urlscan.io logo urlscan.io
SecurityTrails logo

fxhomeonline.com Open in urlscan Pro
144.76.15.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://f00.it/HSxFr
Effective URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%...
Submission: On January 16 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 38 IPs in 8 countries across 35 domains to perform 71 HTTP transactions. The main IP is 144.76.15.13, located in Germany and belongs to HETZNER-AS, DE. The main domain is fxhomeonline.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 14th 2021. Valid for: 3 months.
This is the only time fxhomeonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 178.255.74.134 20746 (ASN-IDC T...)
2 144.76.15.13 24940 (HETZNER-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:2638::3 44788 (ASN-CRITE...)
19 178.255.74.106 20746 (ASN-IDC T...)
3 178.255.74.102 20746 (ASN-IDC T...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 178.250.2.146 44788 (ASN-CRITE...)
2 2a00:1450:400... 15169 (GOOGLE)
3 178.250.0.163 44788 (ASN-CRITE...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2 142.250.74.194 15169 (GOOGLE)
1 64.202.112.31 23352 (SERVERCEN...)
1 69.173.144.139 26667 (RUBICONPR...)
1 185.86.138.142 201081 (SMARTADSE...)
3 4 37.252.173.27 29990 (ASN-APPNEX)
2 2a00:1288:80:... 203220 (YAHOO-DEB)
1 4 3.126.56.137 16509 (AMAZON-02)
1 2 3.251.21.8 16509 (AMAZON-02)
1 185.64.190.80 62713 (AS-PUBMATIC)
1 2 72.247.225.98 16625 (AKAMAI-AS)
1 141.226.228.48 200478 (TABOOLA-AS)
1 37.157.2.234 198622 (ADFORM)
1 104.111.242.245 16625 (AKAMAI-AS)
1 2 13.248.245.213 16509 (AMAZON-02)
1 2 3.124.83.68 16509 (AMAZON-02)
1 104.107.160.24 16625 (AKAMAI-AS)
1 35.157.27.23 16509 (AMAZON-02)
1 185.255.84.152 200271 (IGUANE-)
1 1 23.59.71.246 16625 (AKAMAI-AS)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
3 3 3.67.159.101 16509 (AMAZON-02)
1 35.186.243.160 15169 (GOOGLE)
1 34.98.64.218 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
2 2 54.234.50.35 14618 (AMAZON-AES)
1 2600:1f18:444... 14618 (AMAZON-AES)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 212.82.100.181 34010 (YAHOO-IRD)
1 2a00:1450:400... 15169 (GOOGLE)
71 38
1    178.255.74.134 (Italy)

ASN20746 (ASN-IDC T.NO.OM.I.NC, IT)
PTR: albarettodellatorre.espotter.net
f00.it
2    144.76.15.13 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: server23.dominiok.net
fxhomeonline.com
1    2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
19    178.255.74.106 (Italy)

ASN20746 (ASN-IDC T.NO.OM.I.NC, IT)
PTR: pettenasco.espotter.net
ws106.aimage.it
3    178.255.74.102 (Italy)

ASN20746 (ASN-IDC T.NO.OM.I.NC, IT)
PTR: oleggiocastello.espotter.net
espotter.org
2    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
5    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
2    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
sslwidget.criteo.com
dis.criteo.com
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net
cm.g.doubleclick.net
1    64.202.112.31 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
sync.outbrain.com
1    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
1    185.86.138.142 (France)

ASN201081 (SMARTADSERVER, FR)
rtb-csync.smartadserver.com
4    37.252.173.27 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
2    2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
ads.yahoo.com
4    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    3.251.21.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-251-21-8.eu-west-1.compute.amazonaws.com
ad.360yield.com
1    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
2    72.247.225.98 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com
r.casalemedia.com
1    141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)
sync-t1.taboola.com
1    37.157.2.234 (Denmark)

ASN198622 (ADFORM, DK)
cm.adform.net
1    104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com
criteo-sync.teads.tv
2    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
2    3.124.83.68 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-83-68.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    104.107.160.24 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-107-160-24.deploy.static.akamaitechnologies.com
contextual.media.net
1    35.157.27.23 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-27-23.eu-central-1.compute.amazonaws.com
match.sharethrough.com
1    185.255.84.152 (Paris, France)

ASN200271 (IGUANE-, FR)
visitor.omnitagjs.com
1    23.59.71.246 (Munich, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-59-71-246.deploy.static.akamaitechnologies.com
ads.stickyadstv.com
1    2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
cdn.stickyadstv.com
3    3.67.159.101 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-159-101.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    35.186.243.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.243.186.35.bc.googleusercontent.com
matching.ivitrack.com
1    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
us-u.openx.net
1    2600:9000:2156:4a00:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
2    54.234.50.35 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-234-50-35.compute-1.amazonaws.com
i.liadm.com
1    2600:1f18:444a:4680:5b76:7408:bdd4:1592 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
i6.liadm.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com
sp.analytics.yahoo.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
19 aimage.it
ws106.aimage.it
282 KB
8 yahoo.com
ads.yahoo.com — Cisco Umbrella Rank: 722
ups.analytics.yahoo.com — Cisco Umbrella Rank: 249
sp.analytics.yahoo.com — Cisco Umbrella Rank: 740
2 KB
6 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 339
mug.criteo.com — Cisco Umbrella Rank: 3226
sslwidget.criteo.com — Cisco Umbrella Rank: 1574
dis.criteo.com — Cisco Umbrella Rank: 574
14 KB
5 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 202
78 KB
4 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 351
4 KB
3 liadm.com
i.liadm.com — Cisco Umbrella Rank: 458
i6.liadm.com — Cisco Umbrella Rank: 1305
2 KB
3 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 293
1 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 37
ajax.googleapis.com — Cisco Umbrella Rank: 258
34 KB
3 espotter.org
espotter.org
9 KB
2 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 601
cdn.stickyadstv.com — Cisco Umbrella Rank: 2380
1 KB
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 254
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 355
736 B
2 casalemedia.com
r.casalemedia.com — Cisco Umbrella Rank: 1774
2 KB
2 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 620
853 B
2 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 169
706 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 33
20 KB
2 fxhomeonline.com
fxhomeonline.com
1 KB
1 gstatic.com
fonts.gstatic.com
16 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 239
590 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 671
240 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 316
274 B
1 ivitrack.com
matching.ivitrack.com — Cisco Umbrella Rank: 7286
242 B
1 omnitagjs.com
visitor.omnitagjs.com — Cisco Umbrella Rank: 1482
236 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 555
263 B
1 media.net
contextual.media.net — Cisco Umbrella Rank: 461
785 B
1 teads.tv
criteo-sync.teads.tv — Cisco Umbrella Rank: 1653
172 B
1 adform.net
cm.adform.net — Cisco Umbrella Rank: 1465
163 B
1 taboola.com
sync-t1.taboola.com — Cisco Umbrella Rank: 1063
231 B
1 pubmatic.com
simage2.pubmatic.com — Cisco Umbrella Rank: 481
341 B
1 smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 532
163 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 270
239 B
1 outbrain.com
sync.outbrain.com — Cisco Umbrella Rank: 695
476 B
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 587
13 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 398
25 KB
1 f00.it
f00.it
514 B
71 35
Domain Requested by
19 ws106.aimage.it fxhomeonline.com
ws106.aimage.it
ajax.googleapis.com
5 cdnjs.cloudflare.com ws106.aimage.it
4 ups.analytics.yahoo.com 1 redirects
4 secure.adnxs.com 3 redirects
3 pixel.advertising.com 3 redirects
3 espotter.org fxhomeonline.com
espotter.org
2 sp.analytics.yahoo.com
2 i.liadm.com 2 redirects
2 x.bidswitch.net 1 redirects
2 eb2.3lift.com 1 redirects
2 r.casalemedia.com 1 redirects
2 ad.360yield.com 1 redirects
2 ads.yahoo.com
2 dis.criteo.com
2 cm.g.doubleclick.net 2 redirects
2 fonts.googleapis.com ws106.aimage.it
2 gum.criteo.com 1 redirects static.criteo.net
2 www.google-analytics.com fxhomeonline.com
www.google-analytics.com
2 fxhomeonline.com fxhomeonline.com
1 fonts.gstatic.com fonts.googleapis.com
1 c.bing.com
1 i6.liadm.com
1 s.ad.smaato.net
1 us-u.openx.net
1 matching.ivitrack.com
1 cdn.stickyadstv.com
1 ads.stickyadstv.com 1 redirects
1 visitor.omnitagjs.com
1 match.sharethrough.com
1 contextual.media.net
1 criteo-sync.teads.tv
1 cm.adform.net
1 sync-t1.taboola.com
1 simage2.pubmatic.com
1 rtb-csync.smartadserver.com
1 pixel.rubiconproject.com
1 sync.outbrain.com
1 ajax.googleapis.com ws106.aimage.it
1 sslwidget.criteo.com static.criteo.net
1 mug.criteo.com fxhomeonline.com
1 static.criteo.net fxhomeonline.com
1 cdn.jsdelivr.net fxhomeonline.com
1 f00.it 1 redirects
71 43

This site contains no links.

