blessedbydonuts.com Open in urlscan Pro
2a06:98c1:3121::c Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://rgyk.info/GdXAV
Effective URL:
https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=17...
Submission: On February 18 via manual (February 18th 2023, 6:52:20 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 16 HTTP transactions. The main IP is 2a06:98c1:3121::c, located in United States and belongs to CLOUDFLARENET, US. The main domain is blessedbydonuts.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 14th 2023. Valid for: a year.

This is the only time blessedbydonuts.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3034::6815:16b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:303... 2606:4700:3032::ac43:9332	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2a06:98c1:312... 2a06:98c1:3121::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400d:80e::200a	15169 (GOOGLE) (GOOGLE)
16	4

1 2606:4700:3034::6815:16b7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

rgyk.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3032::ac43:9332 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

wherethewindtakesme.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a06:98c1:3121::c (United States)

ASN13335 (CLOUDFLARENET, US)

blessedbydonuts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	blessedbydonuts.com blessedbydonuts.com	488 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 196	91 KB
3	wherethewindtakesme.org 1 redirects wherethewindtakesme.org	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43
1	rgyk.info 1 redirects rgyk.info	1017 B
16	5

	Domain	Requested by
9	blessedbydonuts.com	blessedbydonuts.com
4	cdnjs.cloudflare.com	blessedbydonuts.com
3	wherethewindtakesme.org	1 redirects wherethewindtakesme.org
1	fonts.googleapis.com	blessedbydonuts.com
1	rgyk.info	1 redirects
16	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-23` - `2023-06-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Frame ID: CBFDDCA33455B132D6CF7F8FCD955141
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Personal Health/Injury Claim Support

Page URL History Show full URLs

http://rgyk.info/GdXAV HTTP 302
https://wherethewindtakesme.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule... Page URL
https://wherethewindtakesme.org/index.php?flux_mrurl=68747470733a2f2f776865726574686577696e6474616b65736d652... HTTP 307
https://wherethewindtakesme.org/go/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198... Page URL
https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

582 kB
Transfer

826 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://rgyk.info/GdXAV HTTP 302
https://wherethewindtakesme.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule_id=43625&message_id=130085&firstname=Maher&surname=Mista&city=&token=1716292708&ss=570&class=orange&su=721455&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&phone=9165442699 Page URL
https://wherethewindtakesme.org/index.php?flux_mrurl=68747470733a2f2f776865726574686577696e6474616b65736d652e6f72672f676f2f7765656b6c2f322f696e6465782e68746d6c3f73657373696f6e3d613664353762643935376165306331323166633263646265393833633865363826666c7578663d3137393731393835373835393332313139373526666c757866666e3d31373937313939323034333639303034323336266666646f6d61696e3d776865726574686577696e6474616b65736d652e6f72672663617465676f72793d546573742666697273746e616d653d4d61686572267375726e616d653d4d6973746126636974793d26656d61696c3d2670686f6e653d393136353434323639392663697479623d4672616e6b66757274253230416d2532304d61696e266578747261313d2674743d51585933786b6e5472736b6d42757567477969796e39684c6b7a6776487379495855596c4e71455a5347494437576e39432d72716b7041346c6d4c4a466c646a&flux_mrcntr=1 HTTP 307
https://wherethewindtakesme.org/go/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt%20Am%20Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68 Page URL
https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://rgyk.info/GdXAV HTTP 302
https://wherethewindtakesme.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule_id=43625&message_id=130085&firstname=Maher&surname=Mista&city=&token=1716292708&ss=570&class=orange&su=721455&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&phone=9165442699

Request Chain 1

https://wherethewindtakesme.org/index.php?flux_mrurl=68747470733a2f2f776865726574686577696e6474616b65736d652e6f72672f676f2f7765656b6c2f322f696e6465782e68746d6c3f73657373696f6e3d613664353762643935376165306331323166633263646265393833633865363826666c7578663d3137393731393835373835393332313139373526666c757866666e3d31373937313939323034333639303034323336266666646f6d61696e3d776865726574686577696e6474616b65736d652e6f72672663617465676f72793d546573742666697273746e616d653d4d61686572267375726e616d653d4d6973746126636974793d26656d61696c3d2670686f6e653d393136353434323639392663697479623d4672616e6b66757274253230416d2532304d61696e266578747261313d2674743d51585933786b6e5472736b6d42757567477969796e39684c6b7a6776487379495855596c4e71455a5347494437576e39432d72716b7041346c6d4c4a466c646a&flux_mrcntr=1 HTTP 307
https://wherethewindtakesme.org/go/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt%20Am%20Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
wherethewindtakesme.org/
Redirect Chain

http://rgyk.info/GdXAV
https://wherethewindtakesme.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule_id=43625&message_id=130085&firstname=Maher&surname=Mista&city=&token=1716292708&ss=570&c...

