2023 08:18:59 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

POST
H2 200 33133148
mc.yandex.com/webvisor/ 43 B
0 121ms
121ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/33133148?wv-part=1&wmode=0&wv-hit=263820351&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&rn=1025754913&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1692519542%3Aw%3A1600x1200%3Av%3A1093%3Az%3A120%3Ai%3A20230820101901%3Au%3A1692519539825989078%3Avf%3Aeygqx1x5sixaiiugyrqh3hb%3Ast%3A1692519542&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo-nordfx.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:19:02 GMT
strict-transport-security: max-age=31536000
last-modified: Sun, 20-Aug-2023 08:19:02 GMT
content-type: image/gif
access-control-allow-origin: https://promo-nordfx.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sun, 20-Aug-2023 08:19:02 GMT

POST
H2 200 33133148
mc.yandex.com/webvisor/ 43 B
0 66ms
64ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/33133148?wv-part=1&wmode=0&wv-hit=263820351&page-url=https%3A%2F%2Fpromo-nordfx.com%2Fpromo%2Fiwtb.html%3Futm_source%3Dgoogle&rn=682429817&wv-type=3&browser-info=we%3A1%3Aet%3A1692519542%3Aw%3A1600x1200%3Av%3A1093%3Az%3A120%3Ai%3A20230820101902%3Au%3A1692519539825989078%3Avf%3Aeygqx1x5sixaiiugyrqh3hb%3Ast%3A1692519542&t=gdpr(14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://promo-nordfx.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 20 Aug 2023 08:19:02 GMT
strict-transport-security: max-age=31536000
last-modified: Sun, 20-Aug-2023 08:19:02 GMT
content-type: image/gif
access-control-allow-origin: https://promo-nordfx.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Sun, 20-Aug-2023 08:19:02 GMT

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.promo-nordfx.com/	1970-01-20 23:44:39	Name: _ga_R6PLYM1PML Value: GS1.1.1692519538.1.0.1692519538.60.0.0
.promo-nordfx.com/	1970-01-20 23:44:39	Name: _ga Value: GA1.2.1724657406.1692519539
.promo-nordfx.com/	1970-01-20 14:10:05	Name: _gid Value: GA1.2.1184730331.1692519539
.promo-nordfx.com/	1970-01-20 14:08:39	Name: _dc_gtm_UA-19508124-1 Value: 1
.promo-nordfx.com/	1970-01-20 16:18:15	Name: _gcl_au Value: 1.1.2109651813.1692519539
.promo-nordfx.com/	1970-01-20 23:44:39	Name: _ga_L68KF108Z3 Value: GS1.2.1692519538.1.0.1692519538.60.0.0
.doubleclick.net/	1970-01-20 14:08:40	Name: test_cookie Value: CheckForPermission
.promo-nordfx.com/	1970-01-20 22:54:15	Name: _ym_uid Value: 1692519539825989078
.promo-nordfx.com/	1970-01-20 22:54:15	Name: _ym_d Value: 1692519539
.promo-nordfx.com/	1970-01-20 14:09:51	Name: _ym_isad Value: 2
.mc.yandex.com/	1970-01-20 14:08:40	Name: sync_cookie_csrf Value: 3021673919fake
.mc.yandex.ru/	1970-01-20 14:08:40	Name: sync_cookie_csrf Value: 593109479fake
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1447130081692519539
.yandex.com/	1970-01-20 23:44:39	Name: i Value: WFvj6ptptpNqe5vr0C+EelfrEsH4sPVAy7fBHc9HiJINe0jbVMO6ZXyNltw3hp7jt6DedR3jkCpdisw0fXe+0IQ+UZg=
.yandex.com/	1970-01-20 23:44:39	Name: yandexuid Value: 3482637911692519539
.yandex.com/	1970-01-20 22:54:15	Name: yuidss Value: 3482637911692519539
.yandex.com/	1970-01-20 22:54:15	Name: ymex Value: 1724055539.yrts.1692519539#1724055539.yrtsi.1692519539
.yandex.com/	1970-01-20 22:54:15	Name: bh Value: KgI/MA==
.promo-nordfx.com/	1970-01-20 14:08:41	Name: _ym_visorc Value: w