Subject Issuer Validity Valid
fxhomeonline.com
cPanel, Inc. Certification Authority		 2021-11-14 -
2022-02-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-12-01 -
2022-02-24		 3 months crt.sh
ws106.aimage.it
R3		 2021-12-15 -
2022-03-15		 3 months crt.sh
espotter.org
R3		 2021-12-15 -
2022-03-15		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-12-01 -
2022-02-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh
*.outbrain.com
Thawte RSA CA 2018		 2021-10-24 -
2022-11-24		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA		 2020-01-30 -
2022-02-03		 2 years crt.sh
ui.aps.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-01-07 -
2022-02-23		 2 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
*.taboola.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-11-28 -
2022-12-29		 a year crt.sh
*.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-28 -
2022-06-15		 a year crt.sh
teads.tv
R3		 2022-01-03 -
2022-04-03		 3 months crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2021-04-12 -
2022-04-20		 a year crt.sh
*.sharethrough.com
Amazon		 2021-08-13 -
2022-09-11		 a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-24 -
2022-06-23		 a year crt.sh
itm.ivitrack.com
R3		 2021-12-16 -
2022-03-16		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
s.ad.smaato.net
Amazon		 2021-09-21 -
2022-10-20		 a year crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-12-22 -
2022-06-22		 6 months crt.sh
real.sp.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-19 -
2022-04-13		 6 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-12-08 -
2022-03-02		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Frame ID: 7F2B049986CB7496DA081B61F6421CB4
Requests: 16 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=fxhomeonline.com&origin=onetag
Frame ID: 510B614273387716B67ECE517F9AFFB2
Requests: 2 HTTP requests in this frame

Frame: https://ws106.aimage.it:8000/?wid=8EvgGI9mmdTYH2DhnlZ0&template=aichat
Frame ID: 4321D7E47A76C48DAD3B03011966114D
Requests: 17 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Frame ID: C690A4B989FEFAD0938C9480DB03300F
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Metodo di Guadagno Online

Page URL History Show full URLs

  1. http://f00.it/HSxFr HTTP 302
    https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=h... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • socket\.io.*\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //static\.criteo\.net/js/ld/ld\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • sweetalert2(?:\.all)?(?:\.min)?\.js
  • limonte-sweetalert2/([\d.]+)/sweetalert2(?:\.all)(?:\.min)\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

71
Requests

80 %
HTTPS

31 %
IPv6

35
Domains

43
Subdomains

38
IPs

8
Countries

502 kB
Transfer

1012 kB
Size

40
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://f00.it/HSxFr HTTP 302
    https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://gum.criteo.com/sid/json?origin=onetag&domain=fxhomeonline.com&sn=ChromeSyncframe&so=0&topUrl=fxhomeonline.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=G2Ou8nwrbWo0NStuS2VlK04yWjZ1NmJLS1ZyZ0g5N0JTYTE3S09CQk5IQmRJaEJ6b3FtMEI3TEpHZ3cwNDkvdi9lVVNxQjJ4a0NTSzZzamdDWForbWRDVWJ1ZzJLQ0s2THVoZktnSTcrZ2o0Ry9FWEJ5dnE4R0tnazNSb1hYRm9pUmNWRDRJd1F3c2dVcVBjdVpmcStFTVJUUW1uYVdna3huOVRWbnY4bWQ2OTFSZ0tMUjNsb2d1bzBmcTJ1eE1CVm5iSGxXWlNsSkZsV1Uwa05zRGNZQUdwQjRPR0J4eCtqb21nMU1WdlNCckg2SG1nR1lYTllIemZxSkUvWm9qY1BNTWhORmZsM0gwRHFaY2UzYjVEWlIrbURTUT09fA&cppv=2
Request Chain 27
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1IM3RKOUwxQVpmWFd6UkJrOW56bkRKaE9RRUdwMVI1OVNTNXBRZw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay1IM3RKOUwxQVpmWFd6UkJrOW56bkRKaE9RRUdwMVI1OVNTNXBRZw&google_tc= HTTP 302
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Request Chain 31
  • https://secure.adnxs.com/setuid?entity=52&code=k-H_FQc71AZfXWzRBk9nznDJhOQEHThHinTvq85w&seg=130915 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-H_FQc71AZfXWzRBk9nznDJhOQEHThHinTvq85w%26seg%3D130915
Request Chain 33
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k--F5p-71AZfXWzRBk9nznDJhOQEHXLngka5ir-w HTTP 302
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k--F5p-71AZfXWzRBk9nznDJhOQEHXLngka5ir-w&verify=true
Request Chain 34
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-S3c-Ur1AZfXWzRBk9nznDJhOQEHFkDmoSd2E0w HTTP 302
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-S3c-Ur1AZfXWzRBk9nznDJhOQEHFkDmoSd2E0w
Request Chain 36
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-8tN-Kr1AZfXWzRBk9nznDJhOQEGEmMdrcZMeFg HTTP 302
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-8tN-Kr1AZfXWzRBk9nznDJhOQEGEmMdrcZMeFg&C=1
Request Chain 40
  • https://eb2.3lift.com/xuid?mid=2711&xuid=k-2AZSX71AZfXWzRBk9nznDJhOQEF9edxo_AJOyg&dongle=013b HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-2AZSX71AZfXWzRBk9nznDJhOQEF9edxo_AJOyg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Request Chain 41
  • https://x.bidswitch.net/sync?dsp_id=46&user_id=k-m7Mitr1AZfXWzRBk9nznDJhOQEEryvWGIFJOHw&expires=30 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-m7Mitr1AZfXWzRBk9nznDJhOQEEryvWGIFJOHw&expires=30
Request Chain 45
  • https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-KIgTsL1AZfXWzRBk9nznDJhOQEF9xv-ADRlUmg&redirectId=69 HTTP 302
  • https://cdn.stickyadstv.com/one-shot/empty.gif
Request Chain 46
  • https://pixel.advertising.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1 HTTP 302
  • https://pixel.advertising.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0
Request Chain 50
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ HTTP 303
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ&_li_chk=true&previous_uuid=d4d16c45e35a4041a94e9a5633a59b00 HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ
Request Chain 56
  • https://secure.adnxs.com/seg?add=130915&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2949048862102104078
Request Chain 64
  • https://pixel.advertising.com/ups/55945/sync?uid=k-1Z5K6r1AZfXWzRBk9nznDJhOQEFafKDxSBo7Uw&_origin=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-1Z5K6r1AZfXWzRBk9nznDJhOQEFafKDxSBo7Uw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0

71 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
fxhomeonline.com/cb/
Redirect Chain
  • http://f00.it/HSxFr
  • https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.15.13 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
server23.dominiok.net
Software
Apache /
Resource Hash
fb2b9378b8b3b5d05f353e4e725309d2eae8046e750eccb0575ea9e096e4a8ba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
it-IT,it;q=0.9