2 KB
1 KB

218ms
137ms

Document
text/html

2606:4700:3032::ac43:9332
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wherethewindtakesme.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule_id=43625&message_id=130085&firstname=Maher&surname=Mista&city=&token=1716292708&ss=570&class=orange&su=721455&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&phone=9165442699
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9332 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 79b8f573189a367b-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 18 Feb 2023 18:52:15 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="This is not a P3P policy"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hAF63QVgDeLHrSiHH7cfTsGP2XTBbuuvL%2FHSGP9wHvQgvhDsc86%2FzCHSfEE1SJ%2BzKaZIT0xPXtSMRtk8XcVeS2HSq%2BbsF4coJyCkra0SsmdALgvoVNJ10LB0SK4ntUlRhD0AXmts%2BAo8v5DXSXtQedL02EqFlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.3.27
x-robots-tag: noindex, noarchive, nofollow

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 79b8f571de563672-FRA
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Date: Sat, 18 Feb 2023 18:52:15 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5sgntXoLxAYXnOwuqKx42mfym%2BrT1%2B9DFCTK8kVLbVJBSCmTGxLpOdkoSawY7R6p7I0RBfSR4HcqQHF%2B8YRHKIXjwBq3i8roL6rOGubyn39EEFbBj8M2gHCiHN%2FG5lgx9LzJG1Ouv1s%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
location: https://WhereTheWindTakesMe.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule_id=43625&message_id=130085&firstname=Maher&surname=Mista&city=&token=1716292708&ss=570&class=orange&su=721455&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&phone=9165442699
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3

200

index.html
wherethewindtakesme.org/go/weekl/2/
Redirect Chain

https://wherethewindtakesme.org/index.php?flux_mrurl=68747470733a2f2f776865726574686577696e6474616b65736d652e6f72672f676f2f7765656b6c2f322f696e6465782e68746d6c3f73657373696f6e3d61366435376264393537...
https://wherethewindtakesme.org/go/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&f...

1 KB
1 KB

101ms
98ms

Document
text/html

2606:4700:3032::ac43:9332
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wherethewindtakesme.org/go/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt%20Am%20Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Requested by: Host: wherethewindtakesme.org
URL: https://wherethewindtakesme.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule_id=43625&message_id=130085&firstname=Maher&surname=Mista&city=&token=1716292708&ss=570&class=orange&su=721455&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&phone=9165442699
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:9332 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.27
Resource Hash

Request headers

Referer: https://wherethewindtakesme.org/?flux_fts=tcactaolcolaxqttacletqzotoqilzptxloqaot9847e&link_id=5354&schedule_id=43625&message_id=130085&firstname=Maher&surname=Mista&city=&token=1716292708&ss=570&class=orange&su=721455&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&phone=9165442699
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 79b8f574b9b59217-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 18 Feb 2023 18:52:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tA6jZofevib%2FTZj8o8ymF%2F4DkAIBL2IQKiwDsrdoQcps1OijgrALuP6D3DOiOIjaZJrMfm2VeK2DUkgajxIGMqh1DRsfas%2FVTcC7iB1otfsgG1gxkus3bgCDMTJ%2B1sN4VY2QWOI6ud9e27UDrVyqiiAiCRmlIA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.3.27

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 79b8f5742a95367b-FRA
content-type: text/html; charset=utf-8
date: Sat, 18 Feb 2023 18:52:15 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://wherethewindtakesme.org/go/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt%20Am%20Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="This is not a P3P policy"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJ7zIVmh8AckZYk6HxomOcMLrczcV9INATD%2BP5HVa5RJEBjynXxJd8hNhGPWgwscakDeWrQUrcPFindT9cp8sfxcKGOjyc0oqeB%2F8qt123aXSKw%2F1GlrL0TPK0zmJ8qCBVUD4uK0%2BcT9E04K6avQ1tFbVUylRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.3.27
x-robots-tag: noindex, noarchive, nofollow

GET
H2 200 Primary Request index.html Show response
blessedbydonuts.com/weekl/2/ 10 KB
2 KB 266ms
37ms Document
text/html 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f9006bec18f89fccb53b7846b4850a44b0df633534d8bf3d1bfca90b6ec5d80