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'conversion-measurement'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'focus-without-user-activation'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'sync-script'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'trust-token-redemption'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vertical-scroll'.
javascript	warning	URL: https://promo-nordfx.com/promo/iwtb.html?utm_source=google Message: The resource https://promo-nordfx.com/stpl/default/promo/iwtb/img/first_screen_bg.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.nordfx.com
d.adroll.com
googleads.g.doubleclick.net
mc.yandex.com
mc.yandex.ru
promo-nordfx.com
region1.analytics.google.com
s.adroll.com
scripts.mediamathrdrt.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
193.233.15.208
2001:4860:4802:32::36
2600:9000:20c3:8600:6:9280:1080:93a1
2606:4700:3036::ac43:b429
2a00:1450:4001:806::2004
2a00:1450:4001:80f::2008
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200e
2a00:1450:400c:c0c::9d
2a02:6b8::1:119
2a05:d018:cc3:fe05:887b:343b:6e24:6fce
96.46.181.166
03029d46ffc079f2650d914a10aab2a38c90a7e74999f90abe2b97159a1ee12e
141fa4004c0413987f1638c827f2faba62b54bd1f618796c49a5cf8f5ac7c4bd
1ccc4eadb474d963d37f3abcb5f984bfd8e425db81b07336785f3cb171bbd4d2
1d0024fffcee8f173034886f090ab04557130532c8dfef08e6b0036da2fecf29
1d01cc3f8fafbed1582b3182c40eafa607fb6670a179f23116d8eed2e8907481
1d2e2dc7d24fe71d4b93f7e96f257d9cfa8b9c22788f9a3710d4bb0b709dd719
21309a5cb0cfa422c56bb1294130b0ae5bf93a4978cbf91627a5c79ac10fea52
282aa76ff733e5f9df029bcb71817d3b97d362368492e3dd6a5d9b3ecb4c4cbd
29c81b198136bf8a929f52133314319cb6d8375a526da5c97197df1960ceebb3
2c856214c421551ed494bbf442bdb5e64217a494fb52a6e32b1b5a39c7fc1cfb
50127a0f9a79294c486cb7aacf21c1bf10ee63ddd648aa686a56ec793843519d
5471f60de0c27659ea5ea61c2a25b8c5e20b0ce6f8bde2c05260aa384ca72e8b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5ba973fe543cad47153b5d2aff55da0b98b642b19bf06be619e64bdc3f5df001
5e5d9cfe7509c3c6d9ddee093a7d6fc837e67ef63c2d21a150a812e782431417
7792c96a7a4643a29fc9ff8713db63c47a390a5ff9a24468f28dca3f839d0e0e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
860084fae53b928995b4809cbf63ffb08b9db77040fcb0762dcf7d1feef6c2d1
8b9d56ae3ccf66187365be2310b941cc50af2ff1f924fd59337b586100632497
902feb64d8b6d481ab8ddda06fbebbba4c95dfa9b7936a7beeb197266cd8b846
963b33b968ee14442d917bb14b6c8155b4bfa633a6ce3d00e89ff9f05d630828
aee23db24aefec1505dfcff3d6d7dffd8f0427a74368cbcf60c5eafcd29045b8
b89528e21d6f85cc11459c7b6ec733cb9f9775a351f6dda2597aa76eeca5b761
c27d994cd06046a41f6092d226ab371247bc6ec05d1c2636debd1a00218691a9
c40a966414e6be3c6e97d531f790af19b453ebdcc60ce49b1e3975ef0461c7f1
c8d94b77e8f181bef2934d0867c93672023f05d49d63cd7e06b1f150b3ccd6a1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e01372b13985c09f2a168382ad044312db914801a595b4306abd7d686b0cc64b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3bb59a5d49ed3ee29c92ae13c4c4c390eb4ddcad55fb72f698742a600efb0c5
ea0681c9068fb473d3606e012e76728eb44b2e04c276266894aeca5fc1934b52
ecb4749bf15ff08f9d627d11ec347032a58a68c2b74c4cd4ae6a49150c4a84df
ee14f6fbc6bcdccec8d37343478acafcfbd3dc24cd87ea838b52281c1f138680
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f074e0e5aea22feb23fd8b4857f98caf7fd998f1d8fd9cb48909fd7e278f2e9c
f59d60e6232576f751dc60eb2e660d4b8287464f130bd77b3b2eaba1a5671390
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
fbdfbb93781b5fb4992eb01053812e04d4d9edbed2ef86feb1af762bc45b1dd7
fd4c6ff2e56afccc04586f39418bb8f2d6003dee723968161440bc425a183758
ff7f82678cbbfe4af2f32a2e57dee25bd5eef3b73b5aaf7ac633c20a066ed2ad

promo-nordfx.com Open in urlscan Pro 96.46.181.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

51 Requests

92 %HTTPS

85 %IPv6

11 Domains

14 Subdomains

14 IPs

5 Countries

3382 kBTransfer

5211 kBSize

19 Cookies

22 Outgoing links

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

promo-nordfx.com Open in urlscan Pro
96.46.181.166 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

92 %
HTTPS

85 %
IPv6

11
Domains

14
Subdomains

14
IPs

5
Countries

3382 kB
Transfer

5211 kB
Size

19
Cookies

51 HTTP transactions
1 data transactions