Response headers

vary
Accept-Encoding
content-encoding
gzip
content-length
1231
content-type
text/html; charset=UTF-8
date
Sun, 16 Jan 2022 19:46:40 GMT
server
Apache

Redirect headers

Date
Sun, 16 Jan 2022 19:46:34 GMT
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.2u DAV/2 PHP/5.4.13
X-Powered-By
PHP/5.4.13
Location
https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
P3P
policyref="http://f00.it/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa OUR NOR UNI COM NAV INT"
Content-Length
0
Keep-Alive
timeout=2
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/ 		158 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
Requested by
Host: fxhomeonline.com
URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://fxhomeonline.com/
Origin
https://fxhomeonline.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
7167587
x-jsd-version
4.6.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19161-FRA, cache-mxp6927-MXP
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6ce9d9ed086383a6-MXP
style.css
fxhomeonline.com/cb/css/ 		341 B
207 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fxhomeonline.com/cb/css/style.css
Requested by
Host: fxhomeonline.com
URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.15.13 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
server23.dominiok.net
Software
Apache /
Resource Hash
c50311b2394644b6565bd5393d56864c7619e81accb9d7eb81e9fdb312633006

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:40 GMT
content-encoding
gzip
last-modified
Mon, 19 Apr 2021 16:29:03 GMT
server
Apache
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
141
ld.js
static.criteo.net/js/ld/ 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/ld.js
Requested by
Host: fxhomeonline.com
URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:41 GMT
content-encoding
gzip
last-modified
Tue, 14 Dec 2021 12:51:58 GMT
server
nginx
etag
W/"61b8936e-9faf"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 17 Jan 2022 19:46:41 GMT
carrier.js
ws106.aimage.it/public/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:3000/public/carrier.js?q=123&t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Requested by
Host: fxhomeonline.com
URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
3abc509fefbe46858de5cd0687281f4856dc2ad79f455ab1d29335cfc08fc8b7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:40 GMT
ETag
W/"2805-17c07b2d7d4"
Last-Modified
Tue, 21 Sep 2021 09:32:13 GMT
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10245
px.js
espotter.org/Px/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://espotter.org/Px/js/px.js
Requested by
Host: fxhomeonline.com
URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
178.255.74.102 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
oleggiocastello.espotter.net
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.2u DAV/2 PHP/5.4.13 /
Resource Hash
354513eab4159b48e6801940c765c82519a5dfc32549f61d68fa1c53fea92360

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:41 GMT
Last-Modified
Tue, 04 Feb 2020 10:43:56 GMT
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.2u DAV/2 PHP/5.4.13
ETag
"a4c2c73-1f04-59dbdb77a7930"
P3P
policyref="http://www.espotter.org/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa OUR NOR UNI COM NAV INT"
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Type
application/javascript
Keep-Alive
timeout=2
Content-Length
7940
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: fxhomeonline.com
URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
707
date
Sun, 16 Jan 2022 19:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 16 Jan 2022 21:34:54 GMT
carrier
ws106.aimage.it/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/v1/carrier
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://fxhomeonline.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
content-type
content-length
0
Date
Sun, 16 Jan 2022 19:46:41 GMT
Connection
keep-alive
carrier
ws106.aimage.it/v1/ 		9 KB
9 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/v1/carrier
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/carrier.js?q=123&t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ PHP 5.3.0
Resource Hash
a749642f801b2dfd677c15b4a2fec05cfdca4fd0d1c8a1d8aec8d4295d27b52c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://fxhomeonline.com/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/json

Response headers

Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
X-Powered-By
PHP 5.3.0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
Date
Sun, 16 Jan 2022 19:46:41 GMT
Connection
keep-alive
X-DNS-Prefetch-Control
off
content-length
8882
X-XSS-Protection
1; mode=block
visita.json
espotter.org/Px/ 		31 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://espotter.org/Px/visita.json
Requested by
Host: espotter.org
URL: https://espotter.org/Px/js/px.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
178.255.74.102 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
oleggiocastello.espotter.net
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.2u DAV/2 PHP/5.4.13 / PHP/5.4.13
Resource Hash
6d226b1a0f6101748320bb13b45c818868d9cc4dec9c48ce34e239148cb9b184

Request headers

Accept
application/json;q=0.9,*/*
Referer
https://fxhomeonline.com/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type
application/json

Response headers

Date
Sun, 16 Jan 2022 19:46:41 GMT
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.2u DAV/2 PHP/5.4.13
Access-Control-Allow-Headers
*
X-Powered-By
PHP/5.4.13
P3P
policyref="http://www.espotter.org/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa OUR NOR UNI COM NAV INT"
Access-Control-Allow-Origin
https://fxhomeonline.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json; charset=UTF-8
Keep-Alive
timeout=2
Content-Length
31
Access-Control-Allow-Method
POST
visita.json
espotter.org/Px/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://espotter.org/Px/visita.json
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
178.255.74.102 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
oleggiocastello.espotter.net
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.2u DAV/2 PHP/5.4.13 / PHP/5.4.13
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://fxhomeonline.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Date
Sun, 16 Jan 2022 19:46:41 GMT
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.2u DAV/2 PHP/5.4.13
X-Powered-By
PHP/5.4.13
Access-Control-Allow-Origin
https://fxhomeonline.com
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Method
POST
P3P
policyref="http://www.espotter.org/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa OUR NOR UNI COM NAV INT"
Content-Length
31
Keep-Alive
timeout=2
Connection
Keep-Alive
Content-Type
application/json; charset=UTF-8
syncframe
gum.criteo.com/ Frame 510B 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?topUrl=fxhomeonline.com&origin=onetag
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
133be2ab152b1c9f408e9a597430361539cf3b8255a0a92f8a8a8a885e079702
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
2235
date
Sun, 16 Jan 2022 19:46:41 GMT
content-length
4161
strict-transport-security
max-age=31536000; preload;
collect
www.google-analytics.com/j/ 		2 B
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=840994611&t=pageview&_s=1&dl=https%3A%2F%2Ffxhomeonline.com%2Fcb%2F%3Ft%3Dsms6%26telefono%3D3483044656%26nome%3DPaolo%26cognome%3DTirabassi%26email%3D%26privacy%3Dhttps%253A%252F%252Fbit.ly%252Fe7_privacy&ul=en-us&de=UTF-8&dt=Metodo%20di%20Guadagno%20Online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=777940178&gjid=1743940342&cid=1413601510.1642362401&tid=UA-89264344-1&_gid=2140052450.1642362401&_r=1&_slc=1&z=1075527252
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://fxhomeonline.com/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://fxhomeonline.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
device
ws106.aimage.it/v1/carrier/ 		12 B
432 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/v1/carrier/device
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/carrier.js?q=123&t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ PHP 5.3.0
Resource Hash
8ce6c823da2b2ac9f074649e1ed78b24a91acb5795f02e4081f1f91243c2d0c6
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://fxhomeonline.com/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/json