Request headers

Referer: https://wherethewindtakesme.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 79b8f576dc66371f-FRA
content-encoding: br
content-type: text/html
date: Sat, 18 Feb 2023 18:52:15 GMT
last-modified: Sat, 18 Feb 2023 12:40:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2F4rxl9hfek6AOErSKKxq%2BATsb3cMXcJDYnVLNVfwogbIYtg5K2MbEGkkcBN%2FcPjIU%2F6oThQU9YvALv%2BjG6dReJrBY2ats7IAaCUi1jmn5iTRYPXxq7lwD2laZj22zF%2BonkkuCmYJoUEqN8ByMOLQ0j"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 styles.css
blessedbydonuts.com/weekl/2/css/ 14 KB
4 KB 40ms
37ms Stylesheet
text/css 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blessedbydonuts.com/weekl/2/css/styles.css
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 486df5bfbbb4d08f967f15db097f46d72b23951f9db44d3edd0940c93e27669e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63f0c73b-3653"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wA2UupYJBVYB0QoWG9tJ1jFsXYSCU8vUDQMbdWpIP5jypQ23xGkdVDj7SUOa%2BLs1WgZ10xnwIP4%2BE%2FdSS2p4Y8ond9bHJoCAry2f0WlkDTOo0ZPgf4dLEN15YMfvKuSRpWQoAvYebs7OOPqkfKejwpdG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 79b8f5772ccd371f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/ 69 KB
25 KB 55ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.2/gsap.min.js

Requested by

Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06f66c7beb4164979a2bc183462dbbb4a148d374d6aca4dc0b0548d8aeae8387

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 334957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25107
last-modified: Tue, 27 Sep 2022 06:04:22 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63329266-6213"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9EEyHNahe19PoI8tVp9PvVNS0F36cYIxYi6HtI9rVCHOUdAOr3YVMDYyTOX9o380yNYNZT0i4XY4GU2gfCzCXQFLr%2FfoDBs%2BNdepbVB%2BxYjExyyJr6i9%2FfUmWCLSKF7w4YkVJKlhxPL77TB7f6bo0Lw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79b8f5776cf1694f-FRA
expires: Thu, 08 Feb 2024 18:52:15 GMT

GET
H2 200 swiper-bundle.min.js Show response
cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.2/ 140 KB
34 KB 59ms
17ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.2/swiper-bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b371923804cb98c5b848471f8b716055d223cd8c331bc2bd21ce87a1767dfa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2565468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34580
last-modified: Fri, 16 Sep 2022 01:37:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6323d347-8714"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmMkH404IfVinWMbY5akCkQPIaUT7UGt7ESF8lt8IkFSvft7xzJPtVfSFImLVWwU8%2FZa%2FFC1bbcN0BI3emDv2Es3hk22GQyvIZR07AMdFuiah%2Bjz0z4Gtp3MdfY0miXONvTSJPibgjekSyqkNPX6ItqY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79b8f5776cef694f-FRA
expires: Thu, 08 Feb 2024 18:52:15 GMT

GET
H2 200 swiper-bundle.css
cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.2/ 19 KB
4 KB 57ms
15ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.2/swiper-bundle.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d54bb44558b70147d4a4b996ee7492e685004d837d0ac66a10a723f774133941

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 7339190
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4226
last-modified: Fri, 16 Sep 2022 01:37:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6323d347-1082"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U5RTRkzNuL%2BRsDw0NKFF4wcR6095EllBGbkVUXb5jfFh25J552%2FhuTsvbncUZ1uasAPFMZcc4wQZ3iZoe5nylAPLGDykkbLu5M2%2B8jW4LcbbRLGKs%2FWBgpXZVNC6RBjRNcQ5f6CGAavJRTfkdbsrf8D2"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79b8f5776ced694f-FRA
expires: Thu, 08 Feb 2024 18:52:15 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 13ms
12ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 341076
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAIR4Dnax7RA7uodSShke%2FB9wSUM5yBtaVOcdFLAt7yqH9KSxPcT2jCGF2bUW44vKc2HxHI%2BXSNu8LYF1rb4GMFDjutM1E3UR1ifR24lVPKdL0OpgdnUYtVgMSglR3Pcm2zQeGeNIx5EpQx%2FIcKsGQa%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79b8f5779d23694f-FRA
expires: Thu, 08 Feb 2024 18:52:15 GMT