Response headers

Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
X-Powered-By
PHP 5.3.0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
Date
Sun, 16 Jan 2022 19:46:41 GMT
Connection
keep-alive
X-DNS-Prefetch-Control
off
content-length
12
X-XSS-Protection
1; mode=block
device
ws106.aimage.it/v1/carrier/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/v1/carrier/device
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://fxhomeonline.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
content-type
content-length
0
Date
Sun, 16 Jan 2022 19:46:41 GMT
Connection
keep-alive
bluebird.min.js
cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.0/ 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.0/bluebird.min.js
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/carrier.js?q=123&t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
018bbef55fcc5eb93ec213cfe2476924f1c662a29938cb5cc08fa55996e9324f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3864364
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
20760
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:06:35 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d8b-1406b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XcI8jqJSHHg9CEmS2V8Ht39GBEDPiyCrc9q5ls878TS8RMqZJ4HzOYReg%2BvUmW45OTs1OSvwZyckq0WJTVMilYXo4TxeFbva4%2FaaSJGekHTwxClwwcvBWFpsI8dNQj9Re866rQzJuPNIU%2FaoNVjYUCLo"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ce9d9f19ca459ef-MXP
expires
Fri, 06 Jan 2023 19:46:41 GMT
sid
mug.criteo.com/ Frame 510B
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=onetag&domain=fxhomeonline.com&sn=ChromeSyncframe&so=0&topUrl=fxhomeonline.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=G2Ou8nwrbWo0NStuS2VlK04yWjZ1NmJLS1ZyZ0g5N0JTYTE3S09CQk5IQmRJaEJ6b3FtMEI3TEpHZ3cwNDkvdi9lVVNxQjJ4a0NTSzZzamdDWForbWRDVWJ1ZzJLQ0s2THVoZktnSTcrZ2o0Ry9FWEJ5dnE4R0tnazNSb1...
433 B
635 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=G2Ou8nwrbWo0NStuS2VlK04yWjZ1NmJLS1ZyZ0g5N0JTYTE3S09CQk5IQmRJaEJ6b3FtMEI3TEpHZ3cwNDkvdi9lVVNxQjJ4a0NTSzZzamdDWForbWRDVWJ1ZzJLQ0s2THVoZktnSTcrZ2o0Ry9FWEJ5dnE4R0tnazNSb1hYRm9pUmNWRDRJd1F3c2dVcVBjdVpmcStFTVJUUW1uYVdna3huOVRWbnY4bWQ2OTFSZ0tMUjNsb2d1bzBmcTJ1eE1CVm5iSGxXWlNsSkZsV1Uwa05zRGNZQUdwQjRPR0J4eCtqb21nMU1WdlNCckg2SG1nR1lYTllIemZxSkUvWm9qY1BNTWhORmZsM0gwRHFaY2UzYjVEWlIrbURTUT09fA&cppv=2
Requested by
Host: fxhomeonline.com
URL: https://fxhomeonline.com/cb/?t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
afa83d7a2472182d887468617755fbcf5e9a4d9b4d911774106c44147230675f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:41 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3769
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:40 GMT
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=G2Ou8nwrbWo0NStuS2VlK04yWjZ1NmJLS1ZyZ0g5N0JTYTE3S09CQk5IQmRJaEJ6b3FtMEI3TEpHZ3cwNDkvdi9lVVNxQjJ4a0NTSzZzamdDWForbWRDVWJ1ZzJLQ0s2THVoZktnSTcrZ2o0Ry9FWEJ5dnE4R0tnazNSb1hYRm9pUmNWRDRJd1F3c2dVcVBjdVpmcStFTVJUUW1uYVdna3huOVRWbnY4bWQ2OTFSZ0tMUjNsb2d1bzBmcTJ1eE1CVm5iSGxXWlNsSkZsV1Uwa05zRGNZQUdwQjRPR0J4eCtqb21nMU1WdlNCckg2SG1nR1lYTllIemZxSkUvWm9qY1BNTWhORmZsM0gwRHFaY2UzYjVEWlIrbURTUT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1878
content-length
541
expires
0
forex_it_643.js
ws106.aimage.it/public/aichat/js/ 		17 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:3000/public/aichat/js/forex_it_643.js
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/carrier.js?q=123&t=sms6&telefono=3483044656&nome=Paolo&cognome=Tirabassi&email=&privacy=https%3A%2F%2Fbit.ly%2Fe7_privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
5725ecfcd0aff94a2a0b6ba43fe4754726e2c187970941fe8bf9147c98162518

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:41 GMT
ETag
W/"43b9-17de7f48489"
Last-Modified
Thu, 23 Dec 2021 15:41:41 GMT
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17337
forex_it_643.css
ws106.aimage.it/public/aichat/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:3000/public/aichat/css/forex_it_643.css
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/js/forex_it_643.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
ca3f0a171ff29e3664c8fc8ff0c456567ec4e5c89c817022b6f05b4d52effeab

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:41 GMT
ETag
W/"7fc-17c9e6ffeeb"
Last-Modified
Wed, 20 Oct 2021 16:01:52 GMT
X-Powered-By
Express
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2044
/
ws106.aimage.it/ Frame 4321 		504 B
645 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:8000/?wid=8EvgGI9mmdTYH2DhnlZ0&template=aichat
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/js/forex_it_643.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/
Resource Hash
da22371ab28a5d4973c13de5733ba89a186a6822cfda83c380c47f01952c92f0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/

Response headers

content-type
text/html; charset=utf-8
content-length
504
Date
Sun, 16 Jan 2022 19:46:41 GMT
Connection
keep-alive
css
fonts.googleapis.com/ 		24 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic&subset=latin
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/css/forex_it_643.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1bf5b1b16e02956377f2b4a2dda9eea5c5a4d1488137b2be48b3abc6b354090d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:3000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 16 Jan 2022 19:45:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 16 Jan 2022 19:46:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 16 Jan 2022 19:46:41 GMT
event
sslwidget.criteo.com/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sslwidget.criteo.com/event?a=36418&v=5.8.1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Dvp%26p%3D1&p3=e%3Dvb%26p%3D%255Bi%25253D1%252526pr%25253D1%252526q%25253D1%255D&p4=e%3Ddis&adce=1&bundle=X1iMNV9yUXQxb0xWR2UwSERIcm5Mb2FPNlhTekprZW80ayUyRlFmUVBMZUVXTFpqa3M5NDdxTCUyQmZUWWc4cGtoJTJCNUJTclhSUlA0M0xzNWR2N0VXZ1dQODRmb3FDMjVLUEhPQU96cCUyQk9VVXRnaG1LNUh0b0wxeTN3T2gzYjlyWTRibHBpQkhHYzJsRExuaElHdk5jMnpVOUtUSSUyQlVRJTNEJTNE&tld=fxhomeonline.com&dtycbr=67675
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
6e52f5fea2aea30f8ae86cac7f94933aec4ce0e7aa0419f0a827e843f8206fb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://fxhomeonline.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:41 GMT
content-type
application/x-javascript
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
18429103
timing-allow-origin
*
expires
0
bluebird.min.js
cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.0/ Frame 4321 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.0/bluebird.min.js
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:8000/?wid=8EvgGI9mmdTYH2DhnlZ0&template=aichat
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
018bbef55fcc5eb93ec213cfe2476924f1c662a29938cb5cc08fa55996e9324f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7613130
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
20760
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:06:35 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d8b-1406b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dsFFakkPbi1ITj%2BCRV9%2B276F9Wreq3XVr%2B0exPNOdzmxEvbtzJwcfdL%2BufIyJlsO%2BnPBTteE64Rfn87JRy6rsqlOYG%2BrtF3zP8NnZALthE2wTX4ZZSwSq%2BN0RLy2wABKqQ22SnaKDcf0PDRZrX7Zrgg6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ce9d9f57c3ef91f-MXP
expires
Fri, 06 Jan 2023 19:46:42 GMT
socket.io.js
cdnjs.cloudflare.com/ajax/libs/socket.io/2.2.0/ Frame 4321 		61 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/socket.io/2.2.0/socket.io.js
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:8000/?wid=8EvgGI9mmdTYH2DhnlZ0&template=aichat
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cabe1f464fc65357a16093c0b3c3f82654e0bb41ddb29e192abc7c6c31030b72
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3888618
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
16810
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:16:21 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fd5-f3d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AlaqXprEEiSuGSs8KoYyMS%2FCb0Y5cTeIrH5Yvttnge5UZkMukv4Mv0n6iQz59os5Nqaus7MUTO4rcBYu4IA%2BACIre602Eo28oUuXNre7RnQCrtO8JagkPH9KhS6SiGAcIOxRP%2F2qtqKmTwntXndkaiyN"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ce9d9f57c38f91f-MXP
expires
Fri, 06 Jan 2023 19:46:42 GMT
widget.js
ws106.aimage.it/public/aichat/js/ Frame 4321 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:3000/public/aichat/js/widget.js?q=123
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:8000/?wid=8EvgGI9mmdTYH2DhnlZ0&template=aichat
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
a0f3c4d6c9f5bf95f171989d6426c35471a77c7504e345fba93203319b7cad42

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:42 GMT
ETag
W/"2b28-17434f28595"
Last-Modified
Fri, 28 Aug 2020 12:02:23 GMT
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11048
sweetalert2.min.css
cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/ Frame 4321 		26 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.min.css
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/js/widget.js?q=123
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcf5643b6fa65252aa13ac202955d4e568789b1def9dc1c0c4b11da57af3886a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7072923
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
3723
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:12:01 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ed1-69d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o1WYudsZU4FTNvRD7jjJyfobxZztYrIDbmwofJnbV217Dsd4ktG1ZudEj95Y0efDpBOWefzLHfQ%2BsLmAPhp%2BzzoMEkDg2y5apoBI0w4xhy65LVQJe0HQRsm9nnSp7JVtVZxUxpzznota8TAADp7qKnbc"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ce9d9f69e2bf91f-MXP
expires
Fri, 06 Jan 2023 19:46:42 GMT
forex_it_643_chatbot.css
ws106.aimage.it/public/aichat/css/ Frame 4321 		55 KB
55 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:3000/public/aichat/css/forex_it_643_chatbot.css
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/js/widget.js?q=123
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
36e0c8e647a3ece0a42efc4aadc7d944fad0da062e6b30f5a6eb2c9a09ab6fd9

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:42 GMT
ETag
W/"dba8-17cc70e116f"
Last-Modified
Thu, 28 Oct 2021 13:19:20 GMT
X-Powered-By
Express
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
56232
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ Frame 4321 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/js/widget.js?q=123
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 15 Jan 2022 11:55:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
114666
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 15 Jan 2023 11:55:36 GMT
cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame C690
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1IM3RKOUwxQVpmWFd6UkJrOW56bkRKaE9RRUdwMVI1OVNTNXBRZw
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay1IM3RKOUwxQVpmWFd6UkJrOW56bkRKaE9RRUdwMVI1OVNTNXBRZw&google_tc=
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
43 B
369 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Protocol
H2
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:42 GMT
content-type
image/gif
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
266146
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:42 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
279
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie-sync
sync.outbrain.com/ Frame C690 		0
476 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-KGGKYb1AZfXWzRBk9nznDJhOQEGeNggyAq4SVA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.31 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:42 GMT
Cache-Control
no-cache
X-TraceId
f2cae2730fbea27ab6cc96ebda6d7603
Content-Length
0
tap.php
pixel.rubiconproject.com/ Frame C690 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-qm32zb1AZfXWzRBk9nznDJhOQEHPPWUoGOL_og&expires=30
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
704c1e4d3fcc922a3031d436b584678b
Content-Type
image/gif
/
rtb-csync.smartadserver.com/redir/ Frame C690 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-sP3A9b1AZfXWzRBk9nznDJhOQEF-FRILBowvQQ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.142 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
transfer-encoding
chunked
content-type
image/gif
bounce
secure.adnxs.com/ Frame C690
Redirect Chain
  • https://secure.adnxs.com/setuid?entity=52&code=k-H_FQc71AZfXWzRBk9nznDJhOQEHThHinTvq85w&seg=130915
  • https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-H_FQc71AZfXWzRBk9nznDJhOQEHThHinTvq85w%26seg%3D130915
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-H_FQc71AZfXWzRBk9nznDJhOQEHThHinTvq85w%26seg%3D130915
Protocol
HTTP/1.1
Server
37.252.173.27 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 16 Jan 2022 19:46:42 GMT
X-Proxy-Origin
192.145.127.218; 192.145.127.218; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
e325bb6d-8e08-440b-936f-fa31aec9feb3
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 16 Jan 2022 19:46:42 GMT
X-Proxy-Origin
192.145.127.218; 192.145.127.218; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
513f1c24-2504-43fd-9c6f-df8a7da5c1b4
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-H_FQc71AZfXWzRBk9nznDJhOQEHThHinTvq85w%26seg%3D130915
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
ads.yahoo.com/cms/ Frame C690 		0
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block
sync
ups.analytics.yahoo.com/ups/58301/ Frame C690
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k--F5p-71AZfXWzRBk9nznDJhOQEHXLngka5ir-w
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k--F5p-71AZfXWzRBk9nznDJhOQEHXLngka5ir-w&verify=true
0
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k--F5p-71AZfXWzRBk9nznDJhOQEHXLngka5ir-w&verify=true
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k--F5p-71AZfXWzRBk9nznDJhOQEHXLngka5ir-w&verify=true
date
Sun, 16 Jan 2022 19:46:42 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
match
ad.360yield.com/ul_cb/ Frame C690
Redirect Chain
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-S3c-Ur1AZfXWzRBk9nznDJhOQEHFkDmoSd2E0w
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-S3c-Ur1AZfXWzRBk9nznDJhOQEHFkDmoSd2E0w
43 B
446 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-S3c-Ur1AZfXWzRBk9nznDJhOQEHFkDmoSd2E0w
Protocol
H2
Server
3.251.21.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-251-21-8.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 16 Jan 2022 19:46:42 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-S3c-Ur1AZfXWzRBk9nznDJhOQEHFkDmoSd2E0w
date
Sun, 16 Jan 2022 19:46:42 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pug
simage2.pubmatic.com/AdServer/ Frame C690 		42 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI0NTMmdGw9NDMyMDA=&piggybackCookie=uid:k-vj1oXL1AZfXWzRBk9nznDJhOQEGCTZ764e76gg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:43 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug020:0:333
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
rum
r.casalemedia.com/ Frame C690
Redirect Chain
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-8tN-Kr1AZfXWzRBk9nznDJhOQEGEmMdrcZMeFg
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-8tN-Kr1AZfXWzRBk9nznDJhOQEGEmMdrcZMeFg&C=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-8tN-Kr1AZfXWzRBk9nznDJhOQEGEmMdrcZMeFg&C=1
Protocol
HTTP/1.1
Server
72.247.225.98 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-225-98.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 16 Jan 2022 19:46:43 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sun, 16 Jan 2022 19:46:43 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 16 Jan 2022 19:46:43 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-8tN-Kr1AZfXWzRBk9nznDJhOQEGEmMdrcZMeFg&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
296
Expires
Sun, 16 Jan 2022 19:46:43 GMT
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame C690 		0
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-WQkq2b1AZfXWzRBk9nznDJhOQEHJAqotkf8shQ
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
69416
pixel
cm.adform.net/ Frame C690 		43 B
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-AlaeAr1AZfXWzRBk9nznDJhOQEEUUprLlC-wsg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
last-modified
Thu, 28 Jul 2016 13:28:52 GMT
server
nginx
accept-ranges
bytes
etag
"579a0894-2b"
content-length
43
content-type
image/gif
um
criteo-sync.teads.tv/ Frame C690 		23 B
172 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://criteo-sync.teads.tv/um?eid=80&uid=k-xxwuVL1AZfXWzRBk9nznDJhOQEHEsxOVUaYBBA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:43 GMT
cache-control
max-age=0, no-cache, no-store
expires
Sun, 16 Jan 2022 19:46:43 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif
xuid
eb2.3lift.com/ Frame C690
Redirect Chain
  • https://eb2.3lift.com/xuid?mid=2711&xuid=k-2AZSX71AZfXWzRBk9nznDJhOQEF9edxo_AJOyg&dongle=013b
  • https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-2AZSX71AZfXWzRBk9nznDJhOQEF9edxo_AJOyg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
37 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-2AZSX71AZfXWzRBk9nznDJhOQEF9edxo_AJOyg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
/xuid?ld=1&mid=2711&xuid=k-2AZSX71AZfXWzRBk9nznDJhOQEF9edxo_AJOyg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
date
Sun, 16 Jan 2022 19:46:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
x.bidswitch.net/ul_cb/ Frame C690
Redirect Chain
  • https://x.bidswitch.net/sync?dsp_id=46&user_id=k-m7Mitr1AZfXWzRBk9nznDJhOQEEryvWGIFJOHw&expires=30
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-m7Mitr1AZfXWzRBk9nznDJhOQEEryvWGIFJOHw&expires=30
43 B
495 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-m7Mitr1AZfXWzRBk9nznDJhOQEEryvWGIFJOHw&expires=30
Protocol
HTTP/1.1
Server
3.124.83.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-83-68.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:43 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-m7Mitr1AZfXWzRBk9nznDJhOQEEryvWGIFJOHw&expires=30
Date
Sun, 16 Jan 2022 19:46:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/ Frame C690 		45 B
785 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-wzd8Z71AZfXWzRBk9nznDJhOQEGoSwXrGNl9qA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.107.160.24 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-107-160-24.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Sun, 16 Jan 2022 19:46:43 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Sun, 16 Jan 2022 19:46:43 GMT
v1
match.sharethrough.com/sync/ Frame C690 		68 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-dCmIVb1AZfXWzRBk9nznDJhOQEF3YnzxGNRnJw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.27.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-27-23.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:43 GMT
content-length
68
content-type
image/png
sync
visitor.omnitagjs.com/visitor/ Frame C690 		49 B
236 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-SXAI2L1AZfXWzRBk9nznDJhOQEEJvVwJSpCNxQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.152 Paris, France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:42 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
21
content-length
49
expires
0
empty.gif
cdn.stickyadstv.com/one-shot/ Frame C690
Redirect Chain
  • https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-KIgTsL1AZfXWzRBk9nznDJhOQEF9xv-ADRlUmg&redirectId=69
  • https://cdn.stickyadstv.com/one-shot/empty.gif?
43 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.stickyadstv.com/one-shot/empty.gif?
Protocol
HTTP/1.1
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:43 GMT
Last-Modified
Thu, 28 Feb 2013 15:45:35 GMT
ETag
"1362066335"
X-HW
1642362403.dop006.ml1.t,1642362403.cds023.ml1.shn,1642362403.cds023.ml1.c
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=7200
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
43