GET
H3 200 txt.js Show response
blessedbydonuts.com/weekl/2/js/ 4 KB
2 KB 38ms
37ms Script
application/javascript 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blessedbydonuts.com/weekl/2/js/txt.js
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d53f2d6df3aa9662991d58ed517f08bbb9223086570704fb3bf1a8a856bff97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:15 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63f0c73d-e64"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bHyJFDGO1g52K416mwWMBOjOG7JIFLFRBxsDm%2BZpJeJGKk0XjZ6FxcXbDV%2Fcx0tMqX0d4wBBXKcx5wvK2ce6uWhvKn1UNdbJ4fQpuqzk%2BnjQQ798UiXoNLshVTXxJTzr7CqlvEQbqkTaKwqDtLol%2B7VT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 79b8f577b8992bad-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 main.js Show response
blessedbydonuts.com/weekl/2/js/ 4 KB
2 KB 48ms
48ms Script
application/javascript 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://blessedbydonuts.com/weekl/2/js/main.js
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 662ff94c53a80cce49db19677678ab53acad35109af705c190c5370b5c7635a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:16 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63f0c73d-e84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KeBoD7iP2UIF0x5jh%2BF91kNsH6jp%2F%2BlHQQtfYm8%2BFNr1ft4OD%2F7nfgb7e4IXtF53j7LA9GN38GwZxL9KTRmIsFxWR8W%2FJP9l5g5JU%2FYnfqUsb%2BgL9fu8wgqg%2Bw0YCDC0m6%2FICqF8P1E1EgvidbaNGfhq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 79b8f577f8f62bad-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo.png
blessedbydonuts.com/weekl/2/img/ 646 B
1 KB 64ms
50ms Image
image/png 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blessedbydonuts.com/weekl/2/img/logo.png
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e171100ff43ace83cce53df4aafe553e5ee84712e13cce88aef5f33cee775980

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:16 GMT
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "63f0c73c-286"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxT3%2BTBsr7xCIqsTUoOAirxjggx70uVMA4OiMm1WpxF4EShV%2BsO304aZJzhMGI2UXq5i8dUoJlvCUV%2BU0usT28d6zFq1mG4yDsRZaZJJR%2F1O8D2Fi4E6bGrbyxu%2BPnGaCEDMx%2FIwtSRGI921F6g27rEk"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79b8f57879b02bad-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 646

GET
H3 200 mainImg.png
blessedbydonuts.com/weekl/2/img/ 414 KB
415 KB 47ms
37ms Image
image/png 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blessedbydonuts.com/weekl/2/img/mainImg.png
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5884bedb3a54e04eb42a12890381fba73cd69243fb6e79644400c67c071fa48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:16 GMT
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "63f0c73c-679b0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HEOW%2FaV1dsCmYrm%2BoNy10m2ZsJv0QyiGaLFqYFCIwRpT054kxRww1WNg%2FsU3p2YWZDGD4dt5l18AoJsxtKEkwlp58o6%2BulnQ2rTSm8226ZMdO7y8RvnwGSHkbtyrfb%2F1%2F9dygk7Ko2nqj98eWfpw73oN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79b8f578ba162bad-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 424368

GET
H3 200 sign.png
blessedbydonuts.com/weekl/2/img/ 899 B
1 KB 45ms
34ms Image
image/png 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blessedbydonuts.com/weekl/2/img/sign.png
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5f6298528aa56761ac0f30c4a3f8289730b2976b8f64c74c64d2a02c1966c6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:16 GMT
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "63f0c73c-383"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gXpC36Y8SeDp50GTvXu%2FbTZVDFXtNk3VBxLEm0cJiLdRQmPL1pQ5EDBW71P4XPJqhiU%2BkM%2BKBMeIOUOM3r%2BDMXf24pC9sefS12jUafBNkg00cjxT1jVdnQ6N%2B%2F%2F9YxOeQhBn7yc4W%2F6pOZRiG0QnrZU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79b8f578ba192bad-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 899