Redirect headers

Pragma
no-cache
Date
Sun, 16 Jan 2022 19:46:43 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://cdn.stickyadstv.com/one-shot/empty.gif?
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1642362403268002-411
Expires
Sun, 16 Jan 2022 19:46:43 GMT
sync
ups.analytics.yahoo.com/ups/55945/ Frame C690
Redirect Chain
  • https://pixel.advertising.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1
  • https://pixel.advertising.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1&verify=true
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0
0
615 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:43 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-4NfcH71AZfXWzRBk9nznDJhOQEH-rTQin31ijw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0
date
Sun, 16 Jan 2022 19:46:43 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
matching.ivitrack.com/ Frame C690 		42 B
242 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://matching.ivitrack.com/sync?realm=criteo&uid=k-nNv-GL1AZfXWzRBk9nznDJhOQEF3uUTZBi91nw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.243.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.243.186.35.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
via
1.1 google
x-envoy-decorator-operation
tag-manager.programmatic.svc.cluster.local:3000/*
server
istio-envoy
content-type
image/gif
cache-control
public, max-age=86400
x-envoy-upstream-service-time
0
alt-svc
clear
content-length
42
sd
us-u.openx.net/w/1.0/ Frame C690 		43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072953&val=k-tJVpH71AZfXWzRBk9nznDJhOQEFDjrrScLsATA&c=us
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/17.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:43 GMT
via
1.1 google
server
OXGW/17.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
/
s.ad.smaato.net/c/ Frame C690 		0
240 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-hVm2Vb1AZfXWzRBk9nznDJhOQEENrcIicXZ92w
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:4a00:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:43 GMT
via
1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
server
CloudFront
cache-control
no-cache, must-revalidate
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
3KDv5I7Qi2YjfuC6m5YeN8uVxFEZLhhCNr1-DOpiop5OuJYZb9WlRA==
x-cache
FunctionGeneratedResponse from cloudfront
28292
i6.liadm.com/s/ Frame C690
Redirect Chain
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ&_li_chk=true&previous_uuid=d4d16c45e35a4041a94e9a5633a59b00
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ
43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ
Protocol
HTTP/1.1
Server
2600:1f18:444a:4680:5b76:7408:bdd4:1592 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:44 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
2ef1820ee9c543de
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-nHCzq71AZfXWzRBk9nznDJhOQEFdyEB-EV2GTQ
Date
Sun, 16 Jan 2022 19:46:43 GMT
Connection
keep-alive
trace-id
a9db9f08ac00a463
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
c.gif
c.bing.com/ Frame C690 		42 B
590 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?Red3=CTOMS_pd&cbid=k-Ndxn171AZfXWzRBk9nznDJhOQEEoQCt_7SPAPQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:42 GMT
etag
"9ea1ae3587d81:0"
last-modified
Wed, 12 Jan 2022 02:05:35 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 6E07333B7E8A42439A629F4FF2670DB7 Ref B: FRAEDGE1313 Ref C: 2022-01-16T19:46:43Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
spp.pl
sp.analytics.yahoo.com/ Frame C690 		43 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=438726
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:43 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
43
referrer-policy
strict-origin-when-cross-origin
expires
Sun, 16 Jan 2022 19:46:43 GMT
css
fonts.googleapis.com/ Frame 4321 		24 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic&subset=latin
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/css/forex_it_643_chatbot.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1bf5b1b16e02956377f2b4a2dda9eea5c5a4d1488137b2be48b3abc6b354090d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:3000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 16 Jan 2022 19:46:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 16 Jan 2022 19:46:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 16 Jan 2022 19:46:42 GMT
sweetalert2.all.min.js
cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/ Frame 4321 		63 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/7.33.1/sweetalert2.all.min.js
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/js/widget.js?q=123
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41fc609fd8d42de18075b69e0e35de221641dd16ba3422b776f8f0006f18fb15
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2754204
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
13778
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:12:01 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ed1-fdaf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=llpmGqNGqdob%2FEeuBQXfu4p9qIgu2%2FqQgLlVu7Yjw%2BI234EDJw%2Bj%2F7WqlJrXTumpVuguHl%2BcvDXzzLfLDYwQAfd4h0JsLUlNokMErjWDnFPqpKlNBVr1iIaqUYO1%2BAmr3ZyM0m2fMC0cJXPEfb6l58dR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ce9d9f85922f91f-MXP
expires
Fri, 06 Jan 2023 19:46:42 GMT
v1
ads.yahoo.com/cms/ Frame C690 		0
19 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?esig=1~fa63d183df77c65a03eac82806b701b9c4f726b8&nwid=10000892938&sigv=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:42 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame C690
Redirect Chain
  • https://secure.adnxs.com/seg?add=130915&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
  • https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2949048862102104078
43 B
370 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2949048862102104078
Protocol
H2
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:42 GMT
content-type
image/gif
server
Kestrel
strict-transport-security
max-age=31536000; preload;
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2810268
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 16 Jan 2022 19:46:43 GMT
X-Proxy-Origin
192.145.127.218; 192.145.127.218; 539.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
e01c0a95-4495-4075-be6d-27a9b0e07013
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=2949048862102104078
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
forex_it_643_chatbot.js
ws106.aimage.it/public/aichat/js/ Frame 4321 		22 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:3000/public/aichat/js/forex_it_643_chatbot.js
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/js/widget.js?q=123
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
5169a1fabef666de8401a05c187dbb9f252760007ee84cd0a8b0bc9cf366989e

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:42 GMT
ETag
W/"577a-171a70142e8"
Last-Modified
Thu, 23 Apr 2020 12:26:49 GMT
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22394
gateway_01
ws106.aimage.it/ Frame 4321 		43 B
463 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/gateway_01
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ PHP 5.3.0
Resource Hash
17a050dcb8622f471f53677c6f108a9160127ea9c05aa5f71f44950b300ca4f7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://ws106.aimage.it:8000/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
X-Powered-By
PHP 5.3.0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
Date
Sun, 16 Jan 2022 19:46:42 GMT
Connection
keep-alive
X-DNS-Prefetch-Control
off
content-length
43
X-XSS-Protection
1; mode=block
sabrina.png
ws106.aimage.it/public/assets/immagini/ Frame 4321 		114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ws106.aimage.it:3000/public/assets/immagini/sabrina.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
9bb9cc116f1bcac774499e28f49c81fd171619cc782b534811a0054a0cdc05c5

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ws106.aimage.it:8000/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:42 GMT
ETag
W/"1c766-1717cd05ad7"
Last-Modified
Wed, 15 Apr 2020 07:49:21 GMT
X-Powered-By
Express
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
116582
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 4321 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300,300italic,400italic,500,500italic,700,700italic,900,900italic&subset=latin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://ws106.aimage.it:8000
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 11 Jan 2022 14:02:00 GMT
x-content-type-options
nosniff
age
452683
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 11 Jan 2023 14:02:00 GMT
Material-Design-Iconic-Font.woff2
ws106.aimage.it/public/chatbot/css/fonts/ Frame 4321 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:3000/public/chatbot/css/fonts/Material-Design-Iconic-Font.woff2?v=2.2.0
Requested by
Host: ws106.aimage.it
URL: https://ws106.aimage.it:3000/public/aichat/css/forex_it_643_chatbot.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ Express
Resource Hash
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c

Request headers

Referer
https://ws106.aimage.it:3000/public/aichat/css/forex_it_643_chatbot.css
Origin
https://ws106.aimage.it:8000
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Sun, 16 Jan 2022 19:46:43 GMT
ETag
W/"95f0-1717cd05997"
Last-Modified
Wed, 15 Apr 2020 07:49:21 GMT
X-Powered-By
Express
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
38384
gateway_01
ws106.aimage.it/ Frame 4321 		314 B
735 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/gateway_01
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ PHP 5.3.0
Resource Hash
e821a901fcb5bb575d901606802cb836ae1ae75543241304372caf40f56f1f8c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://ws106.aimage.it:8000/
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uSWQiOiI0ZmU0M2YxZi0wNGIyLTQ3ZjgtYTBiNy1mNDEyZWMzNDdkNTUiLCJpYXQiOjE2NDIzNjI0MDF9.2YB00sdxV8brrKdTSLDQAEKilpvF36GvhvqkPT8z-mI
Accept-Language
it-IT,it;q=0.9
User-ip
192.145.127.218
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
X-Powered-By
PHP 5.3.0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
Date
Sun, 16 Jan 2022 19:46:43 GMT
Connection
keep-alive
X-DNS-Prefetch-Control
off
content-length
314
X-XSS-Protection
1; mode=block
gateway_01
ws106.aimage.it/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/gateway_01
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,user-ip
Origin
https://ws106.aimage.it:8000
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
authorization,content-type,user-ip
content-length
0
Date
Sun, 16 Jan 2022 19:46:42 GMT
Connection
keep-alive
sync
ups.analytics.yahoo.com/ups/55945/ Frame C690
Redirect Chain
  • https://pixel.advertising.com/ups/55945/sync?uid=k-1Z5K6r1AZfXWzRBk9nznDJhOQEFafKDxSBo7Uw&_origin=1
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-1Z5K6r1AZfXWzRBk9nznDJhOQEFafKDxSBo7Uw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0
0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-1Z5K6r1AZfXWzRBk9nznDJhOQEFafKDxSBo7Uw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0
Protocol
H2
Server
3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sun, 16 Jan 2022 19:46:43 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-1Z5K6r1AZfXWzRBk9nznDJhOQEFafKDxSBo7Uw&_origin=1&apid=UP07cfbf7d-7705-11ec-a09f-068051b0dac0
date
Sun, 16 Jan 2022 19:46:43 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
spp.pl
sp.analytics.yahoo.com/ Frame C690 		43 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=438726
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 16 Jan 2022 19:46:43 GMT
x-content-type-options
nosniff
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security
max-age=31536000
accept-ranges
bytes
content-length
43
referrer-policy
strict-origin-when-cross-origin
expires
Sun, 16 Jan 2022 19:46:43 GMT
gateway_01
ws106.aimage.it/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/gateway_01
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,user-ip
Origin
https://ws106.aimage.it:8000
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
authorization,content-type,user-ip
content-length
0
Date
Sun, 16 Jan 2022 19:46:44 GMT
Connection
keep-alive
gateway_01
ws106.aimage.it/ Frame 4321 		308 B
729 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/gateway_01
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/ PHP 5.3.0
Resource Hash
a36423860254be0ad8af0a77eaff2399da6b06ac533d286cf764467abcc72287
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://ws106.aimage.it:8000/
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uSWQiOiI0ZmU0M2YxZi0wNGIyLTQ3ZjgtYTBiNy1mNDEyZWMzNDdkNTUiLCJpYXQiOjE2NDIzNjI0MDF9.2YB00sdxV8brrKdTSLDQAEKilpvF36GvhvqkPT8z-mI
Accept-Language
it-IT,it;q=0.9
User-ip
192.145.127.218
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
X-Powered-By
PHP 5.3.0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
Date
Sun, 16 Jan 2022 19:46:44 GMT
Connection
keep-alive
X-DNS-Prefetch-Control
off
content-length
308
X-XSS-Protection
1; mode=block
gateway_01
ws106.aimage.it/ Frame 4321 		0
0
gateway_01
ws106.aimage.it/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws106.aimage.it:4000/gateway_01
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.255.74.106 , Italy, ASN20746 (ASN-IDC T.NO.OM.I.NC, IT),
Reverse DNS
pettenasco.espotter.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
authorization,content-type,user-ip
Origin
https://ws106.aimage.it:8000
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

access-control-allow-origin
*
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
vary
Access-Control-Request-Headers
access-control-allow-headers
authorization,content-type,user-ip
content-length
0
Date
Sun, 16 Jan 2022 19:46:44 GMT
Connection
keep-alive

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ws106.aimage.it
URL
https://ws106.aimage.it:4000/gateway_01

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onsecuritypolicyviolation object| onslotchange string| EdiscomObject function| ed string| GoogleAnalyticsObject function| ga object| criteo_q object| ljs object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| P function| chatbot_forex_it_643_go function| chatbot_forex_it_643_refresh object| aimage

40 Cookies

Domain/Path Name / Value
i.liadm.com/s Name: _li_ss
Value: MgkI_____wcQrhE
.fxhomeonline.com/ Name: _ga
Value: GA1.2.1413601510.1642362401
.fxhomeonline.com/ Name: _gid
Value: GA1.2.2140052450.1642362401
.fxhomeonline.com/ Name: _gat
Value: 1
.criteo.com/ Name: uid
Value: 63b23d6a-eb81-478c-a85b-916e664c90c9
.fxhomeonline.com/ Name: cto_bundle
Value: X1iMNV9yUXQxb0xWR2UwSERIcm5Mb2FPNlhTekprZW80ayUyRlFmUVBMZUVXTFpqa3M5NDdxTCUyQmZUWWc4cGtoJTJCNUJTclhSUlA0M0xzNWR2N0VXZ1dQODRmb3FDMjVLUEhPQU96cCUyQk9VVXRnaG1LNUh0b0wxeTN3T2gzYjlyWTRibHBpQkhHYzJsRExuaElHdk5jMnpVOUtUSSUyQlVRJTNEJTNE
.adnxs.com/ Name: uuid2
Value: 2949048862102104078
.yahoo.com/ Name: A3
Value: d=AQABBCJ25GECEF4msiJ0Vu4iKtKuZktbguYFEgEBAQHH5WHuYQAAAAAA_eMAAA&S=AQAAAoS-0aiR95F1Mp8NXbwKr7M
.360yield.com/ Name: tuuid
Value: 2d7ed03b-f8d6-4fa8-b625-dd7de434063c
.360yield.com/ Name: tuuid_lu
Value: 1642362402
.doubleclick.net/ Name: IDE
Value: AHWqTUmOADLe5BOdDZIk5VzbRrjQCKCPEBgl3qGgJdXtwTiNF1L_XVjtgYdTF7jdaPQ
.taboola.com/ Name: t_gid
Value: de3caaef-b782-4af7-9592-7f3712cecfbf-tuct8ddfba2
.3lift.com/ Name: tluid
Value: 16544243788387606297
.360yield.com/ Name: um
Value: !38,jQ6GBdrzg86jDYiTfwkGPrPKvv6iXOp-Kq9w0q8Cr.uS5smlqEOrJ5IfaFrT14GH0mCdb0Yd,1650138402
.360yield.com/ Name: umeh
Value: !38,0,1704570402,-1
.outbrain.com/ Name: obuid
Value: 607f3edf-bccb-47e9-a58d-a8f4ee0d2322
.outbrain.com/ Name: criteo
Value: k-KGGKYb1AZfXWzRBk9nznDJhOQEGeNggyAq4SVA
.bidswitch.net/ Name: tuuid
Value: 5d4354ef-223c-4f80-9a9f-c4f74c51d340
.bidswitch.net/ Name: c
Value: 1642362402
.sharethrough.com/ Name: stx_user_id
Value: ad2df562-44f2-4c17-bf59-235c98105c24
.pubmatic.com/ Name: PUBMDCID
Value: 3
.bidswitch.net/ Name: tuuid_lu
Value: 1642362403
.media.net/ Name: visitor-id
Value: 2853640036092212000V10
.media.net/ Name: data-c-ts
Value: 1642362403
.media.net/ Name: data-c
Value: k-wzd8Z71AZfXWzRBk9nznDJhOQEGoSwXrGNl9qA~~3
.casalemedia.com/ Name: CMID
Value: YeR2IzdfClf2CsyG58brdQAA
.casalemedia.com/ Name: CMPS
Value: 240
.advertising.com/ Name: APID
Value: UP07cfbf7d-7705-11ec-a09f-068051b0dac0
.adnxs.com/ Name: anj
Value: dTM7k!M4/rD>6NRF']wIg2E?aet?<.!fsuh*q8SWo5i@?nrTu!ts`k#=O#mSR*X!9^9t@r`epjuJ:MIF'x:MQfriFv%VrY83N.+GtSdTxVkq*^9Rkfl9RrTqBRi+4
.casalemedia.com/ Name: CMPRO
Value: 314
.casalemedia.com/ Name: CMRUM3
Value: 1461e476232760k-8tN-Kr1AZfXWzRBk9nznDJhOQEGEmMdrcZMeFg
.casalemedia.com/ Name: CMST
Value: YeR2I2HkdiMA
.analytics.yahoo.com/ Name: IDSYNC
Value: "18zh~22p7:1761~22p7"
.yahoo.com/ Name: APID
Value: UP07cfbf7d-7705-11ec-a09f-068051b0dac0
.yahoo.com/ Name: APIDTS
Value: 1642362403
ads.stickyadstv.com/ Name: UID
Value: ade6b627b8ef554b89b7f6c4c75ef9da
ads.stickyadstv.com/ Name: uid-bp-11554
Value: k-KIgTsL1AZfXWzRBk9nznDJhOQEF9xv-ADRlUmg
ads.stickyadstv.com/ Name: sessionId
Value: 23c778b746d8d7a925bdb262758d59ce
.bing.com/ Name: MUID
Value: 21029159107A6ABA11D0807711A86B6A
.liadm.com/ Name: lidid
Value: d4d16c45-e35a-4041-a94e-9a5633a59b00

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ads.stickyadstv.com
ads.yahoo.com
ajax.googleapis.com
c.bing.com
cdn.jsdelivr.net
cdn.stickyadstv.com
cdnjs.cloudflare.com
cm.adform.net
cm.g.doubleclick.net
contextual.media.net
criteo-sync.teads.tv
dis.criteo.com
eb2.3lift.com
espotter.org
f00.it
fonts.googleapis.com
fonts.gstatic.com
fxhomeonline.com
gum.criteo.com
i.liadm.com
i6.liadm.com
match.sharethrough.com
matching.ivitrack.com
mug.criteo.com
pixel.advertising.com
pixel.rubiconproject.com
r.casalemedia.com
rtb-csync.smartadserver.com
s.ad.smaato.net
secure.adnxs.com
simage2.pubmatic.com
sp.analytics.yahoo.com
sslwidget.criteo.com
static.criteo.net
sync-t1.taboola.com
sync.outbrain.com
ups.analytics.yahoo.com
us-u.openx.net
visitor.omnitagjs.com
ws106.aimage.it
www.google-analytics.com
x.bidswitch.net
ws106.aimage.it
104.107.160.24
104.111.242.245
13.248.245.213
141.226.228.48
142.250.74.194
144.76.15.13
178.250.0.163
178.250.2.146
178.255.74.102
178.255.74.106
178.255.74.134
185.255.84.152
185.64.190.80
185.86.138.142
2001:4de0:ac19::1:b:3a
212.82.100.181
23.59.71.246
2600:1f18:444a:4680:5b76:7408:bdd4:1592
2600:9000:2156:4a00:1b:5138:8a40:93a1
2606:4700::6810:135e
2606:4700::6810:5814
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:810::200e
2a00:1450:4001:828::2003
2a00:1450:4001:828::200a
2a00:1450:4001:82f::200a
2a02:2638::1c
2a02:2638::3
3.124.83.68
3.126.56.137
3.251.21.8
3.67.159.101
34.98.64.218
35.157.27.23
35.186.243.160
37.157.2.234
37.252.173.27
54.234.50.35
64.202.112.31
69.173.144.139
72.247.225.98
018bbef55fcc5eb93ec213cfe2476924f1c662a29938cb5cc08fa55996e9324f
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
133be2ab152b1c9f408e9a597430361539cf3b8255a0a92f8a8a8a885e079702
17a050dcb8622f471f53677c6f108a9160127ea9c05aa5f71f44950b300ca4f7
1bf5b1b16e02956377f2b4a2dda9eea5c5a4d1488137b2be48b3abc6b354090d
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
354513eab4159b48e6801940c765c82519a5dfc32549f61d68fa1c53fea92360
36e0c8e647a3ece0a42efc4aadc7d944fad0da062e6b30f5a6eb2c9a09ab6fd9
3abc509fefbe46858de5cd0687281f4856dc2ad79f455ab1d29335cfc08fc8b7
41fc609fd8d42de18075b69e0e35de221641dd16ba3422b776f8f0006f18fb15
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4758ffc00e2d3413aece1a57fc3e89b9709202312386d57eb74b5c198cf6800e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
5169a1fabef666de8401a05c187dbb9f252760007ee84cd0a8b0bc9cf366989e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5725ecfcd0aff94a2a0b6ba43fe4754726e2c187970941fe8bf9147c98162518
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
6d226b1a0f6101748320bb13b45c818868d9cc4dec9c48ce34e239148cb9b184
6e52f5fea2aea30f8ae86cac7f94933aec4ce0e7aa0419f0a827e843f8206fb3
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ce6c823da2b2ac9f074649e1ed78b24a91acb5795f02e4081f1f91243c2d0c6
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9bb9cc116f1bcac774499e28f49c81fd171619cc782b534811a0054a0cdc05c5
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0f3c4d6c9f5bf95f171989d6426c35471a77c7504e345fba93203319b7cad42
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a36423860254be0ad8af0a77eaff2399da6b06ac533d286cf764467abcc72287
a749642f801b2dfd677c15b4a2fec05cfdca4fd0d1c8a1d8aec8d4295d27b52c
afa83d7a2472182d887468617755fbcf5e9a4d9b4d911774106c44147230675f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c50311b2394644b6565bd5393d56864c7619e81accb9d7eb81e9fdb312633006
ca3f0a171ff29e3664c8fc8ff0c456567ec4e5c89c817022b6f05b4d52effeab
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cabe1f464fc65357a16093c0b3c3f82654e0bb41ddb29e192abc7c6c31030b72
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
da22371ab28a5d4973c13de5733ba89a186a6822cfda83c380c47f01952c92f0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e821a901fcb5bb575d901606802cb836ae1ae75543241304372caf40f56f1f8c
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb2b9378b8b3b5d05f353e4e725309d2eae8046e750eccb0575ea9e096e4a8ba
fcf5643b6fa65252aa13ac202955d4e568789b1def9dc1c0c4b11da57af3886a