GET
H3 200 bot.png
blessedbydonuts.com/weekl/2/img/ 3 KB
4 KB 43ms
33ms Image
image/png 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blessedbydonuts.com/weekl/2/img/bot.png
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2deab007424b4ae3c119bdb4ab0354c0552ce49ae2cc3739a7d15283f557b20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/index.html?session=a6d57bd957ae0c121fc2cdbe983c8e68&fluxf=1797198578593211975&fluxffn=1797199204369004236&ffdomain=wherethewindtakesme.org&category=Test&firstname=Maher&surname=Mista&city=&email=&phone=9165442699&cityb=Frankfurt+Am+Main&extra1=&tt=QXY3xknTrskmBuugGyiyn9hLkzgvHsyIXUYlNqEZSGID7Wn9C-rqkpA4lmLJFldj&flux_sess=a6d57bd957ae0c121fc2cdbe983c8e68
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:16 GMT
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "63f0c73c-d6d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGnD5ByrapD9FKoKx9TCK5cRybf2vsQvzbm2n%2FPM2yA8zpQn816gqMqR8nhRPj%2FEY93wnfJ62lN44uZJjTNwMq17dEgWlz592q8SgnZMfijyTgrR1vrBQw0FjXLln2725LL%2Bf%2BN75aNZD%2F9bbDlsdPPY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79b8f578ba1a2bad-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3437

GET
H2 400 css2
fonts.googleapis.com/ 0
0 197ms
78ms Stylesheet
text/html 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.googleapis.com/css2?family=DM+Serif+Display:wght@600&family=Lato:wght@400;400&family=Montserrat:wght@400;500;600;700;800&display=swap
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/css/styles.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 bg.jpg
blessedbydonuts.com/weekl/2/img/ 57 KB
58 KB 42ms
40ms Image
image/jpeg 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blessedbydonuts.com/weekl/2/img/bg.jpg
Requested by: Host: blessedbydonuts.com
URL: https://blessedbydonuts.com/weekl/2/css/styles.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4a556e47374bdaa613345df4f5bafc17e341c3525e9ac9b491ee399f88af045

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blessedbydonuts.com/weekl/2/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 18:52:16 GMT
cf-cache-status: HIT
last-modified: Sat, 18 Feb 2023 12:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "63f0c73c-e45d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kBtKz6L%2F70e1mWOB%2FlYQX2gOjeXkQb%2BMPvBXXJfDWokquT%2BtkKpK4TTEAGv%2F1BNWupzGrxYugYXsCbm%2Ft8%2BQBGgXquoaPzoI0jETNSse%2FrsciaO5ZOlKdj8qJoJUv628SWt1vddWHYcixdaIxdeqiV8P"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 79b8f578ca2d2bad-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58461

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			wherethewindtakesme.org/	1970-01-20 09:47:12	Name: PHPSESSID Value: a6d57bd957ae0c121fc2cdbe983c8e68
			wherethewindtakesme.org/	1970-01-20 18:31:22	Name: csid3 Value: a6d57bd957ae0c121fc2cdbe983c8e68

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fonts.googleapis.com/css2?family=DM+Serif+Display:wght@600&family=Lato:wght@400;400&family=Montserrat:wght@400;500;600;700;800&display=swap Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blessedbydonuts.com
cdnjs.cloudflare.com
fonts.googleapis.com
rgyk.info
wherethewindtakesme.org
2606:4700:3032::ac43:9332
2606:4700:3034::6815:16b7
2606:4700::6811:180e
2a00:1450:400d:80e::200a
2a06:98c1:3121::c
06f66c7beb4164979a2bc183462dbbb4a148d374d6aca4dc0b0548d8aeae8387
2d53f2d6df3aa9662991d58ed517f08bbb9223086570704fb3bf1a8a856bff97
486df5bfbbb4d08f967f15db097f46d72b23951f9db44d3edd0940c93e27669e
4b371923804cb98c5b848471f8b716055d223cd8c331bc2bd21ce87a1767dfa9
662ff94c53a80cce49db19677678ab53acad35109af705c190c5370b5c7635a1
8f9006bec18f89fccb53b7846b4850a44b0df633534d8bf3d1bfca90b6ec5d80
b5f6298528aa56761ac0f30c4a3f8289730b2976b8f64c74c64d2a02c1966c6f
d54bb44558b70147d4a4b996ee7492e685004d837d0ac66a10a723f774133941
e171100ff43ace83cce53df4aafe553e5ee84712e13cce88aef5f33cee775980
e2deab007424b4ae3c119bdb4ab0354c0552ce49ae2cc3739a7d15283f557b20
e4a556e47374bdaa613345df4f5bafc17e341c3525e9ac9b491ee399f88af045
f5884bedb3a54e04eb42a12890381fba73cd69243fb6e79644400c67c071fa48
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

blessedbydonuts.com Open in urlscan Pro 2a06:98c1:3121::c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

582 kBTransfer

826 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

blessedbydonuts.com Open in urlscan Pro
2a06:98c1:3121::c Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

582 kB
Transfer

826 